encryption
encryption
Tools for performing envelope encryption on GCP.
Functions
Name | Description |
---|---|
decrypt_data | Decrypt a data frame with the provided key. |
decrypt_dek | Decrypt a data encryption key using an asymmetric key held on KMS. |
encrypt_data | Encrypt a data frame. |
encrypt_dek | Encrypt the data encryption key. |
decrypt_data
encryption.decrypt_data(encrypted, key)
Decrypt a data frame with the provided key.
Parameters
Name | Type | Description | Default |
---|---|---|---|
encrypted |
bytes | Data to be decrypted. | required |
key |
bytes | Key used to encrypt the data. | required |
Returns
Type | Description |
---|---|
pandas.pandas.DataFrame | Decrypted data frame. |
decrypt_dek
encryption.decrypt_dek(encrypted, party, location='global', version=1, **kwargs)
Decrypt a data encryption key using an asymmetric key held on KMS.
Owing to the nature of the encryption key set-up of pprl this function is only really to be used in the GCP Confidential Space set up by the linkage administrator.
Parameters
Name | Type | Description | Default |
---|---|---|---|
encrypted |
bytes | Key to be decrypted. | required |
party |
str | Name of the party whose key we are decrypting. | required |
location |
str | Location of the keyring on which the key lives. | 'global' |
version |
int | str | Version of the asymmetric key to get from GCP. Default is 1. | 1 |
**kwargs |
dict | Keyword arguments to pass when creating an instance of google.cloud.kms.KeyManagementServiceClient . |
{} |
Returns
Type | Description |
---|---|
bytes | Decrypted data encryption key. |
encrypt_data
encryption.encrypt_data(data, key=None)
Encrypt a data frame.
Parameters
Name | Type | Description | Default |
---|---|---|---|
data |
pandas.pandas.DataFrame | Dataframe to encrypt. | required |
key |
bytes | Fernet key to encrypt data frame. If not specified, create one. | None |
Returns
Type | Description |
---|---|
bytes | Encrypted data frame. |
bytes | Fernet key used to encrypt data frame. |
encrypt_dek
encryption.encrypt_dek(dek, party, location='global', version=1, **kwargs)
Encrypt the data encryption key.
We encrypt the data encryption key using the public key portion of an asymmetric key retrieved from the GCP Key Management Service.
Parameters
Name | Type | Description | Default |
---|---|---|---|
dek |
bytes | Data encryption key to be encrypted. | required |
party |
str | Name of the party. | required |
location |
str | Location of the keyring on which the key lives. | 'global' |
version |
int | str | Version of the asymmetric key to get from GCP. Default is 1. | 1 |
**kwargs |
dict | Keyword arguments to pass when creating an instance of google.cloud.kms.KeyManagementServiceClient . |
{} |
Returns
Type | Description |
---|---|
bytes | Encrypted data encryption key. |