Skip to main content

Encrypting Data

In this document we will encrypt data and invoke a function that we created here. Full code can be found on Github

Cape encrypt

Cape makes it easy to encrypt any data using the cape encrypt command. The encrypted data can only be processed by Cape functions.

Encrypt a value that you'd like to invoke the function with, and pipe into a file:

cape encrypt '13' > encrypted.data

Then invoke the same function, using the file as input:

cape run capedocs/isprime -f encrypted.data

Which produces:

13 is prime

Encrypting files

You can use cape encrypt to encrypt any type of data, including files by using the -f flag:

cape encrypt -f unencrypted.data > encrypted.data

Encryption and decryption in the enclave

Within your function you also have access to finer grained controls to encrypt or decrypt through the cape_encrypt python package. For example, if you have a json payload as input, you can include individual fields that have been independently encrypted and then decrypt as needed within your function. 

from cape_encrypt import cape_encrypt
import json

def cape_handler(json_input):
  input = json.loads(json_input)
  plaintext = cape_encrypt.decrypt(bytes(input['secret'], 'utf-8'))
  # Use in calculation...
  return calc_result

Furthermore you are able to use the cape_encrypt package to encrypt values, such as a generated key for others to use, in your function for use in other functions. 

from cape_encrypt import cape_encrypt
import hybrid_pke
import base64

def cape_handler(input):
  hpke = hybrid_pke.default()
  secret_key, public_key = hybrid_pke.Hpke.generate_key_pair(hpke)
  ciphertext = cape_encrypt.encrypt(secret_key)

  return base64.standard_b64encode(public_key), ciphertext