dify_admin/docs/api/encryption.md

Encryption API Documentation

Overview

The Encryption class provides cryptographic functions including:

• RSA key pair generation and management
• Hybrid encryption (RSA + AES)
• API key encryption
• Secure key storage

Class Methods

Key Management

• load_public_key(public_key_path_or_content)
  • Loads public key from file or content
• load_private_key(private_key_path)
  • Loads private key from file

Encryption/Decryption

• encrypt(text, public_key)
  • Encrypts text using hybrid RSA+AES approach
  • Returns: Encrypted data with "HYBRID:" prefix
• decrypt(encrypted_text, private_key)
  • Decrypts hybrid encrypted data
  • Returns: Original plaintext

Specialized Methods

• encrypt_api_key(public_key_pem, api_key)
  • Encrypts API keys with base64 encoding
  • Returns: base64 encoded encrypted key

Security Features

• Uses 2048-bit RSA keys
• AES-256 for symmetric encryption
• Random key generation for each operation
• Secure key storage practices
• Detailed error logging

Error Handling

• Validates all inputs
• Raises exceptions for invalid operations
• Logs all errors with context

Example Usage

# Encrypt data
public_key = Encryption.load_public_key("public.pem")
encrypted = Encryption.encrypt("secret data", public_key)

# Decrypt data 
private_key = Encryption.load_private_key("private.pem")
decrypted = Encryption.decrypt(encrypted, private_key)