Python API

Crypto

class RPA.Crypto.Crypto

Bases: object

Library for common encryption and hashing operations.

It uses the Fernet format for encryption. More specifically, it uses AES in CBC mode with a 128-bit key for encryption and HMAC with SHA256 for authentication.

To use the encryption features, generate a key with the command line utility rpa-crypto or with the keyword Generate Key. Store the key in a secure place, such as Robocorp Vault, and load it within the execution before calling encryption/decryption keywords.

Example usage with Robocorp Vault

Create an encryption key with the CLI utility:

> rpa-crypto key
rGx1edA07yz7uD08ChiPSunn8vaauRxw0pAbsal9zjM=

Store the key in Robocorp Vault, in this case with the name EncryptionKey.

Load the key from the vault before encryption operations:

Use encryption key from vault    EncryptionKey
${encrypted}=   Encrypt file    orders.xlsx
Add work item file    ${encrypted}    name=Orders

In another task, this same key can be used to decrypt the file:

Use encryption key from vault    EncryptionKey
${encrypted}=    Get work item file    Orders
${orders}=   Decrypt file    ${encrypted}
ROBOT_LIBRARY_DOC_FORMAT = 'REST'
ROBOT_LIBRARY_SCOPE = 'GLOBAL'
decrypt_file(path: str, output: Optional[str] = None) → str

Decrypt a file.

Parameters

  • path – Path to encrypted input file

  • output – Path to decrypted output file

If not output path is given, it will generate one from the input path. The resulting output path is returned.

Example:

Use encryption key    ${key}
${path}=    Decrypt file    orders.xlsx.enc
Log    Path to decrypted file is: ${path}
decrypt_string(data: Union[bytes, str], encoding='utf-8') → Union[str, bytes]

Decrypt a string.

Parameters

  • data – Encrypted data as base64 string

  • encoding – Original encoding of string

Returns the decrypted string that is parsed with the given encoding, or if the encoding is None the raw bytes are returned.

Example:

Use encryption key    ${key}
${text}=    Decrypt string    ${token}
Log    Secret string is: ${text}
encrypt_file(path: str, output: Optional[str] = None) → str

Encrypt a file.

Parameters

  • path – Path to source input file

  • output – Path to encrypted output file

If not output path is given, it will generate one from the input path. The resulting output path is returned.

Example:

Use encryption key    ${key}
${path}=    Encrypt file    orders.xlsx
Log    Path to encrypted file is: ${path}
encrypt_string(text: Union[bytes, str], encoding='utf-8') → bytes

Encrypt a string.

Parameters

  • text – Source text to encrypt

  • encoding – Used text encoding

Example:

Use encryption key    ${key}
${token}=    Encrypt string    This is a secret, don't share it
generate_key() → str

Generate a Fernet encryption key as base64 string.

This key can be used for encryption/decryption operations with this library.

NOTE: Store the generated key in a secure place! If the key is lost, the encrypted data can not be recovered. If anyone else gains access to it, they can decrypt your data.

hash_file(path: str, method: RPA.Crypto.Hash = <Hash.SHA1: 2>) → str

Calculate a hash from a file, in base64 format.

Parameters

  • path – Path to file

  • method – The used hashing method

Example:

${digest}=    Hash file    orders.xlsx    method=MD5
Should not be equal    ${digest}    uSlyRHlbu8NzY29YMZhDUpdErP4=
hash_string(text: str, method: RPA.Crypto.Hash = <Hash.SHA1: 2>, encoding='utf-8') → str

Calculate a hash from a string, in base64 format.

Parameters

  • text – String to hash

  • method – Used hashing method

  • encoding – Used text encoding

Example:

${digest}=    Hash string    A value that will be hashed
Should be equal    ${digest}    uSlyRHlbu8NzY29YMZhDUpdErP4=
use_encryption_key(key: str)

Set key for all following encryption/decryption operations.

Parameters

key – Encryption key as base64 string

Assumes the given key has been generated previously using either the keyword Generate Key or with the matching command line utility.

Example:

${key}=    Read file    encryption.key
Use encryption key      ${key}
use_encryption_key_from_vault(name: str, key: Optional[str] = None)

Load an encryption key from Robocorp Vault.

Parameters

  • name – Name of secret in Vault

  • key – Name of encryption key in secret

If the secret only has one value, the key argument is optional.

Example:

# Secret with one value
Use encryption key from vault    Encryption
# Secret with multiple values
Use encryption key from vault    name=Encryption    key=CryptoKey
class RPA.Crypto.Hash

Bases: enum.Enum

Supported hashing algorithms.

MD5 = 1
SHA1 = 2
SHA224 = 3
SHA256 = 4
SHA384 = 5
SHA3_224 = 6
SHA3_256 = 7
SHA3_384 = 8
SHA3_512 = 9
SHA512 = 10
SHA512_224 = 11
SHA512_256 = 12
RPA.Crypto.to_hash_context(element: RPA.Crypto.Hash) → cryptography.hazmat.primitives.hashes.HashContext

Convert hash enum value to hash context instance.