aries_cloudagent.wallet package

Abstract and Indy wallet handling.

Subpackages

aries_cloudagent.wallet.models package
- Submodules
- aries_cloudagent.wallet.models.wallet_record module

Submodules

aries_cloudagent.wallet.askar module

aries_cloudagent.wallet.base module

Wallet base class.

class aries_cloudagent.wallet.base.BaseWallet[source]

Bases: abc.ABC

Abstract wallet interface.

abstract async create_local_did(method: aries_cloudagent.wallet.did_method.DIDMethod, key_type: aries_cloudagent.wallet.key_type.KeyType, seed: Optional[str] = None, did: Optional[str] = None, metadata: Optional[dict] = None) → aries_cloudagent.wallet.did_info.DIDInfo[source]

Create and store a new local DID.

Parameters

method – The method to use for the DID
key_type – The key type to use for the DID
seed – Optional seed to use for DID
did – The DID to use
metadata – Metadata to store with DID

Returns

The created DIDInfo

async create_public_did(method: aries_cloudagent.wallet.did_method.DIDMethod, key_type: aries_cloudagent.wallet.key_type.KeyType, seed: Optional[str] = None, did: Optional[str] = None, metadata: dict = {}) → aries_cloudagent.wallet.did_info.DIDInfo[source]

Create and store a new public DID.

Parameters

seed – Optional seed to use for DID
did – The DID to use
metadata – Metadata to store with DID

Returns

The created DIDInfo

abstract async create_signing_key(key_type: aries_cloudagent.wallet.key_type.KeyType, seed: Optional[str] = None, metadata: Optional[dict] = None) → aries_cloudagent.wallet.did_info.KeyInfo[source]

Create a new public/private signing keypair.

Parameters

key_type – Key type to create
seed – Optional seed allowing deterministic key creation
metadata – Optional metadata to store with the keypair

Returns

A KeyInfo representing the new record

abstract async get_local_did(did: str) → aries_cloudagent.wallet.did_info.DIDInfo[source]

Find info for a local DID.

Parameters: did – The DID for which to get info
Returns: A DIDInfo instance for the DID

abstract async get_local_did_for_verkey(verkey: str) → aries_cloudagent.wallet.did_info.DIDInfo[source]

Resolve a local DID from a verkey.

Parameters: verkey – Verkey for which to get DID info
Returns: A DIDInfo instance for the DID

abstract async get_local_dids() → Sequence[aries_cloudagent.wallet.did_info.DIDInfo][source]

Get list of defined local DIDs.

Returns: A list of DIDInfo instances

async get_posted_dids() → Sequence[aries_cloudagent.wallet.did_info.DIDInfo][source]

Get list of defined posted DIDs.

Returns: A list of DIDInfo instances

abstract async get_public_did() → aries_cloudagent.wallet.did_info.DIDInfo[source]

Retrieve the public DID.

Returns: The currently public DIDInfo, if any

abstract async get_signing_key(verkey: str) → aries_cloudagent.wallet.did_info.KeyInfo[source]

Fetch info for a signing keypair.

Parameters: verkey – The verification key of the keypair
Returns: A KeyInfo representing the keypair

abstract async pack_message(message: str, to_verkeys: Sequence[str], from_verkey: Optional[str] = None) → bytes[source]

Pack a message for one or more recipients.

Parameters

message – The message to pack
to_verkeys – The verkeys to pack the message for
from_verkey – The sender verkey

Returns

The packed message

abstract async replace_local_did_metadata(did: str, metadata: dict)[source]

Replace the metadata associated with a local DID.

Prefer set_did_endpoint() to set endpoint in metadata.

Parameters

did – DID for which to replace metadata
metadata – The new metadata

abstract async replace_signing_key_metadata(verkey: str, metadata: dict)[source]

Replace the metadata associated with a signing keypair.

Parameters

verkey – The verification key of the keypair
metadata – The new metadata to store

abstract async rotate_did_keypair_apply(did: str) → None[source]

Apply temporary keypair as main for DID that wallet owns.

Parameters

did – signing DID

Raises

WalletNotFoundError – if wallet does not own DID
WalletError – if wallet has not started key rotation

abstract async rotate_did_keypair_start(did: str, next_seed: Optional[str] = None) → str[source]

Begin key rotation for DID that wallet owns: generate new keypair.

Parameters

did – signing DID
next_seed – seed for incoming ed25519 key pair (default random)

Returns

The new verification key

Raises

WalletNotFoundError – if wallet does not own DID

async set_did_endpoint(did: str, endpoint: str, _ledger: aries_cloudagent.ledger.base.BaseLedger, endpoint_type: Optional[aries_cloudagent.ledger.endpoint_type.EndpointType] = None, write_ledger: bool = True, endorser_did: Optional[str] = None)[source]

Update the endpoint for a DID in the wallet, send to ledger if public or posted.

Parameters

did – DID for which to set endpoint
endpoint – the endpoint to set, None to clear
ledger – the ledger to which to send endpoint update if DID is public or posted
endpoint_type – the type of the endpoint/service. Only endpoint_type ‘endpoint’ affects local wallet

abstract async set_public_did(did: Union[str, aries_cloudagent.wallet.did_info.DIDInfo]) → aries_cloudagent.wallet.did_info.DIDInfo[source]

Assign the public DID.

Returns: The updated DIDInfo

abstract async sign_message(message: Union[List[bytes], bytes], from_verkey: str) → bytes[source]

Sign message(s) using the private key associated with a given verkey.

Parameters

message – The message(s) to sign
from_verkey – Sign using the private key related to this verkey

Returns

The signature

abstract async unpack_message(enc_message: bytes) → Tuple[str, str, str][source]

Unpack a message.

Parameters: enc_message – The encrypted message
Returns: (message, from_verkey, to_verkey)
Return type: A tuple

abstract async verify_message(message: Union[List[bytes], bytes], signature: bytes, from_verkey: str, key_type: aries_cloudagent.wallet.key_type.KeyType) → bool[source]

Verify a signature against the public key of the signer.

Parameters

message – The message to verify
signature – The signature to verify
from_verkey – Verkey to use in verification
key_type – The key type to derive the signature verification algorithm from

Returns

True if verified, else False

aries_cloudagent.wallet.bbs module

BBS+ crypto.

exception aries_cloudagent.wallet.bbs.BbsException(*args, error_code: Optional[str] = None, **kwargs)[source]

Bases: aries_cloudagent.core.error.BaseError

Base BBS exception.

aries_cloudagent.wallet.bbs.create_bls12381g2_keypair(seed: Optional[bytes] = None) → Tuple[bytes, bytes][source]

Create a public and private bls12381g2 keypair from a seed value.

Parameters: seed – Seed for keypair
Returns: A tuple of (public key, secret key)

aries_cloudagent.wallet.bbs.sign_messages_bls12381g2(messages: List[bytes], secret: bytes)[source]

Sign messages using a bls12381g2 private signing key.

Parameters

messages (List[bytes]) – The messages to sign
secret (bytes) – The private signing key

Returns

The signature

Return type

bytes

aries_cloudagent.wallet.bbs.verify_signed_messages_bls12381g2(messages: List[bytes], signature: bytes, public_key: bytes) → bool[source]

Verify an ed25519 signed message according to a public verification key.

Parameters

signed – The signed messages
public_key – The public key to use in verification

Returns

True if verified, else False

aries_cloudagent.wallet.crypto module

aries_cloudagent.wallet.did_info module

KeyInfo, DIDInfo.

class aries_cloudagent.wallet.did_info.DIDInfo(did, verkey, metadata, method, key_type)

Bases: tuple

property did: Alias for field number 0

property key_type: Alias for field number 4

property metadata: Alias for field number 2

property method: Alias for field number 3

property verkey: Alias for field number 1

class aries_cloudagent.wallet.did_info.KeyInfo(verkey, metadata, key_type)

Bases: tuple

property key_type: Alias for field number 2

property metadata: Alias for field number 1

property verkey: Alias for field number 0

aries_cloudagent.wallet.did_method module

Did method enum.

class aries_cloudagent.wallet.did_method.DIDMethod(value)[source]

Bases: enum.Enum

DID Method class specifying DID methods with supported key types.

KEY = DIDMethodSpec(method_name='key', supported_key_types=[<KeyType.ED25519: KeySpec(key_type='ed25519', multicodec_name='ed25519-pub', multicodec_prefix=b'\xed\x01')>, <KeyType.BLS12381G2: KeySpec(key_type='bls12381g2', multicodec_name='bls12_381-g2-pub', multicodec_prefix=b'\xeb\x01')>], supports_rotation=False)

SOV = DIDMethodSpec(method_name='sov', supported_key_types=[<KeyType.ED25519: KeySpec(key_type='ed25519', multicodec_name='ed25519-pub', multicodec_prefix=b'\xed\x01')>], supports_rotation=True)

classmethod from_did(did: str) → aries_cloudagent.wallet.did_method.DIDMethod[source]: Get DID method instance from the method name.

classmethod from_metadata(metadata: Mapping) → aries_cloudagent.wallet.did_method.DIDMethod[source]

Get DID method instance from metadata object.

Returns SOV if no metadata was found for backwards compatability.

classmethod from_method(method: str) → Optional[aries_cloudagent.wallet.did_method.DIDMethod][source]: Get DID method instance from the method name.

property method_name: str: Getter for did method name. e.g. sov or key.

property supported_key_types: List[aries_cloudagent.wallet.key_type.KeyType]: Getter for supported key types of method.

supports_key_type(key_type: aries_cloudagent.wallet.key_type.KeyType) → bool[source]: Check whether the current method supports the key type.

property supports_rotation: bool: Check whether the current method supports key rotation.

class aries_cloudagent.wallet.did_method.DIDMethodSpec(method_name, supported_key_types, supports_rotation)

Bases: tuple

property method_name: Alias for field number 0

property supported_key_types: Alias for field number 1

property supports_rotation: Alias for field number 2

aries_cloudagent.wallet.did_posture module

Ledger utilities.

class aries_cloudagent.wallet.did_posture.DIDPosture(value)[source]

Bases: enum.Enum

Enum for DID postures: public, posted but not public, or in wallet only.

POSTED = DIDPostureSpec(moniker='posted', ordinal=1, public=False, posted=True)

PUBLIC = DIDPostureSpec(moniker='public', ordinal=0, public=True, posted=True)

WALLET_ONLY = DIDPostureSpec(moniker='wallet_only', ordinal=2, public=False, posted=False)

static get(posture: Union[str, Mapping]) → aries_cloudagent.wallet.did_posture.DIDPosture[source]: Return enum instance corresponding to input string or DID metadata.

property metadata: Mapping: DID metadata for DID posture.

property moniker: str: Name for DID posture.

property ordinal: Mapping

public first, then posted and wallet-only.

Type: Ordinal for presentation

class aries_cloudagent.wallet.did_posture.DIDPostureSpec(moniker, ordinal, public, posted)

Bases: tuple

property moniker: Alias for field number 0

property ordinal: Alias for field number 1

property posted: Alias for field number 3

property public: Alias for field number 2

aries_cloudagent.wallet.error module

Wallet-related exceptions.

exception aries_cloudagent.wallet.error.WalletDuplicateError(*args, error_code: Optional[str] = None, **kwargs)[source]

Bases: aries_cloudagent.wallet.error.WalletError

Duplicate record exception.

exception aries_cloudagent.wallet.error.WalletError(*args, error_code: Optional[str] = None, **kwargs)[source]

Bases: aries_cloudagent.core.error.BaseError

General wallet exception.

exception aries_cloudagent.wallet.error.WalletNotFoundError(*args, error_code: Optional[str] = None, **kwargs)[source]

Bases: aries_cloudagent.wallet.error.WalletError

Record not found exception.

exception aries_cloudagent.wallet.error.WalletSettingsError(*args, error_code: Optional[str] = None, **kwargs)[source]

Bases: aries_cloudagent.wallet.error.WalletError

Invalid settings exception.

aries_cloudagent.wallet.in_memory module

aries_cloudagent.wallet.indy module

aries_cloudagent.wallet.key_pair module

Key pair storage manager.

class aries_cloudagent.wallet.key_pair.KeyPairStorageManager(store: aries_cloudagent.storage.base.BaseStorage)[source]

Bases: object

Key pair storage manager.

async delete_key_pair(verkey: str)[source]

Remove a previously-stored key pair record.

Raises: StorageNotFoundError – If the record is not found

async find_key_pairs(tag_query: Optional[Mapping] = None) → List[dict][source]: Find key pairs by tag query.

async get_key_pair(verkey: str) → dict[source]

Retrieve signing key pair from storage by verkey.

Parameters

storage (BaseStorage) – The storage to use for querying
verkey (str) – The verkey to query for

Raises

StorageDuplicateError – If more than one key pair is found for this verkey
StorageNotFoundError – If no key pair is found for this verkey

Returns: dict: The key pair data

async store_key_pair(public_key: bytes, secret_key: bytes, key_type: aries_cloudagent.wallet.key_type.KeyType, metadata: dict = {}, tags: dict = {})[source]

Store signing key pair in storage.

Parameters

public_key (bytes) – The public key
secret_key (bytes) – The secret key
key_type (KeyType) – The key type
metadata (dict, optional) – The metadata
tags (dict, optional) – The tags.

async update_key_pair_metadata(verkey: str, metadata: dict)[source]

Update the metadata of a key pair record by verkey.

Raises: StorageNotFoundError – If the record is not found.

aries_cloudagent.wallet.key_type module

Key type enum.

class aries_cloudagent.wallet.key_type.KeySpec(key_type, multicodec_name, multicodec_prefix)

Bases: tuple

property key_type: Alias for field number 0

property multicodec_name: Alias for field number 1

property multicodec_prefix: Alias for field number 2

class aries_cloudagent.wallet.key_type.KeyType(value)[source]

Bases: enum.Enum

KeyType Enum specifying key types with multicodec name.

BLS12381G1 = KeySpec(key_type='bls12381g1', multicodec_name='bls12_381-g1-pub', multicodec_prefix=b'\xea\x01')

BLS12381G1G2 = KeySpec(key_type='bls12381g1g2', multicodec_name='bls12_381-g1g2-pub', multicodec_prefix=b'\xee\x01')

BLS12381G2 = KeySpec(key_type='bls12381g2', multicodec_name='bls12_381-g2-pub', multicodec_prefix=b'\xeb\x01')

ED25519 = KeySpec(key_type='ed25519', multicodec_name='ed25519-pub', multicodec_prefix=b'\xed\x01')

X25519 = KeySpec(key_type='x25519', multicodec_name='x25519-pub', multicodec_prefix=b'\xec\x01')

classmethod from_key_type(key_type: str) → Optional[aries_cloudagent.wallet.key_type.KeyType][source]: Get KeyType instance from the key type identifier.

classmethod from_multicodec_name(multicodec_name: str) → Optional[aries_cloudagent.wallet.key_type.KeyType][source]: Get KeyType instance based on multicodec name. Returns None if not found.

classmethod from_multicodec_prefix(multicodec_prefix: bytes) → Optional[aries_cloudagent.wallet.key_type.KeyType][source]: Get KeyType instance based on multicodec prefix. Returns None if not found.

classmethod from_prefixed_bytes(prefixed_bytes: bytes) → Optional[aries_cloudagent.wallet.key_type.KeyType][source]: Get KeyType instance based on prefix in bytes. Returns None if not found.

property key_type: str: Getter for key type identifier.

property multicodec_name: str: Getter for multicodec name.

property multicodec_prefix: bytes: Getter for multicodec prefix.

exception aries_cloudagent.wallet.key_type.KeyTypeException[source]

Bases: BaseException

Key type exception.

aries_cloudagent.wallet.routes module

aries_cloudagent.wallet.util module

Wallet utility functions.

aries_cloudagent.wallet.util.abbr_verkey(full_verkey: str, did: Optional[str] = None) → str[source]: Given a full verkey and DID, return the abbreviated verkey.

aries_cloudagent.wallet.util.b58_to_bytes(val: str) → bytes[source]: Convert a base 58 string to bytes.

aries_cloudagent.wallet.util.b64_to_bytes(val: str, urlsafe=False) → bytes[source]: Convert a base 64 string to bytes.

aries_cloudagent.wallet.util.b64_to_str(val: str, urlsafe=False, encoding=None) → str[source]: Convert a base 64 string to string on input encoding (default utf-8).

aries_cloudagent.wallet.util.bytes_to_b58(val: bytes) → str[source]: Convert a byte string to base 58.

aries_cloudagent.wallet.util.bytes_to_b64(val: bytes, urlsafe=False, pad=True, encoding: str = 'ascii') → str[source]: Convert a byte string to base 64.

aries_cloudagent.wallet.util.default_did_from_verkey(verkey: str) → str[source]

Given a verkey, return the default indy did.

By default the did is the first 16 bytes of the verkey.

aries_cloudagent.wallet.util.full_verkey(did: str, abbr_verkey: str) → str[source]: Given a DID and abbreviated verkey, return the full verkey.

async aries_cloudagent.wallet.util.notify_endorse_did_attrib_event(profile: aries_cloudagent.core.profile.Profile, did: str, meta_data: dict)[source]: Send notification for a DID ATTRIB post-process event.

async aries_cloudagent.wallet.util.notify_endorse_did_event(profile: aries_cloudagent.core.profile.Profile, did: str, meta_data: dict)[source]: Send notification for a DID post-process event.

aries_cloudagent.wallet.util.pad(val: str) → str[source]: Pad base64 values if need be: JWT calls to omit trailing padding.

aries_cloudagent.wallet.util.random_seed() → bytes[source]

Generate a random seed value.

Returns: A new random seed

aries_cloudagent.wallet.util.set_urlsafe_b64(val: str, urlsafe: bool = True) → str[source]: Set URL safety in base64 encoding.

aries_cloudagent.wallet.util.str_to_b64(val: str, urlsafe=False, encoding=None, pad=True) → str[source]: Convert a string to base64 string on input encoding (default utf-8).

aries_cloudagent.wallet.util.unpad(val: str) → str[source]: Remove padding from base64 values if need be.