RPA.Crypto

module RPA.Crypto

class RPA.Crypto.Crypto

Library for common encryption and hashing operations.

It uses the Fernet format for encryption. More specifically, it uses AES in CBC mode with a 128-bit key for encryption and HMAC with SHA256 for authentication.

To use the encryption features, generate a key with the command line utility rpa-crypto or with the keyword Generate Key. Store the key in a secure place, such as Robocorp Vault, and load it within the execution before calling encryption/decryption keywords.

Example usage with Robocorp Vault

Create an encryption key with the CLI utility:

> rpa-crypto key rGx1edA07yz7uD08ChiPSunn8vaauRxw0pAbsal9zjM=

Store the key in Robocorp Vault, in this case with the name EncryptionKey.

Load the key from the vault before encryption operations:

In another task, this same key can be used to decrypt the file:

variable ROBOT_LIBRARY_DOC_FORMAT

ROBOT_LIBRARY_DOC_FORMAT = 'REST'

variable ROBOT_LIBRARY_SCOPE

ROBOT_LIBRARY_SCOPE = 'GLOBAL'

method decrypt_file

decrypt_file(path: str, output: Optional[str] = None)

Decrypt a file.

Parameters
  • path โ€“ Path to encrypted input file
  • output โ€“ Path to decrypted output file
  • Returns: Path to the decrypted file

If no output path is given, it will generate one from the input path. The resulting output path is returned.

method decrypt_string

decrypt_string(data: Union[bytes, str], encoding: str = 'utf-8')

Decrypt a string.

Parameters
  • data โ€“ Encrypted data as base64 string
  • encoding โ€“ Original encoding of string
  • Returns: Decrypted string or raw bytes, if None given as encoding

Returns the decrypted string that is parsed with the given encoding, or if the encoding is None the raw bytes are returned.

method encrypt_file

encrypt_file(path: str, output: Optional[str] = None)

Encrypt a file.

Parameters
  • path โ€“ Path to source input file
  • output โ€“ Path to encrypted output file
  • Returns: Path to the encrypted file

If no output path is given, it will generate one from the input path. The resulting output path is returned.

method encrypt_string

encrypt_string(text: Union[bytes, str], encoding: str = 'utf-8')

Encrypt a string.

Parameters
  • text โ€“ Source text to encrypt
  • encoding โ€“ Used text encoding
  • Returns: Token of the encrypted string in bytes

method generate_key

generate_key()

Generate a Fernet encryption key as base64 string.

  • Returns: Generated key as a string

This key can be used for encryption/decryption operations with this library.

NOTE: Store the generated key in a secure place! If the key is lost, the encrypted data can not be recovered. If anyone else gains access to it, they can decrypt your data.

method hash_file

hash_file(path: str, method: Hash = Hash.SHA1)

Calculate a hash from a file, in base64 format.

Parameters
  • path โ€“ Path to file
  • method โ€“ The used hashing method
  • Returns: Hash digest of the file

method hash_string

hash_string(text: str, method: Hash = Hash.SHA1, encoding='utf-8')

Calculate a hash from a string, in base64 format.

Parameters
  • text โ€“ String to hash
  • method โ€“ Used hashing method
  • encoding โ€“ Used text encoding
  • Returns: Hash digest of the string

method use_encryption_key

use_encryption_key(key: str)

Set key for all following encryption/decryption operations.

  • Parameters: key โ€“ Encryption key as base64 string

Assumes the given key has been generated previously using either the keyword Generate Key or with the matching command line utility.

method use_encryption_key_from_vault

use_encryption_key_from_vault(name: str, key: Optional[str] = None)

Load an encryption key from Robocorp Vault.

Parameters
  • name โ€“ Name of secret in Vault
  • key โ€“ Name of encryption key in secret

If the secret only has one value, the key argument is optional.