xq package

Subpackages

Submodules

xq.config module

xq.config.configure_env(dotenv_path=None)

Module contents

class xq.XQ(api_key=None, dashboard_api_key=None, locator_key=None)

Bases: object

decrypt_file(encryptedText: str | bytes | bytearray | BinaryIO, key: bytes | str | None = None, algorithm: str | None = None, out_file: str | PathLike | BinaryIO | None = None, chunk_size: int = 1048576) → bytes | str | None: Decrypt a given file/path/bytes. - algorithm: None → infer from key prefix (.B/.1/.2) - out_file: path/handle → write there; else return bytes.

decrypt_message(encryptedText: bytes, key: bytes, algorithm: {'OTP': <class 'xq.algorithms.otp_encryption.OTPEncryption'>, 'AES': <class 'xq.algorithms.aes_encryption.AESEncryption'>, 'GCM': <class 'xq.algorithms.aes_encryption.AESEncryption'>, 'CTR': <class 'xq.algorithms.aes_encryption.AESEncryption'>} = 'OTP')

decrypt a previoulsy encrypted string

Parameters:

encryptedText (bytes) – encrypted text to decrypt
key (bytes) – encryption key used to encrypt/decrypt
algorithm (Algorithms) – algorithm used to encrypt/decrypt
nonce (bytearray) – nonce provided from original encryption

Returns:

decrypted text

Return type:

str

encrypt_file(fileObj: str | ~typing.BinaryIO | bytes | bytearray, key: bytes | str, algorithm: {'OTP': <class 'xq.algorithms.otp_encryption.OTPEncryption'>, 'AES': <class 'xq.algorithms.aes_encryption.AESEncryption'>, 'GCM': <class 'xq.algorithms.aes_encryption.AESEncryption'>, 'CTR': <class 'xq.algorithms.aes_encryption.AESEncryption'>} = 'OTP', recipients: ~typing.List[str] | None = None, expires_hours: int = 24, out_file: str | ~os.PathLike | ~typing.BinaryIO | None = None, chunk_size: int = 1048576) → bytearray | str | None

Encrypt the contents of a given file/path/bytes.

Behavior: - GCM/OTP: returns bytes (outer header + body). out_file is ignored. - CTR:

If out_file is provided: streams to out_file, returns None.

If out_file is None: returns bytes (in-memory).

Parameters:

fileObj – path (str), file-like object, or bytes/bytearray
key – encryption key (bytes or str)
algorithm – “OTP”, “GCM”, or “CTR”
recipients – who can retrieve the key packet
expires_hours – packet expiry
out_file – optional writable binary file-like to stream CTR output into
chunk_size – chunk size for CTR streaming

Returns:

encrypted payload or None (when CTR+out_file)

encrypt_message(text: str, key: bytes, algorithm: {'OTP': <class 'xq.algorithms.otp_encryption.OTPEncryption'>, 'AES': <class 'xq.algorithms.aes_encryption.AESEncryption'>, 'GCM': <class 'xq.algorithms.aes_encryption.AESEncryption'>, 'CTR': <class 'xq.algorithms.aes_encryption.AESEncryption'>} = 'OTP', recipients: ~typing.List[str] | None = None)

encrypt a string

Parameters:

text (str) – string to encrypt
key (bytes, defaults to None) – encryption key to use to encrypted text
algorithm (Algorithms, defaults to OTP) – the encryption algorithm to use

Returns:

ciphertext

Return type:

bytes

expand_key(data: bytes, key: bytes) → bytes

expand a key to the size of the text to be encrypted

Parameters:

data (bytes) – data you are going to encrypt
key (bytes, defaults to None) – encryption key you were going to utilize to encrypt the data

Returns:

expanded key to utilize for encryption

Return type:

bytes

generate_key_from_entropy()

helper method for automatically requesting entropy and shuffling key

Returns:: generated encryption key from entropy
Return type:: bytes

parse_file_for_decrypt(input_data)

Parse the XQ outer header and return: (locator:str, name_encrypted:bytes, content_source)

If input_data is file-like: reads only the header, then rewinds the handle

to position 0 and returns the same handle as content_source. - If input_data is bytes/bytearray: parses in-place and returns the original bytes as content_source.

Header layout: [0:4] token_size+version (LE uint32), token_size=43 [4:47] locator (43 bytes, utf-8) [..] name_size (LE uint32) [..] name_encrypted (name_size bytes) [..] scheme (1 byte if version>0) body starts after header