Emip3
- cometa.cryptography.emip3.emip3_encrypt(data, passphrase)[source]
Encrypts data using the EMIP-003 standard encryption format.
EMIP-003 provides a standardized encryption scheme for sensitive data like cryptographic keys, suitable for secure storage on disk.
The encryption uses: - PBKDF2 with HMAC-SHA512 for key derivation (19,162 iterations) - ChaCha20Poly1305 for authenticated encryption - Random 32-byte salt and 12-byte nonce
Output format: salt (32 bytes) + nonce (12 bytes) + MAC (16 bytes) + ciphertext
- Parameters:
data (bytes | bytearray) – The raw data to encrypt.
passphrase (bytes | bytearray | str) – The passphrase for key derivation.
- Returns:
The encrypted data with salt, nonce, and MAC prepended.
- Raises:
CardanoError – If encryption fails.
- Return type:
bytes
Example
>>> encrypted = emip3_encrypt(b"secret data", b"my-passphrase") >>> len(encrypted) > len(b"secret data") True
See also
EMIP-003: https://github.com/Emurgo/EmIPs/blob/master/specs/emip-003.md
- cometa.cryptography.emip3.emip3_decrypt(encrypted_data, passphrase)[source]
Decrypts data that was encrypted using EMIP-003 format.
- Parameters:
encrypted_data (bytes | bytearray) – The encrypted data (including salt, nonce, and MAC).
passphrase (bytes | bytearray | str) – The passphrase used during encryption.
- Returns:
The original decrypted data.
- Raises:
CardanoError – If decryption fails (wrong passphrase, corrupted data, etc.).
- Return type:
bytes
Example
>>> encrypted = emip3_encrypt(b"secret data", b"my-passphrase") >>> decrypted = emip3_decrypt(encrypted, b"my-passphrase") >>> decrypted b'secret data'
See also
EMIP-003: https://github.com/Emurgo/EmIPs/blob/master/specs/emip-003.md