aries_cloudagent.wallet package

Abstract and Indy wallet handling.

Subpackages

Submodules

aries_cloudagent.wallet.askar module

aries_cloudagent.wallet.base module

Wallet base class.

class aries_cloudagent.wallet.base.BaseWallet[source]

Bases: abc.ABC

Abstract wallet interface.

abstract async create_local_did(method: aries_cloudagent.wallet.did_method.DIDMethod, key_type: aries_cloudagent.wallet.key_type.KeyType, seed: Optional[str] = None, did: Optional[str] = None, metadata: Optional[dict] = None) aries_cloudagent.wallet.did_info.DIDInfo[source]

Create and store a new local DID.

Parameters
  • method – The method to use for the DID

  • key_type – The key type to use for the DID

  • seed – Optional seed to use for DID

  • did – The DID to use

  • metadata – Metadata to store with DID

Returns

The created DIDInfo

async create_public_did(method: aries_cloudagent.wallet.did_method.DIDMethod, key_type: aries_cloudagent.wallet.key_type.KeyType, seed: Optional[str] = None, did: Optional[str] = None, metadata: dict = {}) aries_cloudagent.wallet.did_info.DIDInfo[source]

Create and store a new public DID.

Parameters
  • seed – Optional seed to use for DID

  • did – The DID to use

  • metadata – Metadata to store with DID

Returns

The created DIDInfo

abstract async create_signing_key(key_type: aries_cloudagent.wallet.key_type.KeyType, seed: Optional[str] = None, metadata: Optional[dict] = None) aries_cloudagent.wallet.did_info.KeyInfo[source]

Create a new public/private signing keypair.

Parameters
  • key_type – Key type to create

  • seed – Optional seed allowing deterministic key creation

  • metadata – Optional metadata to store with the keypair

Returns

A KeyInfo representing the new record

abstract async get_local_did(did: str) aries_cloudagent.wallet.did_info.DIDInfo[source]

Find info for a local DID.

Parameters

did – The DID for which to get info

Returns

A DIDInfo instance for the DID

abstract async get_local_did_for_verkey(verkey: str) aries_cloudagent.wallet.did_info.DIDInfo[source]

Resolve a local DID from a verkey.

Parameters

verkey – Verkey for which to get DID info

Returns

A DIDInfo instance for the DID

abstract async get_local_dids() Sequence[aries_cloudagent.wallet.did_info.DIDInfo][source]

Get list of defined local DIDs.

Returns

A list of DIDInfo instances

async get_posted_dids() Sequence[aries_cloudagent.wallet.did_info.DIDInfo][source]

Get list of defined posted DIDs.

Returns

A list of DIDInfo instances

abstract async get_public_did() aries_cloudagent.wallet.did_info.DIDInfo[source]

Retrieve the public DID.

Returns

The currently public DIDInfo, if any

abstract async get_signing_key(verkey: str) aries_cloudagent.wallet.did_info.KeyInfo[source]

Fetch info for a signing keypair.

Parameters

verkey – The verification key of the keypair

Returns

A KeyInfo representing the keypair

abstract async pack_message(message: str, to_verkeys: Sequence[str], from_verkey: Optional[str] = None) bytes[source]

Pack a message for one or more recipients.

Parameters
  • message – The message to pack

  • to_verkeys – The verkeys to pack the message for

  • from_verkey – The sender verkey

Returns

The packed message

abstract async replace_local_did_metadata(did: str, metadata: dict)[source]

Replace the metadata associated with a local DID.

Prefer set_did_endpoint() to set endpoint in metadata.

Parameters
  • did – DID for which to replace metadata

  • metadata – The new metadata

abstract async replace_signing_key_metadata(verkey: str, metadata: dict)[source]

Replace the metadata associated with a signing keypair.

Parameters
  • verkey – The verification key of the keypair

  • metadata – The new metadata to store

abstract async rotate_did_keypair_apply(did: str) None[source]

Apply temporary keypair as main for DID that wallet owns.

Parameters

did – signing DID

Raises
  • WalletNotFoundError – if wallet does not own DID

  • WalletError – if wallet has not started key rotation

abstract async rotate_did_keypair_start(did: str, next_seed: Optional[str] = None) str[source]

Begin key rotation for DID that wallet owns: generate new keypair.

Parameters
  • did – signing DID

  • next_seed – seed for incoming ed25519 key pair (default random)

Returns

The new verification key

Raises

WalletNotFoundError – if wallet does not own DID

async set_did_endpoint(did: str, endpoint: str, _ledger: aries_cloudagent.ledger.base.BaseLedger, endpoint_type: Optional[aries_cloudagent.ledger.endpoint_type.EndpointType] = None, write_ledger: bool = True, endorser_did: Optional[str] = None, routing_keys: Optional[List[str]] = None)[source]

Update the endpoint for a DID in the wallet, send to ledger if public or posted.

Parameters
  • did – DID for which to set endpoint

  • endpoint – the endpoint to set, None to clear

  • ledger – the ledger to which to send endpoint update if DID is public or posted

  • endpoint_type – the type of the endpoint/service. Only endpoint_type ‘endpoint’ affects local wallet

abstract async set_public_did(did: Union[str, aries_cloudagent.wallet.did_info.DIDInfo]) aries_cloudagent.wallet.did_info.DIDInfo[source]

Assign the public DID.

Returns

The updated DIDInfo

abstract async sign_message(message: Union[List[bytes], bytes], from_verkey: str) bytes[source]

Sign message(s) using the private key associated with a given verkey.

Parameters
  • message – The message(s) to sign

  • from_verkey – Sign using the private key related to this verkey

Returns

The signature

abstract async unpack_message(enc_message: bytes) Tuple[str, str, str][source]

Unpack a message.

Parameters

enc_message – The encrypted message

Returns

(message, from_verkey, to_verkey)

Return type

A tuple

abstract async verify_message(message: Union[List[bytes], bytes], signature: bytes, from_verkey: str, key_type: aries_cloudagent.wallet.key_type.KeyType) bool[source]

Verify a signature against the public key of the signer.

Parameters
  • message – The message to verify

  • signature – The signature to verify

  • from_verkey – Verkey to use in verification

  • key_type – The key type to derive the signature verification algorithm from

Returns

True if verified, else False

aries_cloudagent.wallet.bbs module

BBS+ crypto.

exception aries_cloudagent.wallet.bbs.BbsException(*args, error_code: Optional[str] = None, **kwargs)[source]

Bases: aries_cloudagent.core.error.BaseError

Base BBS exception.

aries_cloudagent.wallet.bbs.create_bls12381g2_keypair(seed: Optional[bytes] = None) Tuple[bytes, bytes][source]

Create a public and private bls12381g2 keypair from a seed value.

Parameters

seed – Seed for keypair

Returns

A tuple of (public key, secret key)

aries_cloudagent.wallet.bbs.sign_messages_bls12381g2(messages: List[bytes], secret: bytes)[source]

Sign messages using a bls12381g2 private signing key.

Parameters
  • messages (List[bytes]) – The messages to sign

  • secret (bytes) – The private signing key

Returns

The signature

Return type

bytes

aries_cloudagent.wallet.bbs.verify_signed_messages_bls12381g2(messages: List[bytes], signature: bytes, public_key: bytes) bool[source]

Verify an ed25519 signed message according to a public verification key.

Parameters
  • signed – The signed messages

  • public_key – The public key to use in verification

Returns

True if verified, else False

aries_cloudagent.wallet.crypto module

aries_cloudagent.wallet.did_info module

KeyInfo, DIDInfo.

class aries_cloudagent.wallet.did_info.DIDInfo(did, verkey, metadata, method, key_type)

Bases: tuple

property did

Alias for field number 0

property key_type

Alias for field number 4

property metadata

Alias for field number 2

property method

Alias for field number 3

property verkey

Alias for field number 1

class aries_cloudagent.wallet.did_info.KeyInfo(verkey, metadata, key_type)

Bases: tuple

property key_type

Alias for field number 2

property metadata

Alias for field number 1

property verkey

Alias for field number 0

aries_cloudagent.wallet.did_method module

did method.py contains registry for did methods.

class aries_cloudagent.wallet.did_method.DIDMethod(name: str, key_types: List[aries_cloudagent.wallet.key_type.KeyType], rotation: bool = False, holder_defined_did: aries_cloudagent.wallet.did_method.HolderDefinedDid = HolderDefinedDid.NO)[source]

Bases: object

Class to represent a did method.

holder_defined_did() aries_cloudagent.wallet.did_method.HolderDefinedDid[source]

Return the did derivation policy.

eg: did:key DIDs are derived from the verkey -> HolderDefinedDid.NO eg: did:web DIDs cannot be derived from key material -> HolderDefinedDid.REQUIRED

property method_name

Get method name.

property supported_key_types

Get supported key types.

supports_key_type(key_type: aries_cloudagent.wallet.key_type.KeyType) bool[source]

Check whether the current method supports the key type.

property supports_rotation

Check rotation support.

class aries_cloudagent.wallet.did_method.DIDMethods[source]

Bases: object

DID Method class specifying DID methods with supported key types.

from_did(did: str) aries_cloudagent.wallet.did_method.DIDMethod[source]

Get DID method instance from the did url.

from_metadata(metadata: Mapping) Optional[aries_cloudagent.wallet.did_method.DIDMethod][source]

Get DID method instance from metadata object.

Returns SOV if no metadata was found for backwards compatibility.

from_method(method_name: str) Optional[aries_cloudagent.wallet.did_method.DIDMethod][source]

Retrieve a did method from method name.

register(method: aries_cloudagent.wallet.did_method.DIDMethod)[source]

Register a new did method.

registered(method: str) bool[source]

Check for a supported method.

class aries_cloudagent.wallet.did_method.HolderDefinedDid(value)[source]

Bases: enum.Enum

Define if a holder can specify its own did for a given method.

ALLOWED = 'allowed'
NO = 'no'
REQUIRED = 'required'

aries_cloudagent.wallet.did_posture module

Ledger utilities.

class aries_cloudagent.wallet.did_posture.DIDPosture(value)[source]

Bases: enum.Enum

Enum for DID postures: public, posted but not public, or in wallet only.

POSTED = DIDPostureSpec(moniker='posted', ordinal=1, public=False, posted=True)
PUBLIC = DIDPostureSpec(moniker='public', ordinal=0, public=True, posted=True)
WALLET_ONLY = DIDPostureSpec(moniker='wallet_only', ordinal=2, public=False, posted=False)
static get(posture: Union[str, Mapping]) aries_cloudagent.wallet.did_posture.DIDPosture[source]

Return enum instance corresponding to input string or DID metadata.

property metadata: Mapping

DID metadata for DID posture.

property moniker: str

Name for DID posture.

property ordinal: Mapping

public first, then posted and wallet-only.

Type

Ordinal for presentation

class aries_cloudagent.wallet.did_posture.DIDPostureSpec(moniker, ordinal, public, posted)

Bases: tuple

property moniker

Alias for field number 0

property ordinal

Alias for field number 1

property posted

Alias for field number 3

property public

Alias for field number 2

aries_cloudagent.wallet.error module

Wallet-related exceptions.

exception aries_cloudagent.wallet.error.WalletDuplicateError(*args, error_code: Optional[str] = None, **kwargs)[source]

Bases: aries_cloudagent.wallet.error.WalletError

Duplicate record exception.

exception aries_cloudagent.wallet.error.WalletError(*args, error_code: Optional[str] = None, **kwargs)[source]

Bases: aries_cloudagent.core.error.BaseError

General wallet exception.

exception aries_cloudagent.wallet.error.WalletNotFoundError(*args, error_code: Optional[str] = None, **kwargs)[source]

Bases: aries_cloudagent.wallet.error.WalletError

Record not found exception.

exception aries_cloudagent.wallet.error.WalletSettingsError(*args, error_code: Optional[str] = None, **kwargs)[source]

Bases: aries_cloudagent.wallet.error.WalletError

Invalid settings exception.

aries_cloudagent.wallet.in_memory module

aries_cloudagent.wallet.indy module

aries_cloudagent.wallet.key_pair module

Key pair storage manager.

class aries_cloudagent.wallet.key_pair.KeyPairStorageManager(store: aries_cloudagent.storage.base.BaseStorage)[source]

Bases: object

Key pair storage manager.

async delete_key_pair(verkey: str)[source]

Remove a previously-stored key pair record.

Raises

StorageNotFoundError – If the record is not found

async find_key_pairs(tag_query: Optional[Mapping] = None) List[dict][source]

Find key pairs by tag query.

async get_key_pair(verkey: str) dict[source]

Retrieve signing key pair from storage by verkey.

Parameters
  • storage (BaseStorage) – The storage to use for querying

  • verkey (str) – The verkey to query for

Raises
  • StorageDuplicateError – If more than one key pair is found for this verkey

  • StorageNotFoundError – If no key pair is found for this verkey

Returns

dict: The key pair data

async store_key_pair(public_key: bytes, secret_key: bytes, key_type: aries_cloudagent.wallet.key_type.KeyType, metadata: dict = {}, tags: dict = {})[source]

Store signing key pair in storage.

Parameters
  • public_key (bytes) – The public key

  • secret_key (bytes) – The secret key

  • key_type (KeyType) – The key type

  • metadata (dict, optional) – The metadata

  • tags (dict, optional) – The tags.

async update_key_pair_metadata(verkey: str, metadata: dict)[source]

Update the metadata of a key pair record by verkey.

Raises

StorageNotFoundError – If the record is not found.

aries_cloudagent.wallet.key_type module

Key type code.

class aries_cloudagent.wallet.key_type.KeyType(key_type: str, multicodec_name: str, multicodec_prefix: bytes)[source]

Bases: object

Key Type class.

property key_type: str

Get Key type, type.

property multicodec_name: str

Get key type multicodec name.

property multicodec_prefix: bytes

Get key type multicodec prefix.

class aries_cloudagent.wallet.key_type.KeyTypes[source]

Bases: object

KeyType class specifying key types with multicodec name.

from_key_type(key_type: str) Optional[aries_cloudagent.wallet.key_type.KeyType][source]

Get KeyType instance from the key type identifier.

from_multicodec_name(multicodec_name: str) Optional[aries_cloudagent.wallet.key_type.KeyType][source]

Get KeyType instance based on multicodec name. Returns None if not found.

from_multicodec_prefix(multicodec_prefix: bytes) Optional[aries_cloudagent.wallet.key_type.KeyType][source]

Get KeyType instance based on multicodec prefix. Returns None if not found.

from_prefixed_bytes(prefixed_bytes: bytes) Optional[aries_cloudagent.wallet.key_type.KeyType][source]

Get KeyType instance based on prefix in bytes. Returns None if not found.

register(key_type: aries_cloudagent.wallet.key_type.KeyType)[source]

Register a new key type.

aries_cloudagent.wallet.routes module

aries_cloudagent.wallet.util module

Wallet utility functions.

aries_cloudagent.wallet.util.abbr_verkey(full_verkey: str, did: Optional[str] = None) str[source]

Given a full verkey and DID, return the abbreviated verkey.

aries_cloudagent.wallet.util.b58_to_bytes(val: str) bytes[source]

Convert a base 58 string to bytes.

aries_cloudagent.wallet.util.b64_to_bytes(val: str, urlsafe=False) bytes[source]

Convert a base 64 string to bytes.

aries_cloudagent.wallet.util.b64_to_str(val: str, urlsafe=False, encoding=None) str[source]

Convert a base 64 string to string on input encoding (default utf-8).

aries_cloudagent.wallet.util.bytes_to_b58(val: bytes) str[source]

Convert a byte string to base 58.

aries_cloudagent.wallet.util.bytes_to_b64(val: bytes, urlsafe=False, pad=True, encoding: str = 'ascii') str[source]

Convert a byte string to base 64.

aries_cloudagent.wallet.util.default_did_from_verkey(verkey: str) str[source]

Given a verkey, return the default indy did.

By default the did is the first 16 bytes of the verkey.

aries_cloudagent.wallet.util.full_verkey(did: str, abbr_verkey: str) str[source]

Given a DID and abbreviated verkey, return the full verkey.

async aries_cloudagent.wallet.util.notify_endorse_did_attrib_event(profile: aries_cloudagent.core.profile.Profile, did: str, meta_data: dict)[source]

Send notification for a DID ATTRIB post-process event.

async aries_cloudagent.wallet.util.notify_endorse_did_event(profile: aries_cloudagent.core.profile.Profile, did: str, meta_data: dict)[source]

Send notification for a DID post-process event.

aries_cloudagent.wallet.util.pad(val: str) str[source]

Pad base64 values if need be: JWT calls to omit trailing padding.

aries_cloudagent.wallet.util.random_seed() bytes[source]

Generate a random seed value.

Returns

A new random seed

aries_cloudagent.wallet.util.set_urlsafe_b64(val: str, urlsafe: bool = True) str[source]

Set URL safety in base64 encoding.

aries_cloudagent.wallet.util.str_to_b64(val: str, urlsafe=False, encoding=None, pad=True) str[source]

Convert a string to base64 string on input encoding (default utf-8).

aries_cloudagent.wallet.util.unpad(val: str) str[source]

Remove padding from base64 values if need be.