Python API

Crypto

class RPA.Crypto.Crypto

Bases: object

Library for common encryption and hashing operations.

It uses the Fernet format for encryption. More specifically, it uses AES in CBC mode with a 128-bit key for encryption and HMAC with SHA256 for authentication.

To use the encryption features, generate a key with the command line utility rpa-crypto or with the keyword Generate Key. Store the key in a secure place, such as Robocorp Vault, and load it within the execution before calling encryption/decryption keywords.

Example usage with Robocorp Vault

Create an encryption key with the CLI utility:

> rpa-crypto key
rGx1edA07yz7uD08ChiPSunn8vaauRxw0pAbsal9zjM=

Store the key in Robocorp Vault, in this case with the name EncryptionKey.

Load the key from the vault before encryption operations:

Use encryption key from vault    EncryptionKey
${encrypted}=   Encrypt file    orders.xlsx
Add work item file    ${encrypted}    name=Orders

In another task, this same key can be used to decrypt the file:

Use encryption key from vault    EncryptionKey
${encrypted}=    Get work item file    Orders
${orders}=   Decrypt file    ${encrypted}
ROBOT_LIBRARY_DOC_FORMAT = 'REST'
ROBOT_LIBRARY_SCOPE = 'GLOBAL'
decrypt_file(path: str, output: Optional[str] = None) → str

Decrypt a file.

Parameters
  • path – Path to encrypted input file

  • output – Path to decrypted output file

Returns

Path to the decrypted file

If no output path is given, it will generate one from the input path. The resulting output path is returned.

Example:

Use encryption key    ${key}
${path}=    Decrypt file    orders.xlsx.enc
Log    Path to decrypted file is: ${path}
decrypt_string(data: Union[bytes, str], encoding: str = 'utf-8') → Union[str, bytes]

Decrypt a string.

Parameters
  • data – Encrypted data as base64 string

  • encoding – Original encoding of string

Returns

Decrypted string or raw bytes, if None given as encoding

Returns the decrypted string that is parsed with the given encoding, or if the encoding is None the raw bytes are returned.

Example:

Use encryption key    ${key}
${text}=    Decrypt string    ${token}
Log    Secret string is: ${text}
encrypt_file(path: str, output: Optional[str] = None) → str

Encrypt a file.

Parameters
  • path – Path to source input file

  • output – Path to encrypted output file

Returns

Path to the encrypted file

If no output path is given, it will generate one from the input path. The resulting output path is returned.

Example:

Use encryption key    ${key}
${path}=    Encrypt file    orders.xlsx
Log    Path to encrypted file is: ${path}
encrypt_string(text: Union[bytes, str], encoding: str = 'utf-8') → bytes

Encrypt a string.

Parameters
  • text – Source text to encrypt

  • encoding – Used text encoding

Returns

Token of the encrypted string in bytes

Example:

Use encryption key    ${key}
${token}=    Encrypt string    This is a secret, don't share it
generate_key() → str

Generate a Fernet encryption key as base64 string.

Returns

Generated key as a string

This key can be used for encryption/decryption operations with this library.

NOTE: Store the generated key in a secure place! If the key is lost, the encrypted data can not be recovered. If anyone else gains access to it, they can decrypt your data.

hash_file(path: str, method: RPA.Crypto.Hash = <Hash.SHA1: 2>) → str

Calculate a hash from a file, in base64 format.

Parameters
  • path – Path to file

  • method – The used hashing method

Returns

Hash digest of the file

Example:

${digest}=    Hash file    orders.xlsx    method=MD5
Should not be equal    ${digest}    uSlyRHlbu8NzY29YMZhDUpdErP4=
hash_string(text: str, method: RPA.Crypto.Hash = <Hash.SHA1: 2>, encoding='utf-8') → str

Calculate a hash from a string, in base64 format.

Parameters
  • text – String to hash

  • method – Used hashing method

  • encoding – Used text encoding

Returns

Hash digest of the string

Example:

${digest}=    Hash string    A value that will be hashed
Should be equal    ${digest}    uSlyRHlbu8NzY29YMZhDUpdErP4=
use_encryption_key(key: str) → None

Set key for all following encryption/decryption operations.

Parameters

key – Encryption key as base64 string

Assumes the given key has been generated previously using either the keyword Generate Key or with the matching command line utility.

Example:

${key}=    Read file    encryption.key
Use encryption key      ${key}
use_encryption_key_from_vault(name: str, key: Optional[str] = None) → None

Load an encryption key from Robocorp Vault.

Parameters
  • name – Name of secret in Vault

  • key – Name of encryption key in secret

If the secret only has one value, the key argument is optional.

Example:

# Secret with one value
Use encryption key from vault    Encryption
# Secret with multiple values
Use encryption key from vault    name=Encryption    key=CryptoKey
class RPA.Crypto.Hash

Bases: enum.Enum

Supported hashing algorithms.

MD5 = 1
SHA1 = 2
SHA224 = 3
SHA256 = 4
SHA384 = 5
SHA3_224 = 6
SHA3_256 = 7
SHA3_384 = 8
SHA3_512 = 9
SHA512 = 10
SHA512_224 = 11
SHA512_256 = 12
RPA.Crypto.to_hash_context(element: RPA.Crypto.Hash) → cryptography.hazmat.primitives.hashes.HashContext

Convert hash enum value to hash context instance.