SoftwareEd25519SecureKeyHandler

class cometa.key_handler.software_ed25519_secure_key_handler.SoftwareEd25519SecureKeyHandler(encrypted_data, get_passphrase)[source]

Bases: Ed25519SecureKeyHandler

A software-based implementation of a secure key handler for single Ed25519 keys.

This class securely manages a single private key by encrypting it with a passphrase. The passphrase is provided on-demand via a callback, and the decrypted key material only exists in memory for the brief moment it’s needed for an operation, after which it is securely wiped.

Example

>>> def get_passphrase():
...     return b"my-secure-passphrase"
>>> private_key = Ed25519PrivateKey.from_extended_hex("...")
>>> handler = SoftwareEd25519SecureKeyHandler.from_ed25519_key(
...     private_key=private_key,
...     passphrase=b"my-secure-passphrase",
...     get_passphrase=get_passphrase
... )
>>> public_key = handler.get_public_key()
Parameters:

  • encrypted_data (bytes)

  • get_passphrase (Callable[[], bytes])

classmethod from_ed25519_key(private_key, passphrase, get_passphrase)[source]

Creates a new Ed25519-based key handler from a raw private key and a passphrase.

Parameters:

  • private_key (Ed25519PrivateKey) – The raw Ed25519 private key.

  • passphrase (bytes) – The passphrase to initially encrypt the key.

  • get_passphrase (Callable[[], bytes]) – An function called when the passphrase is needed for cryptographic operations.

Returns:

A new instance of the key handler.

Return type:

SoftwareEd25519SecureKeyHandler

Warning

For security, consider zeroing out the passphrase buffer after calling this function if it is a mutable bytearray.

classmethod deserialize(data, get_passphrase)[source]

Deserializes an encrypted Ed25519 key handler from a byte array.

The binary format is: [ 4-byte magic | 1-byte version | 1-byte type | 4-byte data_len | data | 4-byte crc32 checksum ]

Parameters:

  • data (bytes) – The serialized and encrypted key data.

  • get_passphrase (Callable[[], bytes]) – An function called when the passphrase is needed.

Returns:

A new instance of the key handler.

Raises:

ValueError – If the data is invalid or corrupted.

Return type:

SoftwareEd25519SecureKeyHandler

serialize()[source]

Serializes the encrypted key data for secure storage into a binary format.

The binary format is: [ 4-byte magic | 1-byte version | 1-byte type | 4-byte data_len | data | 4-byte crc32 checksum ]

Returns:

The serialized and encrypted key data.

Return type:

bytes

sign_transaction(transaction)[source]

Signs a transaction using the securely stored Ed25519 private key.

Parameters:

transaction (Transaction) – The transaction to sign.

Returns:

A VkeyWitnessSet containing the signature.

Return type:

VkeyWitnessSet

Note

During this operation, the private key is temporarily decrypted in memory and then securely wiped immediately after use.

sign_data(data)[source]

Signs arbitrary data using the securely stored Ed25519 private key.

Parameters:

data (str) – The hex-encoded data to be signed.

Returns:

A dict with ‘signature’ and ‘key’ (public key) as hex strings.

Return type:

dict[str, str]

get_private_key()[source]

Retrieves the securely stored private key.

Returns:

The Ed25519PrivateKey.

Return type:

Ed25519PrivateKey

Warning

This operation exposes the private key in memory and should be used with extreme caution. The caller is responsible for securely handling and wiping the key from memory after use.

get_public_key()[source]

Retrieves the public key corresponding to the securely stored private key.

Returns:

The corresponding Ed25519PublicKey.

Return type:

Ed25519PublicKey

Note

This operation requires the private key, which is temporarily decrypted in memory and then securely wiped immediately after use.