Welcome to SecureNotes Client’s documentation!¶

The SecureNotes server just provides a means to store encrypted content and the corresponding keys needed to share the encrypted content.

Important

The server cannot access the keys as these are also encrypted. The passphrases are only known to the users.

There the handling of encryption is up to the clients:

Installation¶

The client can be installed via pip

pip install securenotes-client

Configuration¶

The configuration is written in the INI format and saves basic parameters. The available sections are described below:

DEFAULT¶

Options¶
Option	Description
username	Used for authentication
password	Used for authentication
passphrase	Used for decryption and encryption
host	FQDN to API

SecureNotes API¶

class securenotes_api.AESKey(key=None, iv=None, logger=None)¶

Wrapper for AES key

This object is a convenience wrapper for Crypto.Cipher.AES

Parameters:	key (byte) – bytes-representation of the AES key. iv (byte) – byte-representation of the initialization vector logger (`logging.Logger`) – A logging instance

AES_KEYSIZE = 32¶

AES_SEGMENTSIZE = 128¶

decrypt(text)¶

Decrypt text

Resets the AES key
decodes the supplied text with Base64
decrypts the the decoded and encrypted text

Parameters:	text (byte) – base64-encoded and encrypted text
Returns:	decoded and decrypted text
Return type:	byte

encrypt(text)¶

Encrypt text

Resets the AES key
encrypts the supplied text with the AES key
encodes the encrypted text with Base64

Parameters:	text (byte) – bytestring to be encoded
Returns:	Base64-encoded and encrypted text
Return type:	byte

get_secret()¶: Return key and initialization vector :return: bytestring consisting of iv and key :rtype: byte

reset()¶: Reset to mint condition

class securenotes_api.NotesAPIClient(username, password, rsa_password=None, logger=None)¶

API client for the Secure Notes service

RSA_KEYSIZE = 2048¶

add_note(title, content)¶

Upload an encrypted note

Parameters:	title (str) – Title that is saved unencrypted content (str) – Content that is saved encrypted
Returns:	`0` if successful, otherwise `1`

base_url = 'http://localhost:8000/notes/'¶

change_note(pk, title, content)¶

Change contents of note with ID pk

Parameters:	pk – ID of the note on the server title – new title content – new content (will be encrypted)
Returns:	`0` if successful, otherwise `1`

create_rsa_key()¶

Upload private/public key.

Note

If replacing the upstream keys, ensure that encrypted data is re-crypted!

Hint

The generated RSA private and public keys are ready for use e.g. with the OpenSSL command line tool.

Returns:	`Crypto.PublicKey.RSA._RSAobj` or `None`

delete_note(pk)¶

Delete note from server

Parameters:	pk (int) – ID of the note to be deleted
Returns:	`0` if successful, otherwise `1`

download_aes_key(pk)¶

Download AES key for note with id pk

Parameters:	pk – ID of the note on server
Returns:	AES key or `None`
Return type:	`AESKey`

get_note(pk)¶

Get note with unencrypted content from server

Parameters:	pk – ID of the note on the server
Returns:	list of dict or `None`

get_rsa_key(username=None)¶

Retrieve private/public RSA key for user username.

Note

The private key is only returned for you!

Parameters:	username – Name of user for which keys are to be retrieved.
Returns:	`Crypto.PublicKey.RSA._RSAobj` or `None`

list_notes(page=1)¶

Get a list of notes

Parameters:	page (int) – Page which shall be returned
Returns:	list of notes or `None`

list_shares(pk, page=1)¶

Show all users that have been granted acces to note with ID pk

Parameters:	pk – ID of the note to be queried page – If results are paginated, show this page
Returns:	list or None

share_note(pk, username)¶

Share AES key with user username

Parameters:	pk – ID of the note to be shared username – username of the receiving user
Returns:	`0` if successful, otherwise `1`

unshare_note(pk, username)¶

Revoke key to deny access for user username

Parameters:	pk – ID of the note to be unshared username – username of the revoked user
Returns:	`0` if successful, otherwise `1`

upload_aes_key(aeskey, pk, username=None)¶

Upload AES key aeskey that was used to encrypt note with id pk

Parameters:	aeskey (`AESKey`) – AES key that was used to encrypt data pk (int) – ID for the encrypted content that was given by the server username – Name of the user whose public RSA key is used to encrypt the AES key
Returns:	`0` if successful, otherwise `1`

CLI Client¶

Usage¶

Command line arguments:

usage: securenotes.py [-h] [-u USERNAME] [-p PASSWORD] [-P PASSPHRASE]
                      [-H HOST] [--debug] [-s] [--raw]
                      {list,note,add,edit,delete,share,revoke,listshare} ...

Secure Notes

positional arguments:
  {list,note,add,edit,delete,share,revoke,listshare}
                        Commands. For detailed help on command <command> use:
                        securenotes.py <command> -h
    list                List all notes created by or shared with you
    note                View a note
    add                 Add a new note
    edit                Change an existing note owned by you
    delete              Delete a note owned by you
    share               Share a note with another user
    revoke              Revoke the access of another user to your note
    listshare           List all users the note is shared with

optional arguments:
  -h, --help            show this help message and exit

Authentication/Server:
  -u USERNAME, --username USERNAME
                        Username
  -p PASSWORD, --password PASSWORD
                        Password
  -P PASSPHRASE, --passphrase PASSPHRASE
                        Phassphrase for encryption; if omitted, password is
                        used
  -H HOST, --host HOST  URL of server

More options:
  --debug               Activate debug output
  -s, --save-as-defaults
                        Save generic options to config file
  --raw                 Show unformatted content