Decrypting Data¶

Decrypting data requires the matching private key of the public key which was used to encrypt the data. You can load and decrypt a file into a bytes object, copy the decrypted data into a new file or decrypt data from a data stream into another.

The following example shows how to decrypt a file and read its metadata:

>>> import fast_file_encryption as ffe
>>> from pathlib import Path
>>> encrypted_file = Path('encrypted_file.ffe')
>>> decryptor = ffe.Decryptor(ffe.read_private_key(Path('private.pem')))
>>> decryptor.load_decrypted(encrypted_file)
b'Hello world!'
>>> decryptor.read_metadata(encrypted_file)
{'my-meta': 1, 'file_path': '.../original_file.txt', ...}

class fast_file_encryption.Decryptor(private_key)¶

The decryptor provides all required methods to decrypt data, files and streams.

Parameters:: private_key (RSAPrivateKey) – The private key to use for the decryption.

read_metadata(source)¶

Only decrypt and read the metadata from a file.

Parameters:: source (pathlib.Path) – The file to read the metadata.
Returns:: The dictionary with the metadata.
Return type:: dict[str, Any]

load_decrypted(self, source, maximum_size=10_000_000)¶

Load and decrypt the given source file.

Parameters:

source (pathlib.Path) – Load and decrypt the given source file.
maximum_size (int) – The maximum size of the decrypted data. This is no exact limit, because it is tested using the size of the encrypted data. The returned data may be up to 127 bytes larger than the given limit. Defaults to 10_000_000.

Returns:

The decrypted data.

Return type:

bytes

Raises:

DataTooLargeError – If the maximum size would be exceeded.
IntegrityError – On any file integrity problem.

copy_decrypted(self, source, destination):

Copy an decrypt the source file to the given destination.

Parameters:

source (pathlib.Path) – The path to the encrypted source file.
destination (pathlib.Path) – The path to the decrypted destination file.

Raises:

IntegrityError – On any file integrity problem.

stream_decrypted(self, source_io, destination_io)¶

Decrypt the data from the source stream and write it to the destination stream.

Both streams have to be open and need to be readable/writable. The implementation only uses the read method on the source stream and the write method on the destination stream.

Parameters:

source_io (io.BufferedIOBase) – The open source stream.
destination_io (io.BufferedIOBase) – The open destination stream.

Raises:

IntegrityError – On any file integrity problem.