KERI Core API

keri.core.coring

keri.core.coring module

class keri.core.coring.AltCounterCodex(ControllerIdxSigs: str = '-A', WitnessIdxSigs: str = '-B', NonTransReceiptCouples: str = '-C', TransReceiptQuadruples: str = '-D', FirstSeenReplayCouples: str = '-E', TransIdxSigGroups: str = '-F', SealSourceCouples: str = '-G', TransLastIdxSigGroups: str = '-H', SealSourceTriples: str = '-I', SadPathSig: str = '-J', SadPathSigGroup: str = '-K', PathedMaterialQuadlets: str = '-L', MessageDataGroups: str = '-U', AttachedMaterialQuadlets: str = '-V', MessageDataMaterialQuadlets: str = '-W', CombinedMaterialQuadlets: str = '-X', MaterialGroups: str = '-Y', MaterialQuadlets: str = '-Z', BigMessageDataGroups: str = '-0U', BigAttachedMaterialQuadlets: str = '-0V', BigMessageDataMaterialQuadlets: str = '-0W', BigCombinedMaterialQuadlets: str = '-0X', BigMaterialGroups: str = '-0Y', BigMaterialQuadlets: str = '-0Z')

CounterCodex is codex hard (stable) part of all counter derivation codes. Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.BextCodex(StrB64_L0: str = '4A', StrB64_L1: str = '5A', StrB64_L2: str = '6A', StrB64_Big_L0: str = '7AAA', StrB64_Big_L1: str = '8AAA', StrB64_Big_L2: str = '9AAA')

BextCodex is codex of all variable sized Base64 Text (Bext) derivation codes. Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.Bexter(raw=None, qb64b=None, qb64=None, qb2=None, code='4A', bext=None, **kwa)

Bexter is subclass of Matter, cryptographic material, for variable length strings that only contain Base64 URL safe characters, i.e. Base64 text (bext). When created using the ‘bext’ paramaeter, the encoded matter in qb64 format in the text domain is more compact than would be the case if the string were passed in as raw bytes. The text is used as is to form the value part of the qb64 version not including the leader.

Due to ambiguity that arises from pre-padding bext whose length is a multiple of three with one or more ‘A’ chars. Any bext that starts with an ‘A’ and whose length is either a multiple of 3 or 4 may not round trip. Bext with a leading ‘A’ whose length is a multiple of four may have the leading ‘A’ stripped when round tripping.

Bexter(bext=’ABBB’).bext == ‘BBB’ Bexter(bext=’BBB’).bext == ‘BBB’ Bexter(bext=’ABBB’).qb64 == ‘4AABABBB’ == Bexter(bext=’BBB’).qb64

To avoid this problem, only use for applications of base 64 strings that never start with ‘A’

Examples: base64 text strings:

bext = “” qb64 = ‘4AAA’

bext = “-” qb64 = ‘6AABAAA-’

bext = “-A” qb64 = ‘5AABAA-A’

bext = “-A-” qb64 = ‘4AABA-A-’

bext = “-A-B” qb64 = ‘4AAB-A-B’

Example uses:

CESR encoded paths for nested SADs and SAIDs CESR encoded fractionally weighted threshold expressions

Attributes:

Inherited Properties: (See Matter)

.pad is int number of pad chars given raw

.code is str derivation code to indicate cypher suite .raw is bytes crypto material only without code .index is int count of attached crypto material by context (receipts) .qb64 is str in Base64 fully qualified with derivation code + crypto mat .qb64b is bytes in Base64 fully qualified with derivation code + crypto mat .qb2 is bytes in binary with derivation code + crypto material .transferable is Boolean, True when transferable derivation code False otherwise

Properties:

.text is the Base64 text value, .qb64 with text code and leader removed.

Hidden:

._pad is method to compute .pad property ._code is str value for .code property ._raw is bytes value for .raw property ._index is int value for .index property ._infil is method to compute fully qualified Base64 from .raw and .code ._exfil is method to extract .code and .raw from fully qualified Base64

Methods:

__init__(raw=None, qb64b=None, qb64=None, qb2=None, code='4A', bext=None, **kwa)

Inherited Parameters: (see Matter)

raw is bytes of unqualified crypto material usable for crypto operations qb64b is bytes of fully qualified crypto material qb64 is str or bytes of fully qualified crypto material qb2 is bytes of fully qualified crypto material code is str of derivation code index is int of count of attached receipts for CryCntDex codes

Parameters:

string (bext is the variable sized Base64 text)

property bext

Base64 text value portion of qualified b64 str Returns the value portion of .qb64 with text code and leader removed

Type:

Property bext

class keri.core.coring.Cigar(verfer=None, **kwa)

Cigar is Matter subclass holding a nonindexed signature with verfer property.

From Matter .raw is signature and .code is signature cipher suite

Adds .verfer property to hold Verfer instance of associated verifier public key

Verfer’s .raw as verifier key and .code is verifier cipher suite.

See Matter for inherited attributes and properties:

Attributes:

Properties: (Inherited)

.code is str derivation code to indicate cypher suite .size is size (int): number of quadlets when variable sized material besides

full derivation code else None

.raw is bytes crypto material only without code .qb64 is str in Base64 fully qualified with derivation code + crypto mat .qb64b is bytes in Base64 fully qualified with derivation code + crypto mat .qb2 is bytes in binary with derivation code + crypto material .transferable is Boolean, True when transferable derivation code False otherwise .digestive is Boolean, True when digest derivation code False otherwise

Properties:

.verfer is verfer of public key used to verify signature

Hidden:

._code is str value for .code property ._size is int value for .size property ._raw is bytes value for .raw property ._infil is method to compute fully qualified Base64 from .raw and .code ._exfil is method to extract .code and .raw from fully qualified Base64

Methods:

Hidden:

._pad is method to compute .pad property ._code is str value for .code property ._raw is bytes value for .raw property ._index is int value for .index property ._infil is method to compute fully qualified Base64 from .raw and .code ._exfil is method to extract .code and .raw from fully qualified Base64

__init__(verfer=None, **kwa)

Assign verfer to ._verfer attribute

property verfer

Property verfer: Returns Verfer instance Assumes ._verfer is correctly assigned

class keri.core.coring.Cipher(raw=None, code=None, **kwa)

Cipher is Matter subclass holding a cipher text of a secret that may be either a secret seed (private key) or secret salt with appropriate CESR code to indicate which kind (which indicates size). The cipher text is created with assymetric encryption using an unrelated (public, private) encryption/decryption key pair. The public key is used for encryption the private key for decryption. The default is to use X25519 sealed box encryption.

The Cipher instances .raw is the raw binary encrypted cipher text and its .code indicates what type of secret has been encrypted. The cipher suite used for the encryption/decryption is implied by the context where the cipher is used.

See Matter for inherited attributes and properties

__init__(raw=None, code=None, **kwa)

Parmeters:

raw (Union[bytes, str]): cipher text code (str): cipher suite

decrypt(prikey=None, seed=None)

Returns plain text as Matter instance (Signer or Salter) of cryptographic cipher text material given by .raw. Encrypted plain text is fully qualified (qb64) so derivaton code of plain text preserved through encryption/decryption round trip.

Uses either decryption key given by prikey or derives prikey from signing key derived from private seed.

Parameters:

• prikey (Union[bytes, str]) – qb64b or qb64 serialization of private decryption key

• seed (Union[bytes, str]) – qb64b or qb64 serialization of private signing key seed used to derive private decryption key

class keri.core.coring.CipherX25519AllQB64Codex(X25519_Cipher_Seed: str = 'P', X25519_Cipher_Salt: str = '1AAH', X25519_Cipher_QB64_L0: str = '4D', X25519_Cipher_QB64_L1: str = '5E', X25519_Cipher_QB64_L2: str = '6E', X25519_Cipher_QB64_Big_L0: str = '7AAD', X25519_Cipher_QB64_Big_L1: str = '8AAD', X25519_Cipher_QB64_Big_L2: str = '9AAD')

CipherX25519AllQB64Codex is codex all both fixed and variable sized cipher bytes derivation codes for sealed box encryped ciphertext. Plaintext is B64. Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.CipherX25519FixQB64Codex(X25519_Cipher_Seed: str = 'P', X25519_Cipher_Salt: str = '1AAH')

CipherX25519FixQB64Codex is codex all fixed sized cipher bytes derivation codes for sealed box encryped ciphertext. Plaintext is B64. Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.CipherX25519QB2VarCodex(X25519_Cipher_L0: str = '4E', X25519_Cipher_L1: str = '5E', X25519_Cipher_L2: str = '6E', X25519_Cipher_Big_L0: str = '7AAE', X25519_Cipher_Big_L1: str = '8AAE', X25519_Cipher_Big_L2: str = '9AAE')

CipherX25519QB2VarCodex is codex all variable sized cipher bytes derivation codes for sealed box encryped ciphertext. Plaintext is B2. Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.CipherX25519VarCodex(X25519_Cipher_L0: str = '4D', X25519_Cipher_L1: str = '5D', X25519_Cipher_L2: str = '6D', X25519_Cipher_Big_L0: str = '7AAD', X25519_Cipher_Big_L1: str = '8AAD', X25519_Cipher_Big_L2: str = '9AAD')

CipherX25519VarCodex is codex all variable sized cipher bytes derivation codes for sealed box encryped ciphertext. Plaintext is B2. Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.CipherX25519VarQB64Codex(X25519_Cipher_QB64_L0: str = '4D', X25519_Cipher_QB64_L1: str = '5E', X25519_Cipher_QB64_L2: str = '6E', X25519_Cipher_QB64_Big_L0: str = '7AAD', X25519_Cipher_QB64_Big_L1: str = '8AAD', X25519_Cipher_QB64_Big_L2: str = '9AAD')

CipherX25519VarQB64Codex is codex all variable sized cipher bytes derivation codes for sealed box encryped ciphertext. Plaintext is QB64. Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.Counter(code=None, count=None, countB64=None, qb64b=None, qb64=None, qb2=None, strip=False)

Counter is fully qualified cryptographic material primitive base class for counter primitives (framing composition grouping count codes).

Sub classes are derivation code and key event element context specific.

Includes the following attributes and properties:

Attributes:

Properties:

.code is str derivation code to indicate cypher suite .raw is bytes crypto material only without code .pad is int number of pad chars given raw .count is int count of grouped following material (not part of counter) .qb64 is str in Base64 fully qualified with derivation code + crypto mat .qb64b is bytes in Base64 fully qualified with derivation code + crypto mat .qb2 is bytes in binary with derivation code + crypto material

Hidden:

._code is str value for .code property ._raw is bytes value for .raw property ._pad is method to compute .pad property ._count is int value for .count property ._infil is method to compute fully qualified Base64 from .raw and .code ._exfil is method to extract .code and .raw from fully qualified Base64

__init__(code=None, count=None, countB64=None, qb64b=None, qb64=None, qb2=None, strip=False)

Validate as fully qualified :param code: stable (hard) part of derivation code :type code: str | None :param count: count for composition.

Count may represent quadlets/triplet, groups, primitives or other numericy When both count and countB64 are None then count defaults to 1

Parameters:

• countB64 (str | None) – count for composition as Base64 countB64 may represent quadlets/triplet, groups, primitives or other numericy

• qb64b (bytes | bytearray | None) – fully qualified crypto material text domain

• qb64 (str | None)

• qb2 (bytes | bytearray | None)

• strip (bool) – True means strip counter contents from input stream bytearray after parsing qb64b or qb2. False means do not strip. default False

Needs either code or qb64b or qb64 or qb2 Otherwise raises EmptyMaterialError When code and count provided then validate that code and count are correct Else when qb64b or qb64 or qb2 provided extract and assign .code and .count

property code

Returns ._code Makes .code read only

property count

Returns ._count Makes ._count read only

countToB64(l=None)

Returns count as Base64 left padded with “A”s :param l: minimum number characters including left padding

When not provided use the softsize of .code

property qb2

Property qb2: Returns Fully Qualified Binary Version Bytes

property qb64

Property qb64: Returns Fully Qualified Base64 Version Assumes self.raw and self.code are correctly populated

property qb64b

Property qb64b: Returns Fully Qualified Base64 Version encoded as bytes Assumes self.raw and self.code are correctly populated

static semVerToB64(version='', major=0, minor=0, patch=0)

Converts semantic version to Base64 representation of countB64 suitable for CESR protocol genus and version

Returns:

suitable for input to Counter example: Counter(countB64=semVerToB64(version = “1.0.0”))

Return type:

countB64 (str)

Parameters:

• version (str | None) – dot separated semantic version string of format “major.minor.patch”

• major (int) – When version is None or empty then use major,minor, patch

• minor (int) – When version is None or empty then use major,minor, patch

• patch (int) – When version is None or empty then use major,minor, patch

each of major, minor, patch must be in range [0,63] for represenation as three Base64 characters

class keri.core.coring.CounterCodex(ControllerIdxSigs: str = '-A', WitnessIdxSigs: str = '-B', NonTransReceiptCouples: str = '-C', TransReceiptQuadruples: str = '-D', FirstSeenReplayCouples: str = '-E', TransIdxSigGroups: str = '-F', SealSourceCouples: str = '-G', TransLastIdxSigGroups: str = '-H', SealSourceTriples: str = '-I', SadPathSig: str = '-J', SadPathSigGroup: str = '-K', PathedMaterialQuadlets: str = '-L', AttachedMaterialQuadlets: str = '-V', BigAttachedMaterialQuadlets: str = '-0V', KERIProtocolStack: str = '--AAA')

CounterCodex is codex hard (stable) part of all counter derivation codes. Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.Dater(raw=None, qb64b=None, qb64=None, qb2=None, code='0A', dts=None, **kwa)

Dater is subclass of Matter, cryptographic material, for RFC-3339 profile of ISO-8601 formatted datetimes.

Dater provides a custom Base64 coding of an ASCII RFC-3339 profile of an ISO-8601 datetime by replacing (using translate) the three non-Base64 characters, ‘:.+’ with the Base64 equivalents, ‘cdp’ respectively.

Dater provides a more compact representation than would be obtained by converting the raw ASCII RFC-3339 profile ISO-8601 datetime to Base64. Dater supports datetimes as attached crypto material in replay of events for the datetime of when the event was first seen. The datetime textual representation is restricted to a specific 32 byte variant (profile) of ISO-8601 datetime with microseconds and UTC offset in HH:MM (See RFC-3339). Uses default initialization derivation code = MtrDex.DateTime. Raises error on init if code not MtrDex.DateTime

Examples: given RFC-3339 profiles of ISO-8601 datetime strings:

‘2020-08-22T17:50:09.988921+00:00’ ‘2020-08-22T17:50:09.988921-01:00’

The fully encoded qualified Base64, .qb64 versions are respectively

‘1AAG2020-08-22T17c50c09d988921p00c00’ ‘1AAG2020-08-22T17c50c09d988921-01c00’

The qualified binary version, .qb2 is the Base64 decoding the qualified Base64, qb64, ‘1AAG2020-08-22T17c50c09d988921p00c00’

The raw binary of the fully encoded version is the Base64 decoding of the the datetime only portion, ‘2020-08-22T17c50c09d988921p00c00’

Use the properties to get the different representations .dts is ASCII RFC-3339 of ISO-8601 .qb64 is qualified Base64 encoding with derivation code proem and ‘:.+’

replaced with ‘cdp’

.qb2 is qualified binary decoding of the .qb64 .code is text CESR derivation code .raw is binary version of the converted datetime only portion of .qb64

Example uses: attached first seen couples with fn+dt

Attributes:

Inherited Properties: (See Matter)

.pad is int number of pad chars given raw .code is str derivation code to indicate cypher suite .raw is bytes crypto material only without code .index is int count of attached crypto material by context (receipts) .qb64 is str in Base64 fully qualified with derivation code + crypto mat .qb64b is bytes in Base64 fully qualified with derivation code + crypto mat .qb2 is bytes in binary with derivation code + crypto material .transferable is Boolean, True when transferable derivation code False otherwise

Properties:

.dts is the ISO-8601 datetime string

Hidden:

._pad is method to compute .pad property ._code is str value for .code property ._raw is bytes value for .raw property ._index is int value for .index property ._infil is method to compute fully qualified Base64 from .raw and .code ._exfil is method to extract .code and .raw from fully qualified Base64

Methods:

__init__(raw=None, qb64b=None, qb64=None, qb2=None, code='0A', dts=None, **kwa)

Inherited Parameters: (see Matter)

raw is bytes of unqualified crypto material usable for crypto operations qb64b is bytes of fully qualified crypto material qb64 is str or bytes of fully qualified crypto material qb2 is bytes of fully qualified crypto material code is str of derivation code index is int of count of attached receipts for CryCntDex codes

Parameters:

bytes (dts is the ISO-8601 datetime as str or)

property datetime

Property datetime: Returns datetime.datetime instance converted from .dts

property dts

date-time-stamp str Returns .qb64 translated to RFC-3339 profile of ISO 8601 datetime str

Type:

Property dts

property dtsb

date-time-stamp bytes Returns .qb64 translated to RFC-3339 profile of ISO 8601 datetime bytes

Type:

Property dtsb

class keri.core.coring.Decrypter(code='O', seed=None, **kwa)

Decrypter is Matter subclass with method to decrypt the plain text from a ciper text of a fully qualified (qb64) private key/seed where private key/seed is the plain text. Decrypter uses assymetric (public, private) key decryption of the cipher text using its .raw as the decrypting (private) key and its .code to indicate the cipher suite for the decryption operation.

For example .code == MtrDex.X25519 indicates that X25519 sealed box decyrption is used. The decryption key may be derived from an Ed25519 signing private key that is associated with a nontransferable or basic derivation self certifying identifier. This allows use of the self certifying identifier to track or manage the encryption/decryption key pair. And could be used to provide additional authentication operations for using the encryption/decryption key pair. Support for this is provided at init time with the sigkey parameter which allows deriving the decryption private key from the fully qualified sigkey (signing key).

See Matter for inherited attributes and properties:

Attributes:

Properties:

decrypt()

create cipher text

__init__(code='O', seed=None, **kwa)

Assign decrypting cipher suite function to ._decrypt

Parameters: See Matter for inheirted parameters

raw (bytes): private decryption key derived from seed (private signing key) qb64b (bytes): fully qualified private decryption key qb64 (str): fully qualified private decryption key code (str): derivation code for private decryption key seed (Union[bytes, str]): qb64b or qb64 of signing key seed used to

derive raw which is private decryption key

decrypt(ser=None, cipher=None, transferable=False)

Returns:

Salter or Signer instance derived from plain text decrypted from encrypted cipher text material given by ser or cipher. Plain text that is orignally encrypt should always be fully qualified (qb64b) so that derivaton code of plain text is preserved through encryption/decryption round trip.

Parameters:

• ser (Union[bytes,str]) – qb64b or qb64 serialization of cipher text

• cipher (Cipher) – optional Cipher instance when ser is None

• transferable (bool) – True means associated verfer of returned signer is transferable. False means non-transferable

class keri.core.coring.Dicter(raw=b'', pad=None, sad=None, label='i')

Dicter class is base class for objects that can be stored in a Suber

Dicter classes can be initialized by a dict and then expose bytes of JSON in the .raw property Subclasses can add semantically appropriate properties that extract / add specific keys to the underlying dict .pad

__init__(raw=b'', pad=None, sad=None, label='i')

Create Dicter from either pad dict or raw bytes

Parameters:

• raw (bytes) – raw JSON of dicter class

• pad (dict)

• label (str) – field name of the SAID field.

property pad

pad property getter

pretty(*, size=1024)

Returns str JSON of .ked with pretty formatting

ToDo: add default size limit on pretty when used for syslog UDP MCU like 1024 for ogler.logger

property raw

raw property getter

property rid

ID of dict data as str

class keri.core.coring.DigCodex(Blake3_256: str = 'E', Blake2b_256: str = 'F', Blake2s_256: str = 'G', SHA3_256: str = 'H', SHA2_256: str = 'I', Blake3_512: str = '0D', Blake2b_512: str = '0E', SHA3_512: str = '0F', SHA2_512: str = '0G')

DigCodex is codex all digest derivation codes. This is needed to ensure delegated inception using a self-addressing derivation i.e. digest derivation code. Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.Diger(raw=None, ser=None, code='E', **kwa)

Diger is Matter subclass with method to verify digest of serialization

See Matter for inherited attributes and properties:

verify()

verifies digest given ser

compare()

compares provide digest given ser to this digest of ser. enables digest agility of different digest algos to compare.

__init__(raw=None, ser=None, code='E', **kwa)

Assign digest verification function to ._verify

See Matter for inherited parameters

Inherited Parameters:

raw is bytes of unqualified crypto material usable for crypto operations qb64b is bytes of fully qualified crypto material qb64 is str or bytes of fully qualified crypto material qb2 is bytes of fully qualified crypto material code is str of derivation code index is int of count of attached receipts for CryCntDex codes

Parameters:

raw (ser is bytes serialization from which raw is computed if not)

compare(ser, dig=None, diger=None)

Returns True if dig and .qb64 or .qb64b match or

if both .raw and dig are valid digests of ser Otherwise returns False

Parameters:

• serialization (ser is bytes)

• self (diger is Diger instance of digest of ser to compare with)

• self

• precedence (if both supplied dig takes)

If both match then as optimization returns True and does not verify either

as digest of ser

Else If both have same code but do not match then as optimization returns False

and does not verify if either is digest of ser

Else recalcs both digests using each one’s code to verify they

they are both digests of ser regardless of matching codes.

verify(ser)

Returns True if raw digest of ser bytes (serialization) matches .raw using .raw as reference digest for ._verify digest algorithm determined by .code

Parameters:

ser (bytes) – serialization to be digested and compared to .ser

class keri.core.coring.Digestage(klas, size, length)

klas

Alias for field number 0

length

Alias for field number 2

size

Alias for field number 1

class keri.core.coring.Encrypter(raw=None, code='C', verkey=None, **kwa)

Encrypter is Matter subclass with method to create a cipher text of a fully qualified (qb64) private key/seed where private key/seed is the plain text. Encrypter uses assymetric (public, private) key encryption of a serialization (plain text). Using its .raw as the encrypting (public) key and its .code to indicate the cipher suite for the encryption operation.

For example .code == MtrDex.X25519 indicates that X25519 sealed box encyrption is used. The encryption key may be derived from an Ed25519 signing public key that associated with a nontransferable or basic derivation self certifying identifier. This allows use of the self certifying identifier to track or manage the encryption/decryption key pair. And could be used to provide additional authentication operations for using the encryption/decryption key pair. Support for this is provided at init time with the verkey parameter which allows deriving the encryption public key from the fully qualified verkey (signature verification key).

See Matter for inherited attributes and properties:

encrypt()

returns cipher text

__init__(raw=None, code='C', verkey=None, **kwa)

Assign encrypting cipher suite function to ._encrypt

Parameters: See Matter for inherted parameters such as qb64, qb64b

raw (bytes): public encryption key qb64b (bytes): fully qualified public encryption key qb64 (str): fully qualified public encryption key code (str): derivation code for public encryption key verkey (Union[bytes, str]): qb64b or qb64 of verkey used to derive raw

encrypt(ser=None, matter=None)

Returns:

Cipher instance of cipher text encryption of plain text serialization provided by either ser or Matter instance when provided.

Parameters:

• ser (Union[bytes,str]) – qb64b or qb64 serialization of plain text

• matter (Matter) – plain text as Matter instance of seed or salt to be encrypted

verifySeed(seed)

Returns:

True means private signing key seed corresponds to public

signing key verkey used to derive encrypter’s .raw public encryption key.

Return type:

Boolean

Parameters:

seed (Union(bytes,str)) – qb64b or qb64 serialization of private signing key seed

class keri.core.coring.IndexedBothSigCodex(Ed25519_Sig: str = 'A', ECDSA_256k1_Sig: str = 'C', ECDSA_256r1_Sig: str = 'E', Ed448_Sig: str = '0A', Ed25519_Big_Sig: str = '2A', ECDSA_256k1_Big_Sig: str = '2C', ECDSA_256r1_Big_Sig: str = '2E', Ed448_Big_Sig: str = '3A')

IndexedBothSigCodex is codex indexed signature codes for both lists.

Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.IndexedCurrentSigCodex(Ed25519_Crt_Sig: str = 'B', ECDSA_256k1_Crt_Sig: str = 'D', ECDSA_256r1_Crt_Sig: str = 'F', Ed448_Crt_Sig: str = '0B', Ed25519_Big_Crt_Sig: str = '2B', ECDSA_256k1_Big_Crt_Sig: str = '2D', ECDSA_256r1_Big_Crt_Sig: str = '2F', Ed448_Big_Crt_Sig: str = '3B')

IndexedCurrentSigCodex is codex indexed signature codes for current list.

Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.IndexedSigCodex(Ed25519_Sig: str = 'A', Ed25519_Crt_Sig: str = 'B', ECDSA_256k1_Sig: str = 'C', ECDSA_256k1_Crt_Sig: str = 'D', ECDSA_256r1_Sig: str = 'E', ECDSA_256r1_Crt_Sig: str = 'F', Ed448_Sig: str = '0A', Ed448_Crt_Sig: str = '0B', Ed25519_Big_Sig: str = '2A', Ed25519_Big_Crt_Sig: str = '2B', ECDSA_256k1_Big_Sig: str = '2C', ECDSA_256k1_Big_Crt_Sig: str = '2D', ECDSA_256r1_Big_Sig: str = '2E', ECDSA_256r1_Big_Crt_Sig: str = '2F', Ed448_Big_Sig: str = '3A', Ed448_Big_Crt_Sig: str = '3B')

IndexedSigCodex is codex all indexed signature derivation codes.

Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.Indexer(raw=None, code='A', index=0, ondex=None, qb64b=None, qb64=None, qb2=None, strip=False)

Indexer is fully qualified cryptographic material primitive base class for indexed primitives. In special cases some codes in the Index code table may be of variable length (i.e. not indexed) when the full size table entry is None. In that case the index is used instread as the length.

Sub classes are derivation code and key event element context specific.

Includes the following attributes and properties:

Attributes:

Properties:

code is str of stable (hard) part of derivation code raw (bytes): unqualified crypto material usable for crypto operations index (int): main index offset into list or length of material ondex (int | None): other index offset into list or length of material qb64b (bytes): fully qualified Base64 crypto material qb64 (str | bytes): fully qualified Base64 crypto material qb2 (bytes): fully qualified binary crypto material

Hidden:

._code (str): value for .code property ._raw (bytes): value for .raw property ._index (int): value for .index property ._ondex (int): value for .ondex property ._infil is method to compute fully qualified Base64 from .raw and .code ._binfil is method to compute fully qualified Base2 from .raw and .code ._exfil is method to extract .code and .raw from fully qualified Base64 ._bexfil is method to extract .code and .raw from fully qualified Base2

__init__(raw=None, code='A', index=0, ondex=None, qb64b=None, qb64=None, qb2=None, strip=False)

Validate as fully qualified :param raw: unqualified crypto material usable for crypto operations :type raw: bytes :param code is str of stable: :type code is str of stable: hard :param index: main index offset into list or length of material :type index: int :param ondex: other index offset into list or length of material :type ondex: int | None :param qb64b: fully qualified Base64 crypto material :type qb64b: bytes :param qb64: fully qualified Base64 crypto material :type qb64: str | bytes :param qb2: fully qualified binary crypto material :type qb2: bytes :param strip: True means strip counter contents from input stream

bytearray after parsing qb64b or qb2. False means do not strip

Needs either (raw and code and index) or qb64b or qb64 or qb2 Otherwise raises EmptyMaterialError When raw and code provided then validate that code is correct for length of raw and assign .raw Else when qb64b or qb64 or qb2 provided extract and assign .raw, .code, .index, .ondex.

property code

Returns ._code Makes .code read only

property index

Returns ._index Makes .index read only

property ondex

Returns ._ondex Makes .ondex read only

property qb2

Property qb2: Returns Fully Qualified Binary Version Bytes

property qb64

Property qb64: Returns Fully Qualified Base64 Version Assumes self.raw and self.code are correctly populated

property qb64b

Property qb64b: Returns Fully Qualified Base64 Version encoded as bytes Assumes self.raw and self.code are correctly populated

property raw

Returns ._raw Makes .raw read only

class keri.core.coring.IndexerCodex(Ed25519_Sig: str = 'A', Ed25519_Crt_Sig: str = 'B', ECDSA_256k1_Sig: str = 'C', ECDSA_256k1_Crt_Sig: str = 'D', ECDSA_256r1_Sig: str = 'E', ECDSA_256r1_Crt_Sig: str = 'F', Ed448_Sig: str = '0A', Ed448_Crt_Sig: str = '0B', Ed25519_Big_Sig: str = '2A', Ed25519_Big_Crt_Sig: str = '2B', ECDSA_256k1_Big_Sig: str = '2C', ECDSA_256k1_Big_Crt_Sig: str = '2D', ECDSA_256r1_Big_Sig: str = '2E', ECDSA_256r1_Big_Crt_Sig: str = '2F', Ed448_Big_Sig: str = '3A', Ed448_Big_Crt_Sig: str = '3B', TBD0: str = '0z', TBD1: str = '1z', TBD4: str = '4z')

IndexerCodex is codex hard (stable) part of all indexer derivation codes.

Codes indicate which list of keys, current and/or prior next, index is for:

_Sig: Indices in code may appear in both current signing and

prior next key lists when event has both current and prior next key lists. Two character code table has only one index so must be the same for both lists. Other index if for prior next. The indices may be different in those code tables which have two sets of indices.

_Crt_Sig: Index in code for current signing key list only.

_Big_: Big index values

Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.LargeVarRawSizeCodex(Lead0_Big: str = '7', Lead1_Big: str = '8', Lead2_Big: str = '9')

LargeVarRawSizeCodex is codex all selector characters for the three large variable raw size tables that act as one table but with different leader byte sizes.

Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.Matter(raw=None, code='B', rize=None, qb64b=None, qb64=None, qb2=None, strip=False)

Matter is fully qualified cryptographic material primitive base class for non-indexed primitives.

Sub classes are derivation code and key event element context specific.

Includes the following attributes and properties:

Attributes:

Properties:

code (str): hard part of derivation code to indicate cypher suite both (int): hard and soft parts of full text code size (int): Number of triplets of bytes including lead bytes

(quadlets of chars) of variable sized material. Value of soft size, ss, part of full text code. Otherwise None.

rize (int): number of bytes of raw material not including

lead bytes

raw (bytes): crypto material only without code qb64 (str): Base64 fully qualified with derivation code + crypto mat qb64b (bytes): Base64 fully qualified with derivation code + crypto mat qb2 (bytes): binary with derivation code + crypto material transferable (bool): True means transferable derivation code False otherwise digestive (bool): True means digest derivation code False otherwise prefixive (bool): True means identifier prefix derivation code False otherwise

Hidden:

_code (str): value for .code property _raw (bytes): value for .raw property _rsize (bytes): value for .rsize property. Raw size in bytes when

variable sized material else None.

_size (int): value for .size property. Number of triplets of bytes

including lead bytes (quadlets of chars) of variable sized material else None.

_infil (types.MethodType): creates qb64b from .raw and .code

(fully qualified Base64)

_exfil (types.MethodType): extracts .code and .raw from qb64b

(fully qualified Base64)

__init__(raw=None, code='B', rize=None, qb64b=None, qb64=None, qb2=None, strip=False)

Validate as fully qualified :param raw: unqualified crypto material usable for crypto operations :type raw: bytes :param code: stable (hard) part of derivation code :type code: str :param rize: raw size in bytes when variable sized material else None :type rize: int :param qb64b: fully qualified crypto material Base64 :type qb64b: bytes :param qb64: fully qualified crypto material Base64 :type qb64: str, bytes :param qb2: fully qualified crypto material Base2 :type qb2: bytes :param strip: True means strip (delete) matter from input stream

bytearray after parsing qb64b or qb2. False means do not strip

Needs either (raw and code and optionally size and rsize)

or qb64b or qb64 or qb2

Otherwise raises EmptyMaterialError When raw and code and optional size and rsize provided

then validate that code is correct for length of raw, size, rsize and assign .raw

Else when qb64b or qb64 or qb2 provided extract and assign

.raw and .code and .size and .rsize

property both

Returns both hard and soft parts of full text code

property code

Returns ._code which is the hard part only of full text code. Some codes only have a hard part. Soft part is for variable sized matter. Makes .code read only

property digestive

Property digestable: Returns True if identifier has digest derivation code,

False otherwise

property fullSize

Returns full size of matter in bytes Fixed size codes returns fs from .Sizes Variable size codes where fs==None computes fs from .size and sizes

property prefixive

Property prefixive: Returns True if identifier has prefix derivation code,

False otherwise

property qb2

Property qb2: Returns Fully Qualified Binary Version Bytes

property qb64

Property qb64: Returns Fully Qualified Base64 Version Assumes self.raw and self.code are correctly populated

property qb64b

Property qb64b: Returns Fully Qualified Base64 Version encoded as bytes Assumes self.raw and self.code are correctly populated

property raw

Returns ._raw Makes .raw read only

property size

Returns ._size int or None if not variable sized matter Makes .size read only

Number of triplets of bytes including lead bytes (quadlets of chars) of variable sized material. Value of soft size, ss, part of full text code.

property transferable

Property transferable: Returns True if identifier does not have non-transferable derivation code,

False otherwise

class keri.core.coring.MatterCodex(Ed25519_Seed: str = 'A', Ed25519N: str = 'B', X25519: str = 'C', Ed25519: str = 'D', Blake3_256: str = 'E', Blake2b_256: str = 'F', Blake2s_256: str = 'G', SHA3_256: str = 'H', SHA2_256: str = 'I', ECDSA_256k1_Seed: str = 'J', Ed448_Seed: str = 'K', X448: str = 'L', Short: str = 'M', Big: str = 'N', X25519_Private: str = 'O', X25519_Cipher_Seed: str = 'P', ECDSA_256r1_Seed: str = 'Q', Tall: str = 'R', Large: str = 'S', Great: str = 'T', Vast: str = 'U', Label1: str = 'V', Label2: str = 'W', Tag3: str = 'X', Tag7: str = 'Y', Salt_128: str = '0A', Ed25519_Sig: str = '0B', ECDSA_256k1_Sig: str = '0C', Blake3_512: str = '0D', Blake2b_512: str = '0E', SHA3_512: str = '0F', SHA2_512: str = '0G', Long: str = '0H', ECDSA_256r1_Sig: str = '0I', Tag1: str = '0J', Tag2: str = '0K', Tag5: str = '0L', Tag6: str = '0M', ECDSA_256k1N: str = '1AAA', ECDSA_256k1: str = '1AAB', Ed448N: str = '1AAC', Ed448: str = '1AAD', Ed448_Sig: str = '1AAE', Tag4: str = '1AAF', DateTime: str = '1AAG', X25519_Cipher_Salt: str = '1AAH', ECDSA_256r1N: str = '1AAI', ECDSA_256r1: str = '1AAJ', Null: str = '1AAK', Yes: str = '1AAL', No: str = '1AAM', TBD1: str = '2AAA', TBD2: str = '3AAA', StrB64_L0: str = '4A', StrB64_L1: str = '5A', StrB64_L2: str = '6A', StrB64_Big_L0: str = '7AAA', StrB64_Big_L1: str = '8AAA', StrB64_Big_L2: str = '9AAA', Bytes_L0: str = '4B', Bytes_L1: str = '5B', Bytes_L2: str = '6B', Bytes_Big_L0: str = '7AAB', Bytes_Big_L1: str = '8AAB', Bytes_Big_L2: str = '9AAB', X25519_Cipher_L0: str = '4C', X25519_Cipher_L1: str = '5C', X25519_Cipher_L2: str = '6C', X25519_Cipher_Big_L0: str = '7AAC', X25519_Cipher_Big_L1: str = '8AAC', X25519_Cipher_Big_L2: str = '9AAC', X25519_Cipher_QB64_L0: str = '4D', X25519_Cipher_QB64_L1: str = '5D', X25519_Cipher_QB64_L2: str = '6D', X25519_Cipher_QB64_Big_L0: str = '7AAD', X25519_Cipher_QB64_Big_L1: str = '8AAD', X25519_Cipher_QB64_Big_L2: str = '9AAD', X25519_Cipher_QB2_L0: str = '4D', X25519_Cipher_QB2_L1: str = '5D', X25519_Cipher_QB2_L2: str = '6D', X25519_Cipher_QB2_Big_L0: str = '7AAD', X25519_Cipher_QB2_Big_L1: str = '8AAD', X25519_Cipher_QB2_Big_L2: str = '9AAD')

MatterCodex is codex code (stable) part of all matter derivation codes. Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.NonTransCodex(Ed25519N: str = 'B', ECDSA_256k1N: str = '1AAA', Ed448N: str = '1AAC', ECDSA_256r1N: str = '1AAI')

NonTransCodex is codex all non-transferable derivation codes Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.NumCodex(Short: str = 'M', Long: str = '0H', Big: str = 'N', Huge: str = '0A')

NumCodex is codex of Base64 derivation codes for compactly representing numbers across a wide rage of sizes.

Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.Number(raw=None, qb64b=None, qb64=None, qb2=None, code='M', num=None, numh=None, **kwa)

Number is subclass of Matter, cryptographic material, for ordinal counting whole numbers (non-negative integers) up to a maximum size of 16 bytes, 256 ** 16 - 1. Examples uses are sequence numbers or first seen ordering numbers or thresholds. Seqner provides fully qualified format for ordinals (sequence numbers etc) when provided as attached cryptographic material elements.

Useful when parsing attached receipt groupings with sn from stream or database

Uses default initialization code = CryTwoDex.Salt_128 Raises error on init if code not CryTwoDex.Salt_128

Attributes:

Inherited Properties: (See Matter)

code (str): hard part of derivation code to indicate cypher suite both (int): hard and soft parts of full text code size (int): Number of triplets of bytes including lead bytes

(quadlets of chars) of variable sized material. Value of soft size, ss, part of full text code. Otherwise None.

rize (int): number of bytes of raw material not including lead bytes raw (bytes): crypto material only without code qb64 (str): Base64 fully qualified with derivation code + crypto mat qb64b (bytes): Base64 fully qualified with derivation code + crypto mat qb2 (bytes): binary with derivation code + crypto material transferable (bool): True means transferable derivation code False otherwise digestive (bool): True means digest derivation code False otherwise

Properties:

num (int): int representation of number humh (str): hex string representation of number with no leading zeros positive (bool): True if .num > 0, False otherwise. Because .num must be

non-negative, .positive == False means .num == 0

Hidden:

_code (str): value for .code property _raw (bytes): value for .raw property _rsize (bytes): value for .rsize property. Raw size in bytes when

variable sized material else None.

_size (int): value for .size property. Number of triplets of bytes

including lead bytes (quadlets of chars) of variable sized material else None.

_infil (types.MethodType): creates qb64b from .raw and .code

(fully qualified Base64)

_exfil (types.MethodType): extracts .code and .raw from qb64b

(fully qualified Base64)

Methods:

__init__(raw=None, qb64b=None, qb64=None, qb2=None, code='M', num=None, numh=None, **kwa)

Inherited Parameters: (see Matter)

raw (bytes): unqualified crypto material usable for crypto operations code (str): stable (hard) part of derivation code rize (int): raw size in bytes when variable sized material else None qb64b (bytes): fully qualified crypto material Base64 qb64 (str, bytes): fully qualified crypto material Base64 qb2 (bytes): fully qualified crypto material Base2 strip (bool): True means strip (delete) matter from input stream bytearray after parsing qb64b or qb2. False means do not strip

Parameters:

• num (int | str | None) – non-negative int number or hex str of int number or 0 if None

• numh (str) – string equivalent of non-negative int number

Note: int(“0xab”, 16) is also valid since int recognizes 0x hex prefix

property inceptive

Returns True if .num == 0 False otherwise. Because valid number .num must be non-negative, positive False means that .num is zero.

property num

number as int Returns .raw converted to int

Type:

Property num

property numh

number as hex string no leading zeros Returns .num int converted to hex str

Type:

Property numh

property positive

Returns True if .num is strictly positive non-zero False otherwise. Because valid number .num must be non-negative, positive False also means that .num is zero.

property sn

Sequence number, sn property getter to mimic Seqner interface :returns: alias for num :rtype: sn (int)

property snh

Sequence number hex str, snh property getter to mimic Seqner interface :returns: alias for numh :rtype: snh (hex str)

class keri.core.coring.Pather(raw=None, qb64b=None, qb64=None, qb2=None, bext=None, code='4A', path=None, **kwa)

Pather is a subclass of Bexter that provides SAD Path language specific functionality for variable length strings that only contain Base64 URL safe characters. Pather allows the specification of SAD Paths as a list of field components which will be converted to the Base64 URL safe character representation.

Additionally, Pather provides .rawify for extracting and serializing the content targeted by .path for a SAD, represented as an instance of Serder. Pather enforces Base64 URL character safety by leveraging the fact that SADs must have static field ordering. Any field label can be replaced by its field ordinal to allow for path specification and traversal for any field labels that contain non-Base64 URL safe characters.

Examples: strings:

path = [] text = “-” qb64 = ‘6AABAAA-’

path = [“A”] text = “-A” qb64 = ‘5AABAA-A’

path = [“A”, “B”] text = “-A-B” qb64 = ‘4AAB-A-B’

path = [“A”, 1, “B”, 3] text = “-A-1-B-3” qb64 = ‘4AAC-A-1-B-3’

__init__(raw=None, qb64b=None, qb64=None, qb2=None, bext=None, code='4A', path=None, **kwa)

Inherited Parameters: (see Bexter)

raw is bytes of unqualified crypto material usable for crypto operations qb64b is bytes of fully qualified crypto material qb64 is str or bytes of fully qualified crypto material qb2 is bytes of fully qualified crypto material code is str of derivation code index is int of count of attached receipts for CryCntDex codes bext is the variable sized Base64 text string

Parameters:

path (list) – array of path field components

property path

Path property is an array of path elements

Path property is an array of path elements. Empty path represents the top level.

Returns:

array of field specs of the path

Return type:

list

resolve(sad)

Recurses thru value following ptr

Parameters:

sad (dict or list) – the next component

Returns:

Value at the end of the path

root(root)

Returns a new Pather anchored at new root

Returns a new Pather anchoring this path at the new root specified by root.

Parameters:

root (Pather) – the new root to apply to this path

Returns:

new path anchored at root

Return type:

Pather

startswith(path)

Returns True if path is the root of self

Parameters:

path (Pather) – the path to check against self

Returns:

True if path is the root of self

Return type:

bool

strip(root)

Returns a new Pather with root stipped off the front if it exists

Returns a new Pather with root stripped off the front

Parameters:

root (Pather) – the new root to apply to this path

Returns:

new path anchored at root

Return type:

Pather

tail(serder)

Recurses thru value following .path and returns terminal value

Finds the value at this path and applies the version string rules of the serder to serialize the value at ptr.

Parameters:

serder (Serder) – the versioned dict to in which to resolve .path

Returns:

Value at the end of the path

Return type:

bytes

class keri.core.coring.PreCodex(Ed25519N: str = 'B', Ed25519: str = 'D', Blake3_256: str = 'E', Blake2b_256: str = 'F', Blake2s_256: str = 'G', SHA3_256: str = 'H', SHA2_256: str = 'I', Blake3_512: str = '0D', Blake2b_512: str = '0E', SHA3_512: str = '0F', SHA2_512: str = '0G', ECDSA_256k1N: str = '1AAA', ECDSA_256k1: str = '1AAB', ECDSA_256r1N: str = '1AAI', ECDSA_256r1: str = '1AAJ')

PreCodex is codex all identifier prefix derivation codes. This is needed to verify valid inception events. Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.Prefixer(raw=None, code=None, ked=None, allows=None, **kwa)

Prefixer is Matter subclass for autonomic identifier prefix using derivation as determined by code from ked

Attributes:

Inherited Properties: (see Matter)

.pad is int number of pad chars given raw .code is str derivation code to indicate cypher suite .raw is bytes crypto material only without code .index is int count of attached crypto material by context (receipts) .qb64 is str in Base64 fully qualified with derivation code + crypto mat .qb64b is bytes in Base64 fully qualified with derivation code + crypto mat .qb2 is bytes in binary with derivation code + crypto material .transferable is Boolean, True when transferable derivation code False otherwise

Properties:

verify()

Verifies derivation of aid prefix from a ked

Hidden:

._pad is method to compute .pad property ._code is str value for .code property ._raw is bytes value for .raw property ._index is int value for .index property ._infil is method to compute fully qualified Base64 from .raw and .code ._exfil is method to extract .code and .raw from fully qualified Base64

__init__(raw=None, code=None, ked=None, allows=None, **kwa)

assign ._derive to derive aid prefix from ked assign ._verify to verify derivation of aid prefix from ked

Default code is None to force EmptyMaterialError when only raw provided but not code.

Inherited Parameters:

raw is bytes of unqualified crypto material usable for crypto operations qb64b is bytes of fully qualified crypto material qb64 is str or bytes of fully qualified crypto material qb2 is bytes of fully qualified crypto material code is str of derivation code index is int of count of attached receipts for CryCntDex codes

Parameters:

allows (list) – allowed codes for prefix. When None then all supported codes are allowed. This enables a particular use case to restrict the codes allowed to a subset of all supported.

derive(ked)

Returns tuple (raw, code) of aid prefix as derived from key event dict ked.

uses a derivation code specific _derive method

Parameters:

• dict (ked is inception key event)

• key/secret (seed is only used for sig derivation it is the secret)

verify(ked, prefixed=False)

Returns True if derivation from ked for .code matches .qb64 and

If prefixed also verifies ked[“i”] matches .qb64 False otherwise

Parameters:

dict (ked is inception key event)

class keri.core.coring.ProtocolGenusCodex(KERI: str = '--AAA', ACDC: str = '--AAA')

ProtocolGenusCodex is codex of protocol genera for code table.

Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.Sadder(raw=b'', ked=None, sad=None, kind=None, saidify=False, code='E')

Sadder is self addressed data (SAD) serializer-deserializer class

Instance creation of a Sadder does not verifiy it .said property it merely extracts it. In order to ensure Sadder instance has a verified .said then must call .saider.verify(sad=self.ked)

Has the following public properties:

Properties:

raw (bytes): of serialized event only ked (dict): self addressed data dict kind (str): serialization kind coring.Serials such as JSON, CBOR, MGPK, CESR size (int): number of bytes in serialization version (Versionage): protocol version (Major, Minor) proto (str): Protocolage value as protocol identifier such as KERI, ACDC label (str): Saidage value as said field label saider (Saider): of SAID of this SAD .ked[‘d’] if present said (str): SAID of .saider qb64 saidb (bytes): SAID of .saider qb64b pretty (str): Pretty JSON of this SAD

Hidden Attributes:

._raw is bytes of serialized event only ._ked is key event dict ._kind is serialization kind string value (see namedtuple coring.Serials)

supported kinds are ‘json’, ‘cbor’, ‘msgpack’, ‘binary’

._size is int of number of bytes in serialed event only ._version is Versionage instance of event version ._proto (str): Protocolage value as protocol type identifier ._saider (Saider): instance for this Sadder’s SAID

Note

loads and jumps of json use str whereas cbor and msgpack use bytes

__init__(raw=b'', ked=None, sad=None, kind=None, saidify=False, code='E')

Deserialize if raw provided does not verify assumes embedded said is valid Serialize if ked provided but not raw verifies if verify is True? When serializing if kind provided then use kind instead of field in ked

Parameters:

• raw (bytes) – serialized event

• None (kind is serialization kind string value or) – if None its deserialized from raw

• None – supported kinds are ‘json’, ‘cbor’, ‘msgpack’, ‘binary’ if kind is None then its extracted from ked or raw

• saidify (bool) – True means compute said for ked

• .saider (code is .diger default digest code for computing said)

compare(said=None)

Returns True if said and either .saider.qb64 or .saider.qb64b match via string equality ==

Convenience method to allow comparison of own .saider digest self.raw with some other purported said of self.raw

Parameters:

.said (said is qb64b or qb64 SAID of ser to compare with)

property ked

ked property getter

property kind

kind property getter

pretty(*, size=1024)

Returns str JSON of .ked with pretty formatting

ToDo: add default size limit on pretty when used for syslog UDP MCU like 1024 for ogler.logger

property proto

proto property getter protocol identifier type value of Protocolage such as ‘KERI’ or ‘ACDC’

Returns:

Protocolage value as protocol type

Return type:

(str)

property raw

raw property getter

property said

Returns str qb64 of .ked[“d”] (said when ked is SAD) said (self-addressing identifier) property getter

property saidb

Returns bytes qb64b of .ked[“d”] (said when ked is SAD) said (self-addressing identifier) property getter

property saider

Returns Diger of digest of self.raw diger (digest material) property getter

property size

size property getter

property version

version property getter

Return type:

(Versionage)

class keri.core.coring.Saidage(dollar, at, id_, i, d)

at

Alias for field number 1

d

Alias for field number 4

dollar

Alias for field number 0

i

Alias for field number 3

id_

Alias for field number 2

class keri.core.coring.Saider(raw=None, *, code=None, sad=None, kind=None, label='d', ignore=None, **kwa)

Saider is Matter subclass for self-addressing identifier prefix using derivation as determined by code from ked

Properties: (inherited)

code (str): derivation code to indicate cypher suite size (int): number of quadlets when variable sized material besides

full derivation code else None

raw (bytes): crypto material only without code qb64 (str): Base64 fully qualified with derivation code + crypto mat qb64b (bytes): Base64 fully qualified with derivation code + crypto mat qb2 (bytes): binary with derivation code + crypto material transferable (bool): True means transferable derivation code False otherwise digestive (bool): True means digest derivation code False otherwise

Hidden:

_code (str): value for .code property _size (int): value for .size property _raw (bytes): value for .raw property _infil (types.MethodType): creates qb64b from .raw and .code

(fully qualified Base64)

_exfil (types.MethodType): extracts .code and .raw from qb64b

(fully qualified Base64)

_derive (types.MethodType): derives said (.qb64 ) _verify (types.MethodType): verifies said ((.qb64 ) against a given sad

__init__(raw=None, *, code=None, sad=None, kind=None, label='d', ignore=None, **kwa)

See Matter.__init__ for inherited parameters

Parameters:

• sad (dict) – self addressed data to serialize and inject said

• kind (str) – serialization algorithm of sad, one of Serials used to override that given by ‘v’ field if any in sad otherwise default is Serials.json

• label (str) – Saidage value as said field label

• ignore (list) – fields to ignore when generating SAID

derive(sad, code=None, **kwa)

Returns:

(raw, sad) raw said as derived from serialized dict

and modified sad during derivation.

Return type:

result (tuple)

Parameters:

• sad (dict) – self addressed data to be serialized

• code (str) – digest type code from DigDex.

• kind (str) – serialization algorithm of sad, one of Serials used to override that given by ‘v’ field if any in sad otherwise default is Serials.json

• label (str) – Saidage value of said field labelin which to inject dummy

classmethod saidify(sad: dict, *, code: str = 'E', kind: str | None = None, label: str = 'd', ignore: list | None = None, **kwa)

Derives said from sad and injects it into copy of sad and said and injected sad

Returns:

of the form (saider, sad) where saider is Saider

instance generated from sad using code and sad is copy of parameter sad but with its label id field filled in with generated said from saider

Return type:

result (tuple)

Parameters:

• sad (dict) – serializable dict

• code (str) – digest type code from DigDex

• kind (str) – serialization algorithm of sad, one of Serials used to override that given by ‘v’ field if any in sad otherwise default is Serials.json

• label (str) – Saidage value as said field label in which to inject said

• ignore (list) – fields to ignore when generating SAID

verify(sad, *, prefixed=False, versioned=True, code=None, kind=None, label='d', ignore=None, **kwa)

Returns:

True means derivation from sad with dummy label

field value replacement for ._code matches .qb64. False otherwise If prefixed is True then also validates that label field of provided sad also matches .qb64. False otherwise If versioned is True and provided sad includes version field ‘v’ then also validates that version field ‘v’ of provided sad matches the version field of modified sad that results from the derivation process. The size chars in the version field are set to the size of the sad during derivation. False otherwise.

Return type:

result (bool)

Parameters:

• sad (dict) – self addressed data to be serialized

• prefixed (bool) – True means also verify if labeled field in sad matches own .qb64

• versioned (bool)

• code (str) – digest type code from DigDex.

• kind (str) – serialization algorithm of sad, one of Serials used to override that given by ‘v’ field if any in sad otherwise default is Serials.json

• label (str) – Saidage value of said field label in which to inject dummy

• ignore (list) – fields to ignore when generating SAID

class keri.core.coring.Salter(raw=None, code='0A', tier=None, **kwa)

Salter is Matter subclass to maintain random salt for secrets (private keys) Its .raw is random salt, .code as cipher suite for salt

.level is str security level code. Provides default level

Inherited Properties

.pad is int number of pad chars given raw .code is str derivation code to indicate cypher suite .raw is bytes crypto material only without code .index is int count of attached crypto material by context (receipts) .qb64 is str in Base64 fully qualified with derivation code + crypto mat .qb64b is bytes in Base64 fully qualified with derivation code + crypto mat .qb2 is bytes in binary with derivation code + crypto material .transferable is Boolean, True when transferable derivation code False otherwise

Properties:

Methods:

Hidden:

._pad is method to compute .pad property ._code is str value for .code property ._raw is bytes value for .raw property ._index is int value for .index property ._infil is method to compute fully qualified Base64 from .raw and .code ._exfil is method to extract .code and .raw from fully qualified Base64

__init__(raw=None, code='0A', tier=None, **kwa)

Initialize salter’s raw and code

Inherited Parameters:

raw is bytes of unqualified crypto material usable for crypto operations qb64b is bytes of fully qualified crypto material qb64 is str or bytes of fully qualified crypto material qb2 is bytes of fully qualified crypto material code is str of derivation code index is int of count of attached receipts for CryCntDex codes

Parameters:

signer(*, code='A', transferable=True, path='', tier=None, temp=False)

Returns Signer instance whose .raw secret is derived from path and salter’s .raw and stretched to size given by code. The signers public key for its .verfer is derived from code and transferable.

Parameters:

• suite (code is str code of secret crypto)

• Boolean (temp is)

• key (True means use transferace code for public)

• signer (path is str of unique chars used in derivation of secret seed for)

• level (tier is str Tierage security)

• Boolean – for testing only, Otherwise use more time to stretch

• salt (True means use quick method to stretch) – for testing only, Otherwise use more time to stretch

signers(count=1, start=0, path='', **kwa)

Returns list of count number of Signer instances with unique derivation path made from path prefix and suffix of start plus offset for each count value from 0 to count - 1.

See .signer for parameters used to create each signer.

stretch(*, size=32, path='', tier=None, temp=False)

Returns (bytes): raw binary seed (secret) derived from path and .raw and stretched to size given by code using argon2d stretching algorithm.

Parameters:

• size (int) – number of bytes in stretched seed

• path (str) – unique chars used in derivation of seed (secret)

• tier (str) – value from Tierage for security level of stretch

• Boolean (temp is) – for testing only, Otherwise use time set by tier to stretch

• salt (True means use quick method to stretch) – for testing only, Otherwise use time set by tier to stretch

class keri.core.coring.Seqner(raw=None, qb64b=None, qb64=None, qb2=None, code='0A', sn=None, snh=None, **kwa)

Seqner is subclass of Matter, cryptographic material, for ordinal numbers such as sequence numbers or first seen ordering numbers. Seqner provides fully qualified format for ordinals (sequence numbers etc) when provided as attached cryptographic material elements.

Useful when parsing attached receipt groupings with sn from stream or database

Uses default initialization code = CryTwoDex.Salt_128 Raises error on init if code not CryTwoDex.Salt_128

Attributes:

Inherited Properties: (See Matter)

.pad is int number of pad chars given raw .code is str derivation code to indicate cypher suite .raw is bytes crypto material only without code .index is int count of attached crypto material by context (receipts) .qb64 is str in Base64 fully qualified with derivation code + crypto mat .qb64b is bytes in Base64 fully qualified with derivation code + crypto mat .qb2 is bytes in binary with derivation code + crypto material .transferable is Boolean, True when transferable derivation code False otherwise

Properties:

.sn is int sequence number .snh is hex string representation of sequence number no leading zeros

Hidden:

._pad is method to compute .pad property ._code is str value for .code property ._raw is bytes value for .raw property ._index is int value for .index property ._infil is method to compute fully qualified Base64 from .raw and .code ._exfil is method to extract .code and .raw from fully qualified Base64

Methods:

__init__(raw=None, qb64b=None, qb64=None, qb2=None, code='0A', sn=None, snh=None, **kwa)

Inherited Parameters: (see Matter)

raw is bytes of unqualified crypto material usable for crypto operations qb64b is bytes of fully qualified crypto material qb64 is str or bytes of fully qualified crypto material qb2 is bytes of fully qualified crypto material code is str of derivation code index is int of count of attached receipts for CryCntDex codes

Parameters:

• number (snh is hex string of sequence)

• number

property sn

sequence number as int Returns .raw converted to int

Type:

Property sn

property snh

sequence number as hex Returns .sn int converted to hex str

Type:

Property snh

class keri.core.coring.Siger(verfer=None, **kwa)

Siger is subclass of Indexer, indexed signature material,

Adds .verfer property which is instance of Verfer that provides

associated signature verifier.

See Indexer for inherited attributes and properties:

Attributes:

Properties:

verfer (Verfer): instance if any provides public verification key

Methods:

Hidden:

_verfer (Verfer): value for .verfer property

__init__(verfer=None, **kwa)

Initialze instance

Parameters: See Matter for inherted parameters

verfer (Verfer): instance if any provides public verification key

property verfer

Property verfer: Returns Verfer instance Assumes ._verfer is correctly assigned

class keri.core.coring.Signer(raw=None, code='A', transferable=True, **kwa)

Signer is Matter subclass with method to create signature of serialization using:

.raw as signing (private) key seed, .code as cipher suite for signing .verfer whose property .raw is public key for signing.

If not provided .verfer is generated from private key seed using .code as cipher suite for creating key-pair.

See Matter for inherited attributes and properties:

Attributes:

Properties: (inherited)

code (str): hard part of derivation code to indicate cypher suite both (int): hard and soft parts of full text code size (int): Number of triplets of bytes including lead bytes

(quadlets of chars) of variable sized material. Value of soft size, ss, part of full text code. Otherwise None.

rize (int): number of bytes of raw material not including

lead bytes

raw (bytes): private signing key crypto material only without code qb64 (str): private signing key Base64 fully qualified with

derivation code + crypto mat

qb64b (bytes): private signing keyBase64 fully qualified with

derivation code + crypto mat

qb2 (bytes): private signing key binary with

derivation code + crypto material

transferable (bool): True means transferable derivation code False otherwise digestive (bool): True means digest derivation code False otherwise

Properties:

.verfer is Verfer object instance of public key derived from private key

seed which is .raw

sign()

create signature

__init__(raw=None, code='A', transferable=True, **kwa)

Assign signing cipher suite function to ._sign

Parameters: See Matter for inherted parameters

raw is bytes crypto material seed or private key code is derivation code transferable is Boolean True means make verifier code transferable

False make non-transferable

sign(ser, index=None, only=False, ondex=None, **kwa)

Returns either Cigar or Siger (indexed) instance of cryptographic signature material on bytes serialization ser

If index is None

return Cigar instance

Else

return Siger instance

Parameters:

• ser (bytes) – serialization to be signed

• index (int) – main index of associated verifier key in event keys

• only (bool) – True means main index only list, ondex ignored False means both index lists (default), ondex used

• ondex (int | None) – other index offset into list such as prior next

property verfer

Property verfer: Returns Verfer instance Assumes ._verfer is correctly assigned

class keri.core.coring.Sizage(hs, ss, fs, ls)

fs

Alias for field number 2

hs

Alias for field number 0

ls

Alias for field number 3

ss

Alias for field number 1

class keri.core.coring.SmallVarRawSizeCodex(Lead0: str = '4', Lead1: str = '5', Lead2: str = '6')

SmallVarRawSizeCodex is codex all selector characters for the three small variable raw size tables that act as one table but with different leader byte sizes.

Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.TextCodex(Bytes_L0: str = '4B', Bytes_L1: str = '5B', Bytes_L2: str = '6B', Bytes_Big_L0: str = '7AAB', Bytes_Big_L1: str = '8AAB', Bytes_Big_L2: str = '9AAB')

TextCodex is codex of all variable sized byte string (Text) derivation codes. Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

class keri.core.coring.Tholder(*, thold=None, limen=None, sith=None, **kwa)

Tholder is KERI Signing Threshold Satisfaction class .satisfy method evaluates satisfaction based on ordered list of indices of verified signatures where indices correspond to offsets in key list of associated signatures.

Has the following public properties:

Properties:

.weighted is Boolean True if fractional weighted threshold False if numeric .size is int of minimum size of keys list

when weighted is size of keys list when unweighted is size of int thold since don’t have anyway

to know size of keys list in this case

.limen is qualified b64 signing threshold suitable for CESR serialization.

either Number.qb64b or Bexter.qb64b. The b64 portion of limen with code stripped (Bexter.bext) of

[[“1/2”, “1/2”, “1/4”, “1/4”, “1/4”], [“1”, “1”]] is ‘1s2c1s2c1s4c1s4c1s4a1c1’ basically slash is ‘s’, comma is ‘c’, and ANDed clauses are delimited by ‘a’.

.sith is original signing threshold suitable for value to be serialized

as json, cbor, mgpk in key event message as either:

non-negative hex number str or list of str rational number fractions >= 0 and <= 1 or list of list of str rational number fractions >= 0 and <= 1

.thold is parsed signing threshold suitable for calculating satisfaction.

either as int or list of Fractions

.num is int signing threshold when not ._weighted

.satisfy returns bool, True means ilist of verified signature key indices satisfies

threshold, False otherwise.

Static Methods:

weight (str): converts weight str expression into either int or Fraction

else raises ValueError must satisfy 0 <= w <= 1 Ensures strict proper rational number fraction of ints or 0 or 1

Hidden:

._weighted is Boolean, True if fractional weighted threshold False if numeric ._size is int minimum size of of keys list ._sith is signing threshold for .sith property ._thold is signing threshold for .thold propery ._bexter is Bexter instance of weighted signing threshold or None ._number is Number instance of integer threshold or None ._satisfy is method reference of threshold specified verification method ._satisfy_numeric is numeric threshold verification method ._satisfy_weighted is fractional weighted threshold verification method

__init__(*, thold=None, limen=None, sith=None, **kwa)

Accepts signing threshold in various forms so that may output correct forms for serialization and/or calculation of satisfaction.

Parameters:

• threshold (thold is signing) –

  non-negative int of threshold number (M-of-N threshold)

  next threshold may be zero

  non-negative hex string of threshold number (M-of-N threshold)

  next threshold may be zero

  fractional weight clauses which may be expressed as either:

  an iterable of rational number fraction strings >= 0 and <= 1 an iterable of iterables of rational number fraction strings >= 0 and <= 1

  JSON serialized str of either:

  list of rational number fraction strings >= 0 and <= 1 or list of list of rational number fraction strings >= 0 and <= 1

• threshold –

  Number.qb64 or .qb64b of integer threshold or Bexter.qb64 or .qb64b of fractional weight clauses which may be either:

  Base64 delimited clauses of fractions Base64 delimited clauses of fractions

• threshold –

  the satisfaction of a threshold and is expressed as either:

  int of threshold number (M of N) fractional weight clauses which may be expressed as either:

  an iterable of Fractions or an iterable of iterables of Fractions.

The sith representation is meant to parse threhold expressions from

deserializations of JSON, CBOR, or MGPK key event message fields or the command line or configuration files.

The limen representation is meant to parse threshold expressions from

CESR serializations of key event message fields or attachments.

The thold representation is meant to accept thresholds from computable

expressions for satisfaction of a threshold

property json

Returns json serialization of sith expression

Essentially JSON list of lists of strings

property limen

limen property getter

property num

sith property getter

satisfy(indices)

Returns True if indices list of verified signature key indices satisfies threshold, False otherwise.

Parameters:

indices (indices is list of non-negative) – of verified signatures. the indices may be in any order, they are normalized herein

property sith

sith property getter

property size

size property getter

property thold

thold property getter

static weight(w: str) → Fraction

Returns valid weight from w else raises error (ValueError or TypeError). w expression must evaluate to 0, 1, or strict proper rational fraction. w expression must be 0 <= w <= 1 Else raises ValueError w must not be float else raises TypeError When not int w must be ratio of integers n/d else raise ValueError.

Parameters:

w (str) – threshold weight expression

property weighted

weighted property getter

class keri.core.coring.Tierage(low, med, high)

high

Alias for field number 2

low

Alias for field number 0

med

Alias for field number 1

class keri.core.coring.Verfer(**kwa)

Verfer is Matter subclass with method to verify signature of serialization using the .raw as verifier key and .code for signature cipher suite.

See Matter for inherited attributes and properties:

Attributes:

Properties:

verify()

verifies signature

__init__(**kwa)

Assign verification cipher suite function to ._verify

verify(sig, ser)

Returns True if bytes signature sig verifies on bytes serialization ser using .raw as verifier public key for ._verify cipher suite determined by .code

Parameters:

• signature (sig is bytes)

• serialization (ser is bytes)

class keri.core.coring.Xizage(hs, ss, os, fs, ls)

fs

Alias for field number 3

hs

Alias for field number 0

ls

Alias for field number 4

os

Alias for field number 2

ss

Alias for field number 1

keri.core.coring.b64ToInt(s)

Returns conversion of Base64 str s or bytes to int

keri.core.coring.codeB2ToB64(b, l)

Returns conversion (encode) of l Base2 sextets from front of b to Base64 chars. One char for each of l sextets from front (left) of b. This is useful for encoding as code characters, sextets from the front of a Base2 bytes (byte string). Must provide l because of ambiguity between l=3 and l=4. Both require 3 bytes in b.

keri.core.coring.codeB64ToB2(s)

Returns conversion (decode) of Base64 chars to Base2 bytes. Where the number of total bytes returned is equal to the minimun number of octets sufficient to hold the total converted concatenated sextets from s, with one sextet per each Base64 decoded char of s. Assumes no pad chars in s. Sextets are left aligned with pad bits in last (rightmost) byte. This is useful for decoding as bytes, code characters from the front of a Base64 encoded string of characters.

keri.core.coring.dumps(ked, kind='JSON')

utility function to handle serialization by kind

Returns:

serialized version of ked dict

Return type:

raw (bytes)

Parameters:

• ked (Optional(dict, list)) – key event dict or message dict to serialize

• kind (str) – serialization kind (JSON, MGPK, CBOR)

keri.core.coring.generatePrivates(salt=None, count=8)

Returns list of fully qualified Base64 secret Ed25519 seeds i.e private keys

Parameters:

• Signers (salt is bytes 16 byte long root cryptomatter from which seeds for) – in list are derived random salt created if not provided

• list (count is number of signers in)

keri.core.coring.generatePublics(salt=None, count=8, transferable=True)

Returns list of fully qualified Base64 secret seeds for Ed25519 private keys

Parameters:

• Signers (salt is bytes 16 byte long root cryptomatter from which seeds for) – in list are derived random salt created if not provided

• list (count is number of signers in)

keri.core.coring.generateSigners(salt=None, count=8, transferable=True)

Returns list of Signers for Ed25519

Parameters:

• Signers (salt is bytes 16 byte long root cryptomatter from which seeds for) – in list are derived random salt created if not provided

• list (count is number of signers in)

• transferable (transferable is boolean true means signer.verfer code is) – non-transferable otherwise

keri.core.coring.intToB64(i, l=1)

Returns conversion of int i to Base64 str l is min number of b64 digits left padded with Base64 0 == “A” char

keri.core.coring.intToB64b(i, l=1)

Returns conversion of int i to Base64 bytes l is min number of b64 digits left padded with Base64 0 == “A” char

keri.core.coring.loads(raw, size=None, kind='JSON')

utility function to handle deserialization by kind

Returns:

deserialized

Return type:

ked (dict)

Parameters:

• raw (Union[bytes,bytearray]) – raw serialization to deserialze as dict

• size (int) – number of bytes to consume for the deserialization. If None then consume all bytes

• kind (str) – serialization kind (JSON, MGPK, CBOR)

keri.core.coring.nabSextets(b, l)

Return first l sextets from front (left) of b as bytes (byte string). Length of bytes returned is minimum sufficient to hold all l sextets. Last byte returned is right bit padded with zeros b is bytes or str

keri.core.coring.randomNonce()

Generate a random ed25519 seed and encode as qb64

Returns:

qb64 encoded ed25519 random seed

Return type:

str

keri.core.coring.sizeify(ked, kind=None, version=(1, 0))

Compute serialized size of ked and update version field Returns tuple of associated values extracted and or changed by sizeify

Returns tuple of (raw, proto, kind, ked, version) where:

raw (str): serialized event as bytes of kind proto (str): protocol type as value of Protocolage kind (str): serialzation kind as value of Serialage ked (dict): key event dict version (Versionage): instance

Parameters:

• ked (dict) – key event dict

• kind (str) – value of Serials is serialization type if not provided use that given in ked[“v”]

• version (Versionage) – instance supported protocol version for message

Assumes only supports Version

keri.core.coring.sniff(raw)

Returns serialization kind, version and size from serialized event raw by investigating leading bytes that contain version string

Parameters:

event (raw is bytes of serialized)

keri.core.eventing

keri.core.eventing module

class keri.core.eventing.ColdCodex(Free: int = 0, CtB64: int = 1, OpB64: int = 2, JSON: int = 3, MGPK1: int = 4, CBOR: int = 5, MGPK2: int = 6, CtOpB2: int = 7)

ColdCodex is codex of cold stream start tritets of first byte Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

First three bits:

0o0 = 000 free 0o1 = 001 cntcode B64 0o2 = 010 opcode B64 0o3 = 011 json 0o4 = 100 mgpk 0o5 = 101 cbor 0o6 = 110 mgpk 007 = 111 cntcode or opcode B2

status is one of (‘evt’, ‘txt’, ‘bny’ ) ‘evt’ if tritet in (ColdDex.JSON, ColdDex.MGPK1, ColdDex.CBOR, ColdDex.MGPK2) ‘txt’ if tritet in (ColdDex.CtB64, ColdDex.OpB64) ‘bny’ if tritet in (ColdDex.CtOpB2,)

otherwise raise ColdStartError

x = bytearray([0x2d, 0x5f]) x == bytearray(b’-_’) x[0] >> 5 == 0o1 True

class keri.core.eventing.Coldage(msg, txt, bny)

bny

Alias for field number 2

msg

Alias for field number 0

txt

Alias for field number 1

class keri.core.eventing.Kever(*, state=None, serder=None, sigers=None, wigers=None, db=None, estOnly=None, delseqner=None, delsaider=None, firner=None, dater=None, cues=None, prefixes=None, local=False, check=False)

Kever is KERI key event verifier class Only supports current version VERSION

Has the following public attributes and properties:

Class Attributes:

EstOnly (bool):

True means allow only establishment events False means allow all events

DoNotDelegate (bool):

True means do not allow delegation other identifiers False means allow delegation of delegated identifiers

db

instance that manages the LMDB database when provided. When None provided then create and assign vacuous instance of Baser.

Type:

Baser | None

cues

Injected Kevery.cues when provided. Default None.

Type:

deque | None

prefixes

Injected from Kevery when provided. qb64 identifier prefixes of own habitat identifiers. Assign db.prefixes when None When empty operate in promiscuous mode

Type:

list | None

local

Injected from kevery when provided. True means only process msgs for own events when .prefixes is not empty False means only process msgs for not own events when .prefixes is not empty

Default is False.

Type:

bool

version

serder.version instance of current event state version

Type:

Versionage

prefixer

instance for current event state

Type:

Prefixer

sner

instance of sequence number

Type:

Number

fner

instance of first seen ordinal number

Type:

Number

dater

instance of first seen datetime

Type:

Dater

serder

instance of current event with .serder.diger for digest

Type:

SerderKERI

ilk

from Ilks for current event type

Type:

str

tholder

instance for event signing threshold

Type:

Tholder

verfers

of Verfer instances for current event state set of signing keys

Type:

list

ndigers

of Diger instances for current event state set of next (rotation) key digests

Type:

list

ntholder

instance for next (rotation) threshold from serder.ntholder

Type:

Tholder

toader

instance of TOAD (threshold of accountable duplicity)

Type:

Number

wits

of qualified qb64 aids for witnesses

Type:

list

cuts

of qualified qb64 aids for witnesses cut from prev wits list

Type:

list

adds

Type:

list

estOnly

config trait True means only allow establishment events Default False. Corresponds to config trait string “EO”

Type:

bool

doNotDelegate

config trait True means do not allow delegation Default False. Corresponds to config trait string “DND”

Type:

bool

lastEst

namedtuple of int sn .s and qb64 digest .d of last est event

Type:

LastEstLoc

delegated

True means delegated identifier, False not delegated

Type:

bool

delgator

qb64 of delegator’s prefix

Type:

str

Properties:

sn (int): sequence number property that returns .sner.num fn (int): first seen ordinal number property the returns .fner.num ndigs (list): of digests qb64 of .digers kevers (dict): reference to self.db.kevers transferable (bool): True if .digers is not empty and pre is transferable

__init__(*, state=None, serder=None, sigers=None, wigers=None, db=None, estOnly=None, delseqner=None, delsaider=None, firner=None, dater=None, cues=None, prefixes=None, local=False, check=False)

Create incepting kever and state from inception serder Verify incepting serder against sigers raises ValidationError if not

Parameters:

• state (KeyStateRecord | None) – instance for key state notice

• serder (SerderKERI | None) – instance of inception event

• sigers (list | None) – of Siger instances of indexed controller signatures of event. Index is offset into keys list from latest est event

• wigers (list | None) – of Siger instances of indexed witness signatures of event. Index is offset into wits list from latest est event

• db (Baser | None) – instance of lmdb database

• estOnly (bool | None) – True means establishment only events allowed ‘EO’. False all events allowed.

• delseqner (Seqner | None) – instance of delegating event sequence number. If this event is not delegated then seqner is ignored

• delsaider (Saider | None) – instance of of delegating event SAID. If this event is not delegated then saider is ignored

• firner (Seqner | None) – instance optional of cloned first seen ordinal If cloned mode then firner maybe provided (not None) When firner provided then compare fn of dater and database and first seen if not match then log and add cue notify problem

• dater (Dater | None) – optional instance of cloned replay datetime If cloned mode then dater maybe provided (not None) When dater provided then use dater for first seen datetime

• cues (Deck | None) – reference to Kevery.cues Deck when provided i.e. notices of events or requests to respond to

• prefixes (list | None) – own prefixes for own local habitats. May not include the prefix of this Kever’s event when inception has not yet been accepted into KEL Some restrictions if present If empty then effectively in promiscuous mode

• local (bool) –

  True means only process msgs for own controller’s

  events if .prefixes is not empty.

  False means only process msgs for not own events

  if .prefixes is not empty

• check (bool) – True means do not update the database in any non-idempotent way. Useful for reinitializing the Kevers from a persisted KEL without updating non-idempotent first seen .fels and timestamps.

config(serder, estOnly=None, doNotDelegate=None)

Process cnfg field for configuration traits

escrowPACouple(serder, seqner, saider)

Update associated logs for escrow of partially authenticated issued event. Assuming signatures are provided elsewhere. Partial authentication results from either a partially signed event or a fully signed delegated event but whose delegation is not yet verified.

Escrow allows escrow processor to retrieve serder from key and source couple from val in order to to re-verify authentication status. Sigs are escrowed elsewhere.

Parameters:

• event (serder is SerderKERI instance of delegated or issued)

• delegator/issuer (saider is Saider instance of said of)

• delegator/issuer

escrowPSEvent(serder, sigers, wigers=None)

Update associated logs for escrow of partially signed event or fully signed delegated event but not yet verified delegation.

Parameters:

• event (serder is SerderKERI instance of)

• sigs (wigers is optional list of Siger instance of indexed witness)

• sigs

escrowPWEvent(serder, wigers, sigers=None, seqner=None, saider=None)

Update associated logs for escrow of partially witnessed event

Parameters:

• event (serder is SerderKERI instance of)

• sigs (sigers is optional list of Siger instances of indexed controller)

• sigs

• delegator/issuer (saider is Diger instance of digest of)

• delegator/issuer

exposeds(sigers)

Returns list of ondices (indices) suitable for Tholder.satisfy from self.ndigers (prior next key digests ) as exposed by event sigers. Uses dual index feature of siger. Assumes that each siger.verfer is from the correct key given by siger.index and the signature has been verified.

A key given by siger.verfer (at siger.index in the current key list) may expose a prior next key hidden by the diger at siger.ondex in .digers.

Each returned ondex must be properly exposed by a siger in sigers such that the siger’s indexed key given by siger.verfer matches the siger’s ondexed digest from digers.

The ondexed digest’s code is used to compute the digest of the corresponding indexed key verfer to verify that they match. This supports crypto agility for different digest codes, i.e. all digests in .digers may use a different algorithm.

Only ondices from properly matching key and digest are returned.

Used to extract the indices from the list of prior next digests .digers exposed by the signatures (sigers) on a rotation event of the newly current keys given by each .verfer at .index from sigers. Only checks keys and digests that correspond to provided signatures not all keys and digests defined by the rotation event.

Parameters:

sigers (list) – of Siger instances of indexed signature with .verfer

fetchDelegatingEvent(delegator, serder)

Returns delegating event by delegator of delegated event given by serder otherwise raises ValidationError. Assumes serder is already delegated event

Parameters:

• delegator (str) – qb64 of identifier prefix of delegator

• serder (SerderKERI) – delegated serder

fetchLatestContribFrom(verfer, sn: int | None = None)

Returns tuple of form (sn, index, verfers) where verfers is a list of verfers from latest est event where verfer is found in that event’s verfers at index offset else None if not found. Fetches latest event sn and associated verfers list that recieved a contribution from the provided verfer at index.

Starts searching at sn or if sn is None at sn = .lastEst.s

Returns tuple (sn, index, list[verfers]) from the latest est event that matches by starting at the given sequence number (sn) and walking backwards otherwise returns None.

If given sn represents an interaction event (ixn) then a latest possible matching result may be from an event that is no later than the last est event prior to that interaction event. If the sn represents an establishment event then the latest possible matching result may be from that event.

Parameters:

• verfer (Verfer) – instance of verfer

• sn (int | None) – sn to start searching. If None then start at .lastEst.s

Returns:

where tuple is of form (sn, index, verfers)

sn is sequence number index is index into verfers of verfers verfers is list of Verfer instances.

Return type:

tuple(int, int, list[Verfer]) | None

fetchLatestContribTo(verfers, sn: int | None = None)

Returns tuple of (sn, index, verfer) from latest est event whose verfer is found in verfers at index offset else None if not found. Fetches latest event sn and associated index and verfer that contributed to the provided verfers at index.

Starts searching at sn or if sn is None at sn = .lastEst.s

Returns tuple (sn, index, verfer) from the latest est event that matches by starting at the given sequence number (sn) and walking backwards otherwise returns None.

If given sn represents an interaction event (ixn) then a latest possible matching result may be from an event that is no later than the last est event prior to that interaction event. If the sn represents an establishment event then the latest possible matching result may be from that event.

Parameters:

• verfers (list[Verfer]) – of verfer instances

• sn (int | None) – sn to start searching. If None then start at .lastEst.s

Returns:

where tuple is of form (sn, idx, verfer).

sn is sequence number. idx is index of verfer in verfers verfer is instance of Verfer

Return type:

tuple(int, int,Verfer) | None

fetchPriorDigers(sn: int | None = None) → list | None

Returns either the most recent prior list of digers before .lastEst or None

Starts searching at sn or if sn is None at sn = .lastEst.s - 1

Returns list of Digers instances at the most recent prior est event relative to the given sequence number (sn) otherwise returns None. Walks backwards to the more recent prior establishment event before the .sn if any. If sn represents an interaction event (ixn) then the result will be the current valid list of digers. If sn represents an establishment event then the result will be the list of digers immediately prior to the current list.

Parameters:

sn (int | None) – sn to start searching. If None then start at .lastEst.s - 1

Returns:

of Diger instances or None if no prior est evt

to current .lastEst

Return type:

digers (list | None)

property fn

Returns: (int): .fner.num

incept(serder, estOnly=None)

Verify incept key event message from serder

Parameters:

• event (serder is SerderKERI instance of inception)

• allowed (estOnly is boolean to indicate establish only events)

property kevers

Returns .baser.kevers

locallyOwned(pre='')

Returns True if pre is in .prefixes False otherwise. Indicates that provided identifier prefix is controlled by a local controller from .prefixes i.e pre is a locally owned (controlled) AID (identifier prefix)

Parameters:

pre (str) – qb64 identifier prefix

locallyWitnessed(serder=None)

Returns True if a local controller is a witness of this Kever’s KEL

of wits in serder of if None then current wits for this Kever. i.e. self is witnessd by locally owned (controlled) AID (identifier prefix)

Parameters:

serder (SerderKERI | None) – SerderKERI instace if any

logEvent(serder, sigers=None, wigers=None, wits=None, first=False, seqner=None, saider=None, firner=None, dater=None)

Update associated logs for verified event. Update is idempotent. Logs will not write dup at key if already exists.

Parameters:

• event (wits is optional list of current witnesses provide during any establishment)

• event

• sigs (wigers is optional list of Siger instance of indexed witness)

• event

• event. (first is Boolean True means first seen accepted log of) – Otherwise means idempotent log of event to accept additional signatures beyond the threshold provided for first seen

• number. (seqner is Seqner instance of delegating event sequence) – If this event is not delegated then seqner is ignored

• said. (saider is Saider instance of of delegating event) – If this event is not delegated then diger is ignored

• ordinal (firner is optional Seqner instance of cloned first seen) – If cloned mode then firner maybe provided (not None) When firner provided then compare fn of dater and database and first seen if not match then log and add cue notify problem

• datetime (dater is optional Dater instance of cloned replay) – If cloned mode then dater maybe provided (not None) When dater provided then use dater for first seen datetime

property ndigs

Returns: (list): digs of digers

reload(state)

Reload Kever attributes (aka its state) from state (KeyStateRecord)

Parameters:

state (KeyStateRecord | None) – instance for key state notice

rotate(serder)

Generic Rotate Operation Validation Processing Validates provisional rotation Same logic for both ‘rot’ and ‘drt’ (plain and delegated rotation)

Returns: tuple (tholder, toader, wits, cuts, adds) of provisional results of rotation subject to additional validation

Parameters:

serder (SerderKERI) – instance of rotation (‘rot’ or ‘drt’) event.

property sn

Returns: (int): .sner.num

state()

Returns KeyStateRecord instance of current key state

property transferable

Property transferable: Returns True if identifier does not have non-transferable derivation code

and .nextor is not None False otherwise

update(serder, sigers, wigers=None, delseqner=None, delsaider=None, firner=None, dater=None, check=False)

Not an inception event. Verify event serder and indexed signatures in sigers and update state

Parameters:

• serder (SerderKERI) – instance of event

• sigers (list) – of SigMat instances of indexed signatures of controller signatures of event. Index is offset into keys list from latest est event and when provided ondex is offset into key digest list from prior next est event to latest est event.

• wigers (list | None) – of Siger instances of indexed witness signatures of event. Index is offset into wits list from latest est event

• delseqner (Seqner | None) – instance of delegating event sequence number. If this event is not delegated then seqner is ignored

• delsaider (Saider | None) – instance of of delegating event said. If this event is not delegated then diger is ignored

• firner (Seqner | None) – Seqner instance of cloned first seen ordinal If cloned mode then firner maybe provided (not None) When firner provided then compare fn of dater and database and first seen if not match then log and add cue notify problem

• dater (Dater | None) – Dater instance of cloned replay datetime If cloned mode then dater maybe provided (not None) When dater provided then use dater for first seen datetime

• check (bool) – True means do not update the database in any non-idempotent way. Useful for reinitializing the Kevers from a persisted KEL without updating non-idempotent first seen .fels and timestamps.

valSigsDelWigs(serder, sigers, verfers, tholder, wigers, toader, wits, delseqner=None, delsaider=None)

Returns triple (sigers, delegator, wigers) where: sigers is unique validated signature verified members of inputed sigers delegator is qb64 delegator prefix if delegated else None wigers is unique validated signature verified members of inputed wigers

Validates sigers signatures by validating indexes, verifying signatures, and

validating threshold sith.

Validate witness receipts by validating indexes, verifying

witness signatures and validating toad.

Witness validation is a function of wits .prefixes and .local

Parameters:

• serder (SerderKERI) – instance of event

• sigers (list) – of Siger instances of indexed controllers signatures. Index is offset into verfers list from which public key may be derived.

• verfers (list) – of Verfer instances of keys from latest est event

• tholder (Tholder) – instance of sith threshold

• wigers (list) – of Siger instances of indexed witness signatures. Index is offset into wits list of associated witness nontrans pre from which public key may be derived.

• toader (Number) – instance of backer witness threshold

• wits (list) – of qb64 non-transferable prefixes of witnesses used to derive werfers for wigers

• delseqner (Seqner | None) – instance of delegating event sequence number. If this event is not delegated then seqner is ignored

• delsaider (Saider | None) – instance of of delegating event said. If this event is not delegated then saider is ignored

validateDelegation(serder, sigers, wigers=None, delseqner=None, delsaider=None)

Returns delegator’s qb64 identifier prefix if validation successful. Rules:

If event is not a delegated event then not valid delegation If delegatee’s own event (.mine) then valid delegation If delegation seal found in delgator’s KEL then valid delegation given

valid superseding rules below

Otherwise escrow or reject if error condition

seal validates with respect to Delegator’s KEL Location Seal is from Delegate’s establishment event Assumes state setup

Parameters:

• serder (SerderKERI) – instance of delegated event serder

• sigers (list) – of Siger instances of indexed controller sigs of delegated event. Assumes sigers is list of unique verified sigs

• wigers (list | None) – of optional Siger instance of indexed witness sigs of delegated event. Assumes wigers is list of unique verified sigs

• delseqner (Seqner | None) – instance of delegating event sequence number. If this event is not delegated then ignored

• delsaider (Saider | None) – instance of of delegating event digest. If this event is not delegated ignored

Returns:

qb64 delegator prefix or None if not delegated

Return type:

(str | None)

Superseding Recovery

Supersede means that after an event has already been accepted as first seen into a KEL that a different event with the same sequence number is accepted that supersedes the pre-existing event at that sn. This enables the recovery of events signed by compromised keys. The result of superseded recovery is that the KEL is forked at the sn of the superseding event. All events in the superseded branch of the fork still exist but, by virtue of being superseded, are disputed. The set of superseding events in the superseding fork forms the authoritative branch of the KEL. All the already seen superseded events in the superseded fork still remain in the KEL and may be viewed in order of their original acceptance because the database stores all accepted events in order of acceptance and denotes this order using the first seen ordinal number, fn. The fn is not the same as the sn (sequence number). Each event accepted into a KEL has a unique fn but multiple events due to recovery forks may share the same sn.

Superseding Rules for Recovery at given SN (sequence number)

A0. Any rotation event may supersede an interaction event at the same sn. (existing rule) A1. A non-delegated rotation may not supersede another rotation at the same sn. (modified rule) A2. An interaction event may not supersede any event. ( existing rule).

(B. and C. below provide the new rules)

B. A delegated rotation may supersede another delegated rotation at the same sn under either of the following conditions:

B1. The superseding rotation’s delegating event is later than the superseded rotation’s delegating event in the delegator’s KEL, i.e. the sn of the superseding event’s delegation is higher than the superseded event’s delegation. B2. The sn of the superseding rotation’s delegating event is the same as the sn of the superseded rotation’s delegating event in the delegator’s KEL and the superseding rotation’s delegating event is a rotation and the superseded rotation’s delegating event is an interaction, i.e. the superseding rotation’s delegating event is itself a superseding rotation of the superseded rotations delegating interaction event in the delgator’s KEL

C. IF Neither A nor B is satisfied, then recursively apply rules A. and B. to the delegating events of those delegating events and so on until either A. or B. is satisfied, or the root KEL of the delegation has been reached.

C1. If neither A. nor B. is satisfied by recursive application on the delegator’s KEL (i.e. the root KEL of the delegation has been reached without satisfaction) then the superseding rotation is discarded. The terminal case of the recursive application will occur at the root KEL which by defintion is non-delegated wherefore either A. or B. must be satisfied, or else the superseding rotation must be discarded.

class keri.core.eventing.Kevery(*, cues=None, db=None, rvy=None, lax=True, local=False, cloned=False, direct=True, check=False)

Kevery (Key Event Message Processing Facility) processes an incoming message stream composed of KERI key event related messages and attachments. Kevery acts a Kever (key event verifier) factory for managing key state of KERI identifier prefixes.

Only supports current version VERSION

Has the following public attributes and properties:

cues

of Cues i.e. notices of events needing receipt or requests needing response

Type:

Deck

.db is instance of LMDB Baser object

.framed is Boolean stream is packet framed If True Else not framed

.pipeline is Boolean, True means use pipeline processor to process

ims msgs when stream includes pipelined count codes.

lax

True means operate in promiscuous (unrestricted) mode, False means operate in nonpromiscuous (restricted) mode

as determined by local and prefixes

Type:

bool

local

True means only process msgs for own events if not lax False means only process msgs for not own events if not lax

Type:

bool

cloned

True means cloned message stream so use attached datetimes from clone source not own. False means use current datetime

Type:

bool

direct

True means direct mode so cue notices for receipts etc False means indirect mode so don’t cue notices

Type:

bool

check

True means do not update the database in any non-idempotent way. Useful for reinitializing the Kevers from a persisted KEL without updating non-idempotent first seen .fels and timestamps.

Type:

bool

Properties:

.kevers is dict of db kevers indexed by pre (qb64) of each Kever .prefixes is OrderedSet of fully qualified base64 identifier prefixes of db

local habitats if any.

__init__(*, cues=None, db=None, rvy=None, lax=True, local=False, cloned=False, direct=True, check=False)

Initialize instance:

Parameters:

• cues (Deck)

• db (Baser)

• db – instance of database

• lax (bool) –

  True means operate in promiscuous (unrestricted) mode, False means operate in nonpromiscuous (restricted) mode

  as determined by local and prefixes

• local (bool) – True means only process msgs for own events if not lax False means only process msgs for not own events if not lax

• cloned (bool) – True means cloned message stream so use attached datetimes from clone source not own. False means use current datetime

• direct (bool) – True means direct mode so cue notices for receipts etc False means indirect mode so don’t cue notices

• check (bool) – True means do not update the database in any non-idempotent way. Useful for reinitializing the Kevers from a persisted KEL without updating non-idempotent first seen .fels and timestamps.

duplicity(serder, sigers)

PlaceHolder Reminder Processes potential duplicitous events in PDELs

Handles duplicity detection and logging if duplicitous

Placeholder here for logic need to move

escrowLDEvent(serder, sigers)

Update associated logs for escrow of Likely Duplicitous event

Parameters:

• event (sigers is list of Siger instance for)

• event

escrowOOEvent(serder, sigers, seqner=None, saider=None, wigers=None)

Update associated logs for escrow of Out-of-Order event

Parameters:

• serder (SerderKERI) – instance of event

• sigers (list) – of Siger instance for event

• seqner (Seqner) – instance of sn of event delegatint/issuing event if any

• saider (Saider) – instance of dig of event delegatint/issuing event if any

• wigers (list) – of witness signatures

escrowQueryNotFoundEvent(prefixer, serder, sigers, cigars=None)

Update associated logs for escrow of Out-of-Order event

Parameters:

• prefixer (Prefixer) – source of query message

• serder (SerderKERI) – instance of event

• sigers (list) – of Siger instance for event

• cigars (list) – of non-transferable receipts

escrowTRGroups(serder, tsgs)

Update associated logs for escrow of Transferable Receipt Groups for event (transferable)

Parameters:

• event (serder instance of receipt message not receipted)

• form (tsgs is list of tuples of) – (prefixer,seqner,diger, sigers) prefixer is Prefixer instance of prefix of receipter seqner is Seqner instance of sn of est event of receiptor diger is Diger instance of digest of est event of receiptor sigers is list of Siger instances of multi-sig of receiptor

escrow quintuple for each siger

quintuple = edig+pre+snu+dig+sig where:

edig is receipted event dig (serder.dig) pre is receipter prefix snu is receipter est event sn dig is receipt est evant dig sig is indexed sig of receiptor of receipted event

escrowTRQuadruple(serder, sprefixer, sseqner, saider, siger)

Update associated logs for escrow of Unverified Transferable Receipt (transferable)

escrow quintuple made from quadruple where:

quadruple = spre+ssnu+sdig+sig (s is trans receipt signer) quintuple = edig+spre+ssnu+sdig+sig (edig is signed event digest)

Parameters:

• event (serder instance of receipt message not receipted)

• message (sigers is list of Siger instances attached to receipt)

• instance (seal is SealEvent)

• receipt (saider is digest of receipted event provided in)

escrowTReceipts(serder, prefixer, seqner, saider, sigers)

Update associated logs for escrow of Transferable Event Receipt Group (transferable)

Parameters:

• event (serder instance of receipt message not receipted)

• receipter (prefixer is Prefixer instance of prefix of)

• receiptor (igers is list of Siger instances of multi-sig of)

• receiptor

• receiptor

escrow quintuple for each siger

quintuple = edig+pre+snu+dig+sig where:

edig is receipted event dig (serder.dig) pre is receipter prefix snu is receipter est event sn dig is receipt est evant dig sig is indexed sig of receiptor of receipted event

escrowUReceipt(serder, cigars, said)

Update associated logs for escrow of Unverified Event Receipt (non-transferable) Escrowed value is triple edig+rpre+cig where:

edig is event dig rpre is nontrans receiptor prefix cig is non-indexed signature on event with key pair derived from rpre

Parameters:

• serder (SerderKERI) – instance of receipt msg not receipted event

• cigars (list) – of Cigar instances for event receipt

• said (str) – qb64 said in receipt of receipted event not serder.dig because serder is of receipt not receipted event

escrowUWReceipt(serder, wigers, said)

Update associated logs for escrow of Unverified Event Witness Receipt (non-transferable) Escrowed value is couple edig+wig where:

edig is receipted event dig not serder.dig wig is witness indexed signature on receipted event with key pair

derived from witness nontrans identifier prefix in witness list. Index is offset into witness list of latest establishment event for receipted event.

Parameters:

• serder (SerderKERI) – instance of receipt msg not receipted event

• wigers (list) – of Siger instances for witness indexed signature of receipted event

• said (str) – serder is a receipt not the receipted event

fetchEstEvent(pre, sn)

Returns SerderKERI instance of establishment event that is authoritative for event in KEL for pre at sn. Returns None if no event at sn accepted in KEL for pre

Parameters:

• KEL (pre is qb64 of identifier prefix for)

• pre (sn is int sequence number of event in KEL of)

fetchWitnessState(pre, sn)

Returns the list of witness for the identifier prefix at the sequence number

Returns the witness state (list of witnesses) at the given sequence number (sn) of the identifier prefix (pre). It uses the .wits database that stores witness state at the sequence number of each establishment event. If sn represents an interaction event (ixn) it searches backwards for the last establishment event prior to sn and returns that witness state.

Parameters:

• pre (str) – identifier prefix qb64

• sn (int) – sequence number of the event for which witness state is desired

Returns:

list of coring.Prefixer objects representing the witness state for the identifier prefix at

the sequence number

Return type:

list

property kevers

Returns .db.kevers

property prefixes

Returns .db.prefixes

processEscrowDuplicitous()

Process events escrowed by Kever that are likely duplicitous. An event is likely duplicitous if a different version of event already has been accepted into the KEL.

Escrowed items are indexed in database table keyed by prefix and sn with duplicates given by different dig inserted in insertion order. This allows FIFO processing of events with same prefix and sn but different digest.

Uses .db.addLde(self, key, val) which is IOVal with dups.

Value is dgkey for event stored in .Evt where .Evt has serder.raw of event.

Original Escrow steps:

dgkey = dgKey(pre, serder.dig) self.db.putDts(dgkey, nowIso8601().encode(“utf-8”)) self.db.putSigs(dgkey, [siger.qb64b for siger in sigers]) self.db.putEvt(dgkey, serder.raw) self.db.addLde(snKey(pre, sn), serder.digb) where:

serder is SerderKERI instance of event sigers is list of Siger instance for event pre is str qb64 of identifier prefix of event sn is int sequence number of event

Steps:

Each pass (walk index table)

For each prefix,sn

For each escrow item dup at prefix,sn:

Get Event Get and Attach Signatures Process event as if it came in over the wire If successful then remove from escrow table

processEscrowOutOfOrders()

Process events escrowed by Kever that are recieved out-of-order. An event is out of order if its prior event has not been accepted into its KEL. Without the prior event there is no way to know the key state and therefore no way to verify signatures on the out-of-order event.

Escrowed items are indexed in database table keyed by prefix and sn with duplicates given by different dig inserted in insertion order. This allows FIFO processing of events with same prefix and sn but different digest.

Uses .db.addOoe(self, key, val) which is IOVal with dups.

Value is dgkey for event stored in .Evt where .Evt has serder.raw of event.

Original Escrow steps:

dgkey = dgKey(pre, serder.dig) self.db.putDts(dgkey, nowIso8601().encode(“utf-8”)) self.db.putSigs(dgkey, [siger.qb64b for siger in sigers]) self.db.putEvt(dgkey, serder.raw) self.db.addOoe(snKey(pre, sn), serder.dig) where:

serder is SerderKERI instance of event sigers is list of Siger instance for event pre is str qb64 of identifier prefix of event sn is int sequence number of event

Steps:

Each pass (walk index table)

For each prefix,sn

For each escrow item dup at prefix,sn:

Get Event Get and Attach Signatures Process event as if it came in over the wire If successful then remove from escrow table

processEscrowPartialSigs()

Process events escrowed by Kever that were only partially fulfilled, either due to missing signatures or missing dependent events like a delegating event. But event has at least one verified signature.

Escrowed items are indexed in database table keyed by prefix and sequence number with duplicates inserted in insertion order. This allows FIFO processing of events with same prefix and sn. Uses .db.addPse(self, key, val) which is IOVal with dups.

Value is dgkey for event stored in .Evt where .Evt has serder.raw of event.

Original Escrow steps:

dgkey = dgKey(pre, serder.digb) .db.putDts(dgkey, nowIso8601().encode(“utf-8”)) .db.putSigs(dgkey, [siger.qb64b for siger in sigers]) .db.putEvt(dgkey, serder.raw) .db.addPse(snKey(pre, sn), serder.digb) where:

serder is SerderKERI instance of event sigers is list of Siger instance for event pre is str qb64 of identifier prefix of event sn is int sequence number of event

Steps:

Each pass (walk index table)

For each prefix,sn

For each escrow item dup at prefix,sn:

Get Event Get and Attach Signatures Process event as if it came in over the wire If successful then remove from escrow table

processEscrowPartialWigs()

Process events escrowed by Kever that were only partially fulfilled due to missing signatures from witnesses. Events only make into this escrow after fully signed and if delegated, delegation has been verified.

Escrowed items in .pwes are indexed in database table keyed by prefix and sequence number with duplicates inserted in insertion order. This allows FIFO processing of events with same prefix and sn. Reads db.pwes .db.getPwe put there by .db.addPwe(self, key, val)

which is IOVal with dups.

Value is dgkey for event stored in .Evt where .Evt has serder.raw of event.

Original Escrow steps:

dgkey = dgKey(pre, serder.digb) .db.putDts(dgkey, nowIso8601().encode(“utf-8”)) .db.putWigs(dgkey, [siger.qb64b for siger in sigers]) .db.putEvt(dgkey, serder.raw) .db.addPwe(snKey(pre, sn), serder.digb) where:

serder is SerderKERI instance of event wigers is list of Siger instance for of witnesses of event pre is str qb64 of identifier prefix of event sn is int sequence number of event

Steps:

Each pass (walk index table)

For each prefix,sn

For each escrow item dup at prefix,sn:

Get Event Get and Attach Signatures Get and Attach Witness Signatures Process event as if it came in over the wire If successful then remove from escrow table

processEscrowUnverNonTrans()

Process escrowed unverified event receipts from nontrans receiptors A receipt is unverified if the associated event has not been accepted into its KEL. Without the event, there is no way to know where to store the receipts.

The escrow is a triple with edig+rpre+cig where:

edig is event digest rpre is receiptor (signer) of event cig is non-indexed signature by key-pair derived from rpre of event

The verified receipt is just the couple rpre+cig that is stored by event digest edig

Escrowed items are indexed in database table keyed by prefix and sn with duplicates given by different receipt triple inserted in insertion order. This allows FIFO processing of escrows for events with same prefix and sn but different digest.

Uses .db.addUre(self, key, val) which is IOVal with dups.

Value is triple

Original Escrow steps:

self.db.putDts(dgKey(pre, dig), nowIso8601().encode(“utf-8”)) for cigar in cigars: # escrow each triple

if cigar.verfer.transferable: # skip transferable verfers

continue # skip invalid couplets

triple = dig.encode(“utf-8”) + cigar.verfer.qb64b + cigar.qb64b self.db.addUre(key=snKey(pre, sn), val=triple) # should be snKey

where:

dig is dig in receipt of receipted event cigars is list of cigars instances for receipted event pre is str qb64 of identifier prefix of receipted event sn is int sequence number of receipted event

Steps:

Each pass (walk index table)

For each prefix,sn

For each escrow item dup at prefix,sn:

Get Event compare dig so same event verify sigs via cigars If successful then remove from escrow table

processEscrowUnverTrans()

Process event receipts from transferable identifiers (validators) escrowed by Kever that are unverified. A transferable receipt is unverified if either the receipted event has not been accepted into the receipted’s KEL or the establishment event of the receiptor has not been accepted into the receipter’s KEL. Without either event there is no way to know where to store the receipt quadruples.

The escrow is a quintuple with dig+spre+ssnu+sdig+sig the verified receipt is just the quadruple spre+ssnu+sdig+sig that is stored by event dig

Escrowed items are indexed in database table keyed by prefix and sn with duplicates given by different receipt quintuple inserted in insertion order. This allows FIFO processing of escrows of events with same prefix and sn but different digest.

Uses .db.addVre(self, key, val) which is IOVal with dups.

Value is quintuple

Original Escrow steps:

self.db.putDts(dgKey(serder.preb, dig), nowIso8601().encode(“utf-8”)) prelet = (dig.encode(“utf-8”) + seal.i.encode(“utf-8”) +

Seqner(sn=int(seal.s, 16)).qb64b + seal.d.encode(“utf-8”))

for siger in sigers: # escrow each quintlet

quintuple = prelet + siger.qb64b # quintuple self.db.addVre(key=snKey(serder.preb, serder.sn), val=quintuple)

where:

dig is dig in receipt of receipted event sigers is list of Siger instances for receipted event

Steps:

Each pass (walk index table)

For each prefix,sn

For each escrow item dup at prefix,sn:

Get Event compare dig so same event verify sigs via sigers If successful then remove from escrow table

processEscrowUnverWitness()

Process escrowed unverified event receipts from witness receiptors A receipt is unverified if the associated event has not been accepted into its KEL. Without the event, there is no way to know where to store the receipt signatures neither to look up the witness list to verify the indexed signatures.

The escrow is a couple with edig+wig where:

edig is receipted event digest wig is witness indexed signature by key-pair derived from witness

prefix in associated witness list. Index is offset into witness list of of latest establishment event for receipted event.

The (unescrowed) verified receipt is stored as wig at event digest edig

Escrowed items are indexed in database table keyed by prefix and sn with duplicates given by different receipt couple inserted in insertion order. This allows FIFO processing of escrows for events with same prefix and sn but different digest.

Uses .uwes reads .db.getUwe was put there by.db.addUwe(self, key, val) which is IOVal with dups.

Value is couple

Original Escrow steps:

self.db.putDts(dgKey(pre, dig), nowIso8601().encode(“utf-8”)) for wiger in wigers: # escrow each couple

couple = dig.encode(“utf-8”) + wiger.qb64b self.db.addUwe(key=snKey(pre, sn), val=triple)

where:

dig is dig in receipt of receipted event wigers is list of Siger instances witness indexed signature of

receipted event

pre is str qb64 of identifier prefix of receipted event sn is int sequence number of receipted event

Steps:

Each pass (walk index table)

For each prefix,sn

For each escrow item dup at prefix,sn:

Get Event compare dig so same event verify wigs via wigers If successful then remove from escrow table

processEscrows()

Iterate throush escrows and process any that may now be finalized

Parameters:

processEvent(serder, sigers, *, wigers=None, delseqner=None, delsaider=None, firner=None, dater=None)

Process one event serder with attached indexd signatures sigers

Parameters:

• process (serder is SerderKERI instance of event to)

• sigs (wigers is optional list of Siger instances of attached witness indexed)

• sigs

• number. (delseqner is Seqner instance of delegating event sequence) – If this event is not delegated then seqner is ignored

• SAID. (delsaider is Saider instance of of delegating event) – If this event is not delegated then saider is ignored

• ordinal (firner is optional Seqner instance of cloned first seen) – If cloned mode then firner maybe provided (not None) When firner provided then compare fn of dater and database and first seen if not match then log and add cue notify problem

• datetime (dater is optional Dater instance of cloned replay) – If cloned mode then dater maybe provided (not None) When dater provided then use dater for first seen datetime

processQuery(serder, source=None, sigers=None, cigars=None)

Process query mode replay message for collective or single element query. Assume promiscuous mode for now.

Parameters:

• serder (SerderKERI)

• source (Prefixer)

• sigers (list)

• cigars (list)

processQueryNotFound()

Process qry events escrowed by Kevery for KELs that have not yet met the criteria of the query. A missing KEL or criteria for an event in a KEL at a particular sequence number or an event containing a specific anchor can result in query not found escrowed events.

Escrowed items are indexed in database table keyed by prefix and sn with duplicates given by different dig inserted in insertion order. This allows FIFO processing of events with same prefix and sn but different digest.

Uses .db.addQnf(self, key, val) which is IOVal with dups.

Value is dgkey for event stored in .Evt where .Evt has serder.raw of event.

Steps:

Each pass (walk index table)

For each prefix,sn

For each escrow item dup at prefix,sn:

Get Event Get and Attach Signatures Process event as if it came in over the wire If successful then remove from escrow table

processReceipt(serder, cigars)

Process one receipt serder with attached cigars

Parameters:

• message (serder is SerderKERI instance of serialized receipt message not receipted)

• couple (cigars is list of Cigar instances that contain receipt) – signature in .raw and public key in .verfer

Receipt dict labels

vs # version string pre # qb64 prefix sn # hex string sequence number ilk # rct dig # qb64 digest of receipted event

processReceiptCouples(serder, cigars, firner=None)

Process attachment with receipt couple

Parameters:

• message (serder is SerderKERI instance of receipted serialized event) – to which receipts are attached from replay

• couple (cigars is list of Cigar instances that contain receipt) – signature in .raw and public key in .verfer

• ordinal (firner is Seqner instance of first seen) – if provided lookup event by fn = firner.sn

:param : if provided lookup event by fn = firner.sn

processReceiptQuadruples(serder, trqs, firner=None)

Process one attachment quadruple that comprises a transferable receipt

Parameters:

• serder (serder is chit)

• tuples (trqs is list of) – (prefixer, seqner, diger, siger)

• ordinal (firner is Seqner instance of first seen) – if provided lookup event by fn = firner.sn

:param : if provided lookup event by fn = firner.sn

Seal labels

i pre # qb64 prefix of receipter s sn # hex of sequence number of est event for receipter keys d dig # qb64 digest of est event for receipter keys

processReceiptTrans(serder, tsgs)

Process one transferable validator receipt (chit) serder with attached sigers

Parameters:

• serder (serder is chit)

• groups (tsgs is tist of tuples from extracted transferable indexed sig) – each converted group is tuple of (i,s,d) triple plus list of sigs

Receipt dict labels

vs # version string pre # qb64 prefix sn # hex string sequence number ilk # rct dig # qb64 digest of receipted event

processReceiptWitness(serder, wigers)

Process one witness receipt serder with attached witness sigers

Parameters:

• event (serder is SerderKERI instance of serialized receipt message not receipted)

• signatures (sigers is list of Siger instances that with witness indexed) – signature in .raw. Index is offset into witness list of latest establishment event for receipted event. Signature uses key pair derived from nontrans witness prefix in associated witness list.

Receipt dict labels

vs # version string pre # qb64 prefix sn # hex string sequence number ilk # rct dig # qb64 digest of receipted event

processReplyEndRole(*, serder, saider, route, cigars=None, tsgs=None, **kwargs)

Process one reply message for route = /end/role/add or /end/role/cut with either attached nontrans receipt couples in cigars or attached trans indexed sig groups in tsgs. Assumes already validated saider, dater, and route from serder.ked

Parameters:

• serder (SerderKERI) – instance of reply msg (SAD)

• saider (Saider) – instance from said in serder (SAD)

• route (str) – reply route

• cigars (list) – of Cigar instances that contain nontrans signing couple signature in .raw and public key in .verfer

• tsgs (list) – tuples (quadruples) of form (prefixer, seqner, diger, [sigers]) where: prefixer is pre of trans endorser seqner is sequence number of trans endorser’s est evt for keys for sigs diger is digest of trans endorser’s est evt for keys for sigs [sigers] is list of indexed sigs from trans endorser’s keys from est evt

EndpointRecord:

allowed: bool = False # True eid allowed (add), False eid disallowed (cut) name: str = “” # optional user friendly name of endpoint

Reply Message: {

“v” : “KERI10JSON00011c_”, “t” : “rpy”, “d”: “EZ-i0d8JZAoTNZH3ULaU6JR2nmwyvYAfSVPzhzS6b5CM”, “dt”: “2020-08-22T17:50:12.988921+00:00”, “r” : “/end/role/add”, “a” : {

“cid”: “EaU6JR2nmwyZ-i0d8JZAoTNZH3ULvYAfSVPzhzS6b5CM”, “role”: “watcher”, # one of kering.Roles “eid”: “BrHLayDN-mXKv62DAjFLX1_Y5yEUe0vA9YPe_ihiKYHE”,

}

}

{

“v” : “KERI10JSON00011c_”, “t” : “rpy”, “d”: “EZ-i0d8JZAoTNZH3ULaU6JR2nmwyvYAfSVPzhzS6b5CM”, “dt”: “2020-08-22T17:50:12.988921+00:00”, “r” : “/end/role/cut”, “a” : {

“cid”: “EaU6JR2nmwyZ-i0d8JZAoTNZH3ULvYAfSVPzhzS6b5CM”, “role”: “watcher”, # one of kering.Roles “eid”: “BrHLayDN-mXKv62DAjFLX1_Y5yEUe0vA9YPe_ihiKYHE”,

}

}

processReplyKeyStateNotice(*, serder, saider, route, cigars=None, tsgs=None, **kwargs)

Process one reply message for key state = /ksn

Process one reply message for key state = /ksn with either attached nontrans receipt couples in cigars or attached trans indexed sig groups in tsgs. Assumes already validated saider, dater, and route from serder.ked

Parameters:

• serder (SerderKERI) – instance of reply msg (SAD)

• saider (Saider) – instance from said in serder (SAD)

• route (str) – reply route

• cigars (list) – of Cigar instances that contain nontrans signing couple signature in .raw and public key in .verfer

• tsgs (list) – tuples (quadruples) of form (prefixer, seqner, diger, [sigers]) where: prefixer is pre of trans endorser seqner is sequence number of trans endorser’s est evt for keys for sigs diger is digest of trans endorser’s est evt for keys for sigs [sigers] is list of indexed sigs from trans endorser’s keys from est evt

Reply Message: {

“v” : “KERI10JSON00011c_”, “t” : “rpy”, “d”: “EZ-i0d8JZAoTNZH3ULaU6JR2nmwyvYAfSVPzhzS6b5CM”, “dt”: “2020-08-22T17:50:12.988921+00:00”, “r” : “/ksn/EeS834LMlGVEOGR8WU3rzZ9M6HUv_vtF32pSXQXKP7jg”, “a” : {

“v”: “KERI10JSON000274_”, “i”: “EeS834LMlGVEOGR8WU3rzZ9M6HUv_vtF32pSXQXKP7jg”, “s”: “1”, “t”: “ksn”, “p”: “ESORkffLV3qHZljOcnijzhCyRT0aXM2XHGVoyd5ST-Iw”, “d”: “EtgNGVxYd6W0LViISr7RSn6ul8Yn92uyj2kiWzt51mHc”, “f”: “1”, “dt”: “2021-11-04T12:55:14.480038+00:00”, “et”: “ixn”, “kt”: “1”, “k”: [

“DTH0PwWwsrcO_4zGe7bUR-LJX_ZGBTRsmP-ZeJ7fVg_4”

], “n”: “E6qpfz7HeczuU3dAd1O9gPPS6-h_dCxZGYhU8UaDY2pc”, “bt”: “3”, “b”: [

“BGKVzj4ve0VSd8z_AmvhLg4lqcC_9WYX90k03q-R_Ydo”, “BuyRFMideczFZoapylLIyCjSdhtqVb31wZkRKvPfNqkw”, “Bgoq68HCmYNUDgOz4Skvlu306o_NY-NrYuKAVhk3Zh9c”

], “c”: [], “ee”: {

“s”: “0”, “d”: “ESORkffLV3qHZljOcnijzhCyRT0aXM2XHGVoyd5ST-Iw”, “br”: [], “ba”: []

}, “di”: “”

}

}

processReplyLocScheme(*, serder, saider, route, cigars=None, tsgs=None)

Process one reply message for route = /loc/scheme with either attached nontrans receipt couples in cigars or attached trans indexed sig groups in tsgs. Assumes already validated saider, dater, and route from serder.ked

Parameters:

• serder (SerderKERI) – instance of reply msg (SAD)

• saider (Saider) – instance from said in serder (SAD)

• route (str) – reply route

• cigars (list) – of Cigar instances that contain nontrans signing couple signature in .raw and public key in .verfer

• tsgs (list) – tuples (quadruples) of form (prefixer, seqner, diger, [sigers]) where: prefixer is pre of trans endorser seqner is sequence number of trans endorser’s est evt for keys for sigs diger is digest of trans endorser’s est evt for keys for sigs [sigers] is list of indexed sigs from trans endorser’s keys from est evt

EndAuthRecord

cid: str = “” # identifier prefix of controller that authorizes endpoint roles: list[str] = field(default_factory=list) # str endpoint roles such as watcher, witness etc

LocationRecord:

url: str # full url including host:port/path?query scheme is optional cids: list[EndAuthRecord] = field(default_factory=list) # optional authorization record references

Reply Message:

{

“v” : “KERI10JSON00011c_”, “t” : “rpy”, “d”: “EZ-i0d8JZAoTNZH3ULaU6JR2nmwyvYAfSVPzhzS6b5CM”, “dt”: “2020-08-22T17:50:12.988921+00:00”, “r” : “/loc/scheme”, “a” : {

“eid”: “BrHLayDN-mXKv62DAjFLX1_Y5yEUe0vA9YPe_ihiKYHE”, “scheme”: “http”, # one of kering.Schemes “url”: “http://localhost:8080/watcher/wilma”,

}

}

{

“v” : “KERI10JSON00011c_”, “t” : “rpy”, “d”: “EZ-i0d8JZAoTNZH3ULaU6JR2nmwyvYAfSVPzhzS6b5CM”, “dt”: “2020-08-22T17:50:12.988921+00:00”, “r” : “/loc/scheme”, “a” : {

“eid”: “BrHLayDN-mXKv62DAjFLX1_Y5yEUe0vA9YPe_ihiKYHE”, “scheme”: “http”, # one of kering.Schemes “url”: “”, # Nullifies

}

}

registerReplyRoutes(router)

Register the routes for processing messages embedded in rpy event messages

Parameters:

router (Router) – reply message router

removeStaleReplyEndRole(saider)

Process reply escrow at saider for route “/end/role”

removeStaleReplyLocScheme(saider)

Process reply escrow at saider for route “/loc/scheme”

updateEnd(keys, saider, allowed=None)

Update end auth database .eans and end database .ends.

Parameters:

• keys (tuple) – of key strs for databases (cid, role, eid)

• saider (Saider) – instance from said in reply serder (SAD)

• allowed (bool) – True allow eid to be endpoint provided False otherwise

updateKeyState(aid, ksr, saider, dater)

Update Reply SAD in database given by by serder and associated databases for attached cig couple or sig quadruple. Overwrites val at key if already exists.

Parameters:

• aid (str) – identifier of key state

• ksr (KeyStateRecord) – converted from key state notice dict in reply msg

• saider (Saider) – instance from said in serder (SAD)

• dater (Dater) – instance from date-time in serder (SAD)

updateLoc(keys, saider, url)

Update loc auth database .lans and loc database .locs.

Parameters:

• keys (tuple) – of key strs for databases (eid, scheme)

• saider (Saider) – instance from said in reply serder (SAD)

• url (str) – endpoint url

class keri.core.eventing.LastEstLoc(s, d)

d

Alias for field number 1

s

Alias for field number 0

class keri.core.eventing.SealBacker(bi, d)

bi

Alias for field number 0

d

Alias for field number 1

class keri.core.eventing.SealDigest(d)

d

Alias for field number 0

class keri.core.eventing.SealEst(s, d)

d

Alias for field number 1

s

Alias for field number 0

class keri.core.eventing.SealEvent(i, s, d)

d

Alias for field number 2

i

Alias for field number 0

s

Alias for field number 1

class keri.core.eventing.SealLast(i)

i

Alias for field number 0

class keri.core.eventing.SealRoot(rd)

rd

Alias for field number 0

class keri.core.eventing.StateEstEvent(s, d, br, ba)

ba

Alias for field number 3

br

Alias for field number 2

d

Alias for field number 1

s

Alias for field number 0

class keri.core.eventing.StateEvent(s, t, d)

d

Alias for field number 2

s

Alias for field number 0

t

Alias for field number 1

class keri.core.eventing.TraitCodex(EstOnly: str = 'EO', DoNotDelegate: str = 'DND', NoBackers: str = 'NB', Backers: str = 'RB')

TraitCodex is codex of inception configuration trait code strings Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

keri.core.eventing.ample(n, f=None, weak=True)

Returns int as sufficient immune (ample) majority of n when n >=1

otherwise returns 0

Parameters:

• elements (n is int total number of)

• number (f is int optional fault)

• Boolean (weak is) –

  If f is not None and

  weak is True then minimize m for f weak is False then maximize m for f that satisfies n >= 3*f+1

  Else

  weak is True then find maximum f and minimize m weak is False then find maximum f and maximize m

• n

• m

• to (f are subject)

• 0 (f >= 1 if n >)

• 3*f+1 (n >=)

• n-f ((n+f+1)/2 <= m <=)

keri.core.eventing.bare(route='', data=None, stamp=None, version=(1, 0), kind='JSON')

Returns serder of bare ‘bar’ message. Utility function to automate creation of unhiding (bareing) messages for disclosure of sealed data associated with anchored seals in a KEL. Reference to anchoring seal is provided as an attachment to bare message. Bare ‘bar’ message is a SAD item with an associated derived SAID in a ‘d’ field in side its ‘a’ block.

Parameters:

route is route path string that indicates data flow handler (behavior)

to processs the exposure

data is dict of dicts of comitted SADS for SAIDs in seals keyed by SAID stamp (str): date-time-stamp RFC-3339 profile of ISO-8601 datetime of

creation of message or data

version is Version instance kind is serialization kind

{

“v” : “KERI10JSON00011c_”, “t” : “bar”, “d”: “EZ-i0d8JZAoTNZH3ULaU6JR2nmwyvYAfSVPzhzS6b5CM”, “dt”: “2020-08-22T17:50:12.988921+00:00”, “r” : “sealed/processor”, “a” :

{

“EaU6JR2nmwyZ-i0d8JZAoTNZH3ULvYAfSVPzhzS6b5CM”:

{

“d”: “EaU6JR2nmwyZ-i0d8JZAoTNZH3ULvYAfSVPzhzS6b5CM”, “i”: “EAoTNZH3ULvYAfSVPzhzS6baU6JR2nmwyZ-i0d8JZ5CM”, “dt”: “2020-08-22T17:50:12.988921+00:00”, “name”: “John Jones”, “role”: “Founder”,

}

}

}

keri.core.eventing.deReceiptCouple(data, strip=False)

Returns tuple of (prefixer, cigar) from concatenated bytes or bytearray of data couple made up of qb64 or qb64b versions of pre+cig where:

pre is nontransferable identifier prefix of receiptor cig is nonindexed signature made with key pair derived from pre

Couple is used for receipts signed by nontransferable prefix keys

Parameters:

• receipt (data is couple of bytes concatenation of pre+sig from)

• parsed (strip is Boolean True means delete from data each part as) – Only useful if data is bytearray from front of stream Raises error if not bytearray

keri.core.eventing.deReceiptTriple(data, strip=False)

Returns tuple of (diger, prefixer, cigar) from concatenated bytes or bytearray of data triple made up of qb64 or qb64b versions of dig+pre+cig where:

dig is receipted event digest pre is nontransferable identifier prefix of receiptor cig is nonindexed signature made with key pair derived from pre

Triple is used for escrows of unverified receipts signed by nontransferable prefix keys

Parameters:

• receipt (data is triple of bytes concatenation of dig+pre+cig from)

• parsed (deletive is Boolean True means delete from data each part as) – Only useful if data is bytearray from front of stream

keri.core.eventing.deSourceCouple(data, strip=False)

Returns tuple of (seqner, saider) from concatenated bytes or bytearray of data couple made up of qb64 or qb64b versions of snu+dig where:

snu is sn of delegator/issuer source event dig is digest of delegator/issuer source event

Couple is used for delegated/issued event attachment of delegator/issuer evt

Parameters:

• receipt (data is couple of bytes concatenation of pre+sig from)

• parsed (strip is Boolean True means delete from data each part as) – Only useful if data is bytearray from front of stream Raises error if not bytearray

keri.core.eventing.deTransReceiptQuadruple(data, strip=False)

Returns tuple (quadruple) of (prefixer, seqner, diger, siger) from concatenated bytes or bytearray of quadruple made up of qb64 or qb64b versions of spre+ssnu+sdig+sig. Quadruple is used for receipts signed by transferable prefix keys. Recept for event that is in kel where event is given by context or key

Parameters:

• receipt (quadruple is bytes concatenation of pre+snu+dig+sig from)

• parsed (deletive is Boolean True means delete from data each part as) – Only useful if data is bytearray from front of stream

keri.core.eventing.deTransReceiptQuintuple(data, strip=False)

Returns tuple of (ediger, seal prefixer, seal seqner, seal diger, siger) from concatenated bytes or bytearray of quintuple made up of qb64 or qb64b versions of quntipuple given by concatenation of edig+spre+ssnu+sdig+sig. Quintuple is used for unverified escrows of validator receipts signed by transferable prefix keys. Receipt for event that is not yet in KEL where event is given by event digest (ediger)

Parameters:

• receipt (quintuple is bytes concatenation of edig+spre+ssnu+sdig+sig from)

• parsed (deletive is Boolean True means delete from data each part as) – Only useful if data is bytearray from front of stream

keri.core.eventing.deWitnessCouple(data, strip=False)

Returns tuple of (diger, wiger) extracted from bytes or bytearray that hold concatenated data couple where:

diger is Diger instance wiger is Siger instance

Couple is dig+wig where:

dig is receipted event digest wig is indexed signature made with key pair derived from witness nontrans

identifier prefix from witness list. Index is offset into witness list of latest establishment event for receipted event.

Parameters:

• receipt (data is couple of bytes concatenation of dig+wig from)

• parsed (deletive is Boolean True means delete from data each part as) – Only useful if data is bytearray from front of stream

Witness couple is used for escrows of unverified witness recipts signed by nontransferable witness prefix keys with indexed signatures where index is offset into associated witness list. At time of escrow receipted event may not be in KEL so need the dig to look up event and then look up witness list from key state.

keri.core.eventing.delcept(keys, delpre, **kwa)

Returns serder of delegated inception event message. Utility function to automate creation of delegated inception events. Syntactic suger that calls incept but with delpre so ilk is dip.

Parameters:

• keys (list) – current signing keys qb64

• sith (int | str | list | None) – current signing threshold input to Tholder

• ndigs (list | None) – current signing key digests qb64

• None) (nsith int | str | list |) – next signing threshold input to Tholder

• toad (int | str | None) – witness threshold number if str then hex str

• wits (list | None) – witness identifier prefixes qb64

• cnfg (list | None) – configuration traits from TraitDex

• data (list | None) – seal dicts

• version (Version) – KERI protocol version string

• kind (str) – serialization kind from Serials

• code (str | None) – derivation code for computed prefix

• intive (bool) – True means sith, nsith, and toad are serialized as ints not hex str when numeric threshold

• delpre (str | None) – delegator identifier prefix qb64. When not None makes this a msg type “dip”, delegated inception event.

keri.core.eventing.deltate(pre, keys, dig, ilk='drt', **kwa)

Returns serder of delegated rotation event message. Utility function to automate creation of delegated rotation events. Syntactic suger that calls rotate but with ilk set to drt.

Parameters:

• pre (str) – identifier prefix qb64

• keys (list) – current signing keys qb64

• dig (str) – said of previous event qb64

• ilk (str) – ilk of event. Must be in (Ilks.rot, Ilks.drt)

• sn (int | str) – sequence number int or hex str

• sith (int | str | list) – current signing threshold input to Tholder

• ndigs (list) – current signing key digests qb64

• list) (nsith int | str |) – next signing threshold input to Tholder

• toad (int | str) – witness threshold number if str then hex str

• wits (list) – prior witness identifier prefixes qb64

• cuts (list) – witness prefixes to cut qb64

• adds (list) – witness prefixes to add qb64

• data (list) – seal dicts

• version (Version) – KERI protocol version string

• kind (str) – serialization kind from Serials

• intive (bool) – True means sith, nsith, and toad are serialized as ints not hex str when numeric threshold

keri.core.eventing.fetchTsgs(db, saider, snh=None)

Fetch tsgs for saider from .db.ssgs. When sn then only fetch if sn <= snh :returns:

of tsg quadruple of form (prefixer, seqner, diger, sigers)

where:

prefixer (Prefixer): instance trans signer aid, seqner (Seqner): of sn of trans signer key state est event diger (Diger): of digest of trans signer key state est event sigers (list): of Siger instances of indexed signatures

Return type:

tsgs (list)

Parameters:

• db – (Cesr

• saider (Saider) – instance of said for reply SAD to which signatures are attached

• snh (str) – 32 char zero pad lowercase hex of sequence number f”{sn:032x}”

keri.core.eventing.incept(keys, *, isith=None, ndigs=None, nsith=None, toad=None, wits=None, cnfg=None, data=None, version=(1, 0), kind='JSON', code=None, intive=False, delpre=None)

Returns serder of inception event message. Utility function to automate creation of inception events.

Parameters:

• keys (list) – current signing keys qb64

• sith (int | str | list | None) – current signing threshold input to Tholder

• ndigs (list | None) – current signing key digests qb64

• None) (nsith int | str | list |) – next signing threshold input to Tholder

• toad (int | str | None) – witness threshold number if str then hex str

• wits (list | None) – witness identifier prefixes qb64

• cnfg (list | None) – configuration traits from TraitDex

• data (list | None) – seal dicts

• version (Version) – KERI protocol version string

• kind (str) – serialization kind from Serials

• code (str | None) – derivation code for computed prefix

• intive (bool) – True means sith, nsith, and toad are serialized as ints not hex str when numeric threshold. Most compact JSON representation when Numbers are small because no quotes. Number accepts both.

• delpre (str | None) – delegator identifier prefix qb64. When not None makes this a msg type “dip”, delegated inception event.

keri.core.eventing.interact(pre, dig, sn=1, data=None, version=(1, 0), kind='JSON')

Returns serder of interaction event message. Utility function to automate creation of interaction events.

Parameters:

pre is identifier prefix qb64 dig is said digest of previous event qb64 sn is int sequence number data is list of dicts of comitted data such as seals version is Version instance kind is serialization kind

keri.core.eventing.loadEvent(db, preb, dig)

Load event details from database

Parameters:

• db (Baser) – database to load event fro,

• preb (bytes) – qb64b identifier prefix

• dig (bytes) – digest of event to load

Returns:

data from event

Return type:

dict

keri.core.eventing.messagize(serder, *, sigers=None, seal=None, wigers=None, cigars=None, pipelined=False)

Attaches indexed signatures from sigers and/or cigars and/or wigers to KERI message data from serder :param serder: instance containing the event :type serder: SerderKERI :param sigers: of Siger instances (optional) to create indexed signatures :type sigers: list :param seal: optional if sigers and

If SealEvent use attachment group code TransIdxSigGroups plus attach

triple pre+snu+dig made from (i,s,d) of seal plus ControllerIdxSigs plus attached indexed sigs in sigers

Else If SealLast use attachment group code TransLastIdxSigGroups plus

attach uniple pre made from (i,) of seal plus ControllerIdxSigs plus attached indexed sigs in sigers

Else use ControllerIdxSigs plus attached indexed sigs in sigers

Parameters:

• wigers (list) – optional list of Siger instances of witness index signatures

• cigars (list) – optional list of Cigars instances of non-transferable non indexed signatures from which to form receipt couples. Each cigar.vefer.qb64 is pre of receiptor and cigar.qb64 is signature

• pipelined (bool) – False means to not prepend pipelining count code

Returns: bytearray KERI event message

keri.core.eventing.prod(route='', replyRoute='', query=None, stamp=None, version=(1, 0), kind='JSON')

Returns serder of prod, ‘pro’, msg to request disclosure via bare, ‘bar’ msg of data anchored via seal(s) on KEL for identifier prefix, pre, when given by all SAIDs given in digs list.

{

“v” : “KERI10JSON00011c_”, “t” : “pro”, “d”: “EZ-i0d8JZAoTNZH3ULaU6JR2nmwyvYAfSVPzhzS6b5CM”, “dt”: “2020-08-22T17:50:12.988921+00:00”, “r” : “data”, “rr”: “data/processor”, “q”: {

“d”:”EaU6JR2nmwyZ-i0d8JZAoTNZH3ULvYAfSVPzhzS6b5CM”

}

}

keri.core.eventing.proofize(sadtsgs=None, *, sadsigers=None, sadcigars=None, pipelined=False)

Parameters:

• sadsigers (list)

• sadtsgs (list)

• sadcigars (list)

• pipelined (bool) – False means to not prepend pipelining count code

Returns:

bytes of CESR Proof Signature attachments

keri.core.eventing.query(route='', replyRoute='', query=None, stamp=None, version=(1, 0), kind='JSON')

Returns serder of query ‘qry’ message. Utility function to automate creation of query messages.

Parameters:

• route (str) – namesapaced path, ‘/’ delimited, that indicates data flow handler (behavior) to processs the query

• replyRoute (str) – namesapaced path, ‘/’ delimited, that indicates data flow handler (behavior) to processs reply message to query if any.

• query (dict) – query data paramaters modifiers

• stamp (str) – date-time-stamp RFC-3339 profile of ISO-8601 datetime of creation of message

• version (Version) – KERI message Version namedtuple instance

• kind (str) – serialization kind value of Serials

{

“v” : “KERI10JSON00011c_”, “t” : “qry”, “d”: “EZ-i0d8JZAoTNZH3ULaU6JR2nmwyvYAfSVPzhzS6b5CM”, “dt”: “2020-08-22T17:50:12.988921+00:00”, “r” : “logs”, “rr”: “log/processor”, “q” : {

“i”: “EaU6JR2nmwyZ-i0d8JZAoTNZH3ULvYAfSVPzhzS6b5CM”, “sn”: “5”, “dt”: “2020-08-01T12:20:05.123456+00:00”,

}

}

keri.core.eventing.receipt(pre, sn, said, *, version=(1, 0), kind='JSON')

Returns serder of event receipt message. Used for both non-trans and trans signers as determined by signature attachment type (cigar or siger)

Utility function to automate creation of receipts.

Parameters:

pre is qb64 str of prefix of event being receipted sn is int sequence number of event being receipted said is qb64 of said of event being receipted version is Version instance of receipt kind is serialization kind of receipt

keri.core.eventing.reply(route='', data=None, stamp=None, version=(1, 0), kind='JSON')

Returns serder of reply ‘rpy’ message. Utility function to automate creation of reply messages. Reply ‘rpy’ message is a SAD item with an associated derived SAID in its ‘d’ field.

Parameters:

route (str): ‘/’ delimited path identifier of data flow handler

(behavior) to processs the reply if any

data (dict): attribute section of reply stamp (str): date-time-stamp RFC-3339 profile of ISO-8601 datetime of

creation of message or data

version (Version): KERI message Version namedtuple instance kind (str): serialization kind value of Serials

{

“v” : “KERI10JSON00011c_”, “t” : “rpy”, “d”: “EZ-i0d8JZAoTNZH3ULaU6JR2nmwyvYAfSVPzhzS6b5CM”, “dt”: “2020-08-22T17:50:12.988921+00:00”, “r” : “logs/processor”, “a” : {

“d”: “EaU6JR2nmwyZ-i0d8JZAoTNZH3ULvYAfSVPzhzS6b5CM”, “i”: “EAoTNZH3ULvYAfSVPzhzS6baU6JR2nmwyZ-i0d8JZ5CM”, “name”: “John Jones”, “role”: “Founder”,

}

}

keri.core.eventing.rotate(pre, keys, dig, *, ilk='rot', sn=1, isith=None, ndigs=None, nsith=None, toad=None, wits=None, cuts=None, adds=None, data=None, version=(1, 0), kind='JSON', intive=False)

Returns serder of rotation event message. Utility function to automate creation of rotation events.

Parameters:

• pre (str) – identifier prefix qb64

• keys (list) – current signing keys qb64

• dig (str) – SAID of previous event qb64

• ilk (str) – ilk of event. Must be in (Ilks.rot, Ilks.drt)

• sn (int | str) – sequence number int or hex str

• sith (int | str | list | None) – current signing threshold input to Tholder

• ndigs (list | None) – current signing key digests qb64

• None) (nsith int | str | list |) – next signing threshold input to Tholder

• toad (int | str | None) – witness threshold number if str then hex str

• wits (list | None) – prior witness identifier prefixes qb64

• cuts (list | None) – witness prefixes to cut qb64

• adds (list | None) – witness prefixes to add qb64

• data (list | None) – seal dicts

• version (Version) – KERI protocol version string

• kind (str) – serialization kind from Serials

• intive (bool) – True means sith, nsith, and toad are serialized as ints instead of hex str when numeric threshold

keri.core.eventing.simple(n)

Returns int as simple majority of n when n >=1

otherwise returns 0

Parameters:

elements (n is int total number of)

keri.core.eventing.state(pre, sn, pig, dig, fn, eilk, keys, eevt, stamp=None, sith=None, ndigs=None, nsith=None, toad=None, wits=None, cnfg=None, dpre=None, version=(1, 0), kind='JSON', intive=False)

Returns instance of KeyStateRecord in support of key state notification messages. Utility function to automate creation embedded key static notices

Parameters:

• pre (str) – identifier prefix qb64

• sn (int) – sequence number of latest event

• pig (str) – SAID qb64 of prior event

• dig (str) – SAID qb64 of latest (current) event

• fn (int) – first seen ordinal number of latest event

• eilk (str) – event (message) type (ilk) of latest (current) event

• keys (list) – qb64 signing keys

• eevt (StateEstEvent) – namedtuple (s,d,wr,wa) for latest est event s = sn of est event d = SAID of est event wr = witness remove list (cuts) wa = witness add list (adds)

• stamp (str | None) – date-time-stamp RFC-3339 profile of ISO-8601 datetime of creation of message or data

• sith (sith) – current signing threshold input to Tholder

• ndigs (list | None) – current signing key digests qb64

• None) (nsith int | str | list |) – next signing threshold input to Tholder

• toad (int | str | None) – witness threshold number if str then hex str

• wits (list | None) – prior witness identifier prefixes qb64

• cnfg (list | None) – strings from TraitDex configuration trait strings

• dpre (str | None) – identifier prefix qb64 delegator if any If None then dpre in state is empty “”

• version (Version) – KERI protocol version string

• kind (str) – serialization kind from Serials

• intive (bool) – True means sith, nsith, and toad are serialized as ints instead of hex str when numeric threshold

keri.core.eventing.validateSN(sn, inceptive=None)

Returns:

converted from sn hex str

Return type:

sn (int)

Raises ValueError if invalid sn

Parameters:

• sn (str) – hex char sequence number of event or seal in an event

• inceptive (bool) – Check sn value and raise ValueError if invalid None means check for sn < 0 True means check for sn != 0 False means check for sn < 1

keri.core.eventing.validateSigs(serder, sigers, verfers, tholder)

Validates signatures given by sigers using keys given by verfers on msg given by serder subject to threshold given by tholder. Returns subset of valid signatures for storage.

Returns:

(sigers, valid) where:

sigers (list): subset of of provided sigers of verified signatures

on serder using verfers

valid (bool): True means threshold from tholder satisfied by sigers,

False otherwise.

Return type:

result (tuple)

Parameters:

• serder (SerderKERI) – instance of message

• sigers (Iterable) – Siger instances of indexed signatures. Index is offset into verfers list each providing verification key

• verfers (Iterable) – Verfer instances of keys

• tholder (Tholder) – instance of signing threshold (sith)

• number. (seqner is Seqner instance of delegating event sequence) – If this event is not delegated then seqner is ignored

• digest. (diger is Diger instance of of delegating event) – If this event is not delegated then diger is ignored

keri.core.eventing.verifySigs(raw, sigers, verfers)

Returns tuple of (vsigers, vindices) where:

vsigers is list of unique verified sigers with assigned verfer vindices is list of indices from those verified sigers

The returned vsigers and vindices may be used for threshold validation

Assigns appropriate verfer from verfers to each siger based on siger index If no signatures verify then sigers and indices are empty

Parameters:

• raw (bytes)

• instances (sigers is list of indexed Siger)

• instance (verfers is list of Verfer)

keri.core.parsing

keri.core.parsing module

message stream parsing support

class keri.core.parsing.ColdCodex(Free: int = 0, CtB64: int = 1, OpB64: int = 2, JSON: int = 3, MGPK1: int = 4, CBOR: int = 5, MGPK2: int = 6, CtOpB2: int = 7)

ColdCodex is codex of cold stream start tritets of first byte Only provide defined codes. Undefined are left out so that inclusion(exclusion) via ‘in’ operator works.

First three bits:

0o0 = 000 free 0o1 = 001 cntcode B64 0o2 = 010 opcode B64 0o3 = 011 json 0o4 = 100 mgpk 0o5 = 101 cbor 0o6 = 110 mgpk 007 = 111 cntcode or opcode B2

status is one of (‘evt’, ‘txt’, ‘bny’ ) ‘evt’ if tritet in (ColdDex.JSON, ColdDex.MGPK1, ColdDex.CBOR, ColdDex.MGPK2) ‘txt’ if tritet in (ColdDex.CtB64, ColdDex.OpB64) ‘bny’ if tritet in (ColdDex.CtOpB2,)

otherwise raise ColdStartError

x = bytearray([0x2d, 0x5f]) x == bytearray(b’-_’) x[0] >> 5 == 0o1 True

class keri.core.parsing.Coldage(msg, txt, bny)

bny

Alias for field number 2

msg

Alias for field number 0

txt

Alias for field number 1

class keri.core.parsing.Parser(ims=None, framed=True, pipeline=False, kvy=None, tvy=None, exc=None, rvy=None, vry=None)

Parser is stream parser that processes an incoming message stream. Each message in the stream is composed of a message body with a message foot The message body includes a version string. The message foot is composed of composable concatenated attachments encoded in CESR (Composable Event Streaming Representation) CESR supports both binary and text formats where text is Base64 URL/Filesafe. The attachements in a CESR foot may be converted and round tripped en-masse between binary and text (Base64 URL/File). CESR encoding ensures alignment on 24 bit boundaries.

Only supports current version VERSION

Has the following public attributes and properties:

ims

incoming message stream

Type:

bytearray

framed

True means stream is packet framed

Type:

bool

pipeline

True means use pipeline processor to process whenever stream includes pipelined count codes.

Type:

bool

kvy

route KEL message types to this instance

Type:

Kevery

tvy

route TEL message types to this instance

Type:

Tevery

__init__(ims=None, framed=True, pipeline=False, kvy=None, tvy=None, exc=None, rvy=None, vry=None)

Initialize instance:

Parameters:

• ims (bytearray) – incoming message stream

• framed (bool) – True means ims contains only one msg body plus its foot of attachments, not multiple sets of msg body plus foot

• pipeline (bool) – True means use pipeline processor to process ims msgs when stream includes pipelined count codes.

• kvy (Kevery) – route KEL message types to this instance

• tvy (Tevery) – route TEL message types to this instance

• exc (Exchanger) – route EXN message types to this instance

• rvy (Revery) – reply (RPY) message handler

• vry (Verfifier) – credential verifier with wallet storage

allParsator(ims=None, framed=None, pipeline=None, kvy=None, tvy=None, exc=None, rvy=None, vry=None)

Returns generator to parse all messages from incoming message stream, ims until ims is exhausted (empty) then returns. Generator completes as soon as ims is empty. If ims not provided then parse messages from .ims

Parameters:

• more (ims is bytearray of incoming message stream. May contain one or) – sets each of a serialized message with attached cryptographic material such as signatures or receipts.

• Boolean (pipeline is) – counted attachments instead of stream with multiple messages

• plus (True means ims contains only one frame of msg) – counted attachments instead of stream with multiple messages

• Boolean – ims msgs when stream includes pipelined count codes.

• process (True means use pipeline processor to) – ims msgs when stream includes pipelined count codes.

• kvy (Kevery) – route KERI KEL message types to this instance

• tvy (Tevery) – route TEL message types to this instance

• exc (Exchanger)

• rvy (Revery) – reply (RPY) message handler

• vry (Verfifier) – credential verifier with wallet storage

New Logic:

Attachments must all have counters so know if txt or bny format for attachments. So even when framed==True must still have counters.

static extract(ims, klas, cold='txt')

Extract and return instance of klas from input message stream, ims, given stream state, cold, is txt or bny. Inits klas from ims using qb64b or qb2 parameter based on cold.

msgParsator(ims=None, framed=True, pipeline=False, kvy=None, tvy=None, exc=None, rvy=None, vry=None)

Returns generator that upon each iteration extracts and parses msg with attached crypto material (signature etc) from incoming message stream, ims, and dispatches processing of message with attachments.

Uses .ims when ims is not provided.

Iterator yields when not enough bytes in ims to finish one msg plus attachments. Returns (which raises StopIteration) when finished.

Parameters:

• ims (bytearray) – May contain one or more sets each of a serialized message with attached cryptographic material such as signatures or receipts.

• framed (bool) – counted attachments instead of stream with multiple messages

• pipeline (bool) – ims msgs when stream includes pipelined count codes.

• kvy (Kevery)

• tvy (Tevery)

• exc (Exchanger)

• rvy (Revery) – reply (RPY) message handler

• vry (Verifier)

Logic:

Currently only support couters on attachments not on combined or on message Attachments must all have counters so know if txt or bny format for attachments. So even when framed==True must still have counter. Do While loop

sniff to set up first extraction

raise exception and flush full tream if stream start is counter must be message

extract message sniff for counter if group counter extract and discard but keep track of count so if error while processing attachments then only need to flush attachment count not full stream.

onceParsator(ims=None, framed=None, pipeline=None, kvy=None, tvy=None, exc=None, rvy=None, vry=None)

Returns generator to parse one message from incoming message stream, ims. If ims not provided parse messages from .ims

Parameters:

• more (ims is bytearray of incoming message stream. May contain one or) – sets each of a serialized message with attached cryptographic material such as signatures or receipts.

• Boolean (pipeline is) – counted attachments instead of stream with multiple messages

• plus (True means ims contains only one frame of msg) – counted attachments instead of stream with multiple messages

• Boolean – ims msgs when stream includes pipelined count codes.

• process (True means use pipeline processor to) – ims msgs when stream includes pipelined count codes.

• kvy (Kevery) – route KERI KEL message types to this instance

• tvy (Tevery) – route TEL message types to this instance

• exc (Exchanger)

• rvy (Revery) – reply (RPY) message handler

• vry (Verfifier) – credential verifier with wallet storage

New Logic:

Attachments must all have counters so know if txt or bny format for attachments. So even when framed==True must still have counters.

parsator(ims=None, framed=None, pipeline=None, kvy=None, tvy=None, exc=None, rvy=None, vry=None)

Returns generator to continually parse messages from incoming message stream, ims. Empty yields when ims is emply. Useful for always running servers. One yield from per each message if any. Continually yields while ims is empty. If ims not provided then parse messages from .ims

Parameters:

• more (ims is bytearray of incoming message stream. May contain one or) – sets each of a serialized message with attached cryptographic material such as signatures or receipts.

• Boolean (pipeline is) – counted attachments instead of stream with multiple messages

• plus (True means ims contains only one frame of msg) – counted attachments instead of stream with multiple messages

• Boolean – ims msgs when stream includes pipelined count codes.

• process (True means use pipeline processor to) – ims msgs when stream includes pipelined count codes.

• kvy (Kevery) – route KERI KEL message types to this instance

• tvy (Tevery) – route TEL message types to this instance

• exc (Exchanger)

• rvy (Revery) – reply (RPY) message handler

• vry (Verifier) – credential processor

New Logic:

Attachments must all have counters so know if txt or bny format for attachments. So even when framed==True must still have counters.

parse(ims=None, framed=None, pipeline=None, kvy=None, tvy=None, exc=None, rvy=None, vry=None)

Processes all messages from incoming message stream, ims, when provided. Otherwise process messages from .ims Returns when ims is empty. Convenience executor for .processAllGen when ims is not live, i.e. fixed

Parameters:

• more (ims is bytearray of incoming message stream. May contain one or) – sets each of a serialized message with attached cryptographic material such as signatures or receipts.

• Boolean (pipeline is) – counted attachments instead of stream with multiple messages

• plus (True means ims contains only one frame of msg) – counted attachments instead of stream with multiple messages

• Boolean – ims msgs when stream incpyludes pipelined count codes.

• process (True means use pipeline processor to) – ims msgs when stream incpyludes pipelined count codes.

• kvy (Kevery) – route KERI KEL message types to this instance

• tvy (Tevery) – route TEL message types to this instance

• exc (Exchanger)

• rvy (Revery) – reply (RPY) message handler

• vry (Verfifier) – credential verifier with wallet storage

New Logic:

Attachments must all have counters so know if txt or bny format for attachments. So even when framed==True must still have counters.

parseOne(ims=None, framed=True, pipeline=False, kvy=None, tvy=None, exc=None, rvy=None, vry=None)

Processes one messages from incoming message stream, ims, when provided. Otherwise process message from .ims Returns once one message is processed. Convenience executor for .processOneGen when ims is not live, i.e. fixed

Parameters:

• stream. (ims is bytearray of serialized incoming message) – May contain one or more sets each of a serialized message with attached cryptographic material such as signatures or receipts.

• Boolean (pipeline is) – counted attachments instead of stream with multiple messages

• plus (True means ims contains only one frame of msg) – counted attachments instead of stream with multiple messages

• Boolean – ims msgs when stream includes pipelined count codes.

• process (True means use pipeline processor to) – ims msgs when stream includes pipelined count codes.

• kvy (Kevery) – route KERI KEL message types to this instance

• tvy (Tevery) – route TEL message types to this instance

• exc (Exchanger)

• rvy (Revery) – reply (RPY) message handler

New Logic:

Attachments must all have counters so know if txt or bny format for attachments. So even when framed==True must still have counters.

static sniff(ims)

Returns status string of cold start of stream ims bytearray by looking at first triplet of first byte to determin if message or counter code and if counter code whether Base64 or Base2 representation

First three bits: 0o0 = 000 free 0o1 = 001 cntcode B64 0o2 = 010 opcode B64 0o3 = 011 json 0o4 = 100 mgpk 0o5 = 101 cbor 0o6 = 110 mgpk 007 = 111 cntcode or opcode B2

counter B64 in (0o1, 0o2) return ‘txt’ counter B2 in (0o7) return ‘bny’ event in (0o3, 0o4, 0o5, 0o6) return ‘evt’ unexpected in (0o0) raise ColdStartError Colds = Coldage(msg=’msg’, txt=’txt’, bny=’bny’)

‘msg’ if tritet in (ColdDex.JSON, ColdDex.MGPK1, ColdDex.CBOR, ColdDex.MGPK2) ‘txt’ if tritet in (ColdDex.CtB64, ColdDex.OpB64) ‘bny’ if tritet in (ColdDex.CtOpB2,)

keri.core.routing

keri.core.routing module

class keri.core.routing.Revery(db, rtr=None, cues=None, lax=True, local=False)

Reply message event processor

__init__(db, rtr=None, cues=None, lax=True, local=False)

Parameters:

• db

• cues

• lax

• local

acceptReply(serder, saider, route, aid, osaider=None, cigars=None, tsgs=None)

Applies Best Available Data Acceptance policy to reply and signatures

Returns:

True is successfully accepted. False otherwise

Return type:

bool

Parameters:

• serder (Serder) – instance of reply msg (SAD)

• saider (Saider) – instance from said in serder (SAD)

• osaider (Saider) – instance of saider for previous reply if any

• route (str) – reply route

• aid (str) – identifier prefix qb64 of authorizing attributable ID

• cigars (list) – of Cigar instances that contain nontrans signing couple signature in .raw and public key in .verfer

• tsgs (list) – tuples (quadruples) of form (prefixer, seqner, diger, [sigers]) where: prefixer is pre of trans endorser seqner is sequence number of trans endorser’s est evt for keys for sigs diger is digest of trans endorser’s est evt for keys for sigs [sigers] is list of indexed sigs from trans endorser’s keys from est evt

BADA (Best Available Data Acceptance) model for each reply message. Latest-Seen-Signed Pairwise comparison of new update reply compared to old already accepted reply from same source for same route (same data). Accept new reply (update) if new reply is later than old reply where:

1. If transferable: Later is True

   A) If sn (sequence number) of last (if forked) Est evt that provides keys for signature(s) of new is greater than sn of last Est evt that provides keys for signature(s) of old.

   Or

   2. If sn of new equals sn of old And date-time-stamp of new is greater than old

2. Else If non-transferable: Later it True

   If date-time-stamp of new is greater than old

4. Else Later is False

If nontrans and last Est Evt is not yet accepted then escrow. If nontrans and partially signed then escrow.

Escrow process logic is route dependent and is dispatched by route, i.e. route is address of buffer with route specific handler of escrow.

escrowReply(*, serder, saider, dater, route, prefixer, seqner, ssaider, sigers)

Escrow reply by route

Parameters:

• serder (Serder) – instance of reply msg (SAD)

• saider (Saider) – instance from said in serder (SAD)

• dater (Dater) – instance from date-time in serder (SAD)

• route (str) – reply route

• prefixer (Prefixer) – is pre of trans endorser

• seqner (Seqner) – is sequence number of trans endorser’s est evt for keys for sigs

• ssaider (Saider)

• sigers (list) – is indexed sigs from trans endorser’s key from est evt

property prefixes

Returns .db.prefixes

processEscrowReply()

Process escrows for reply messages.

Escrows are keyed by reply route and val is reply said

triple (prefixer, seqner, diger) quadruple (prefixer, seqner, diger, siger)

processReply(serder, cigars=None, tsgs=None)

Process one reply message with either attached nontrans signing couples in cigars or attached trans indexed sig groups in tsgs. Process logic is route dependent and dispatched by route.

Parameters:

• serder (Serder) – instance of reply message

• cigars (list) – of Cigar instances that contain nontrans signing couple signature in .raw and public key in .verfer

• tsgs (list) – tuples (quadruples) of form (prefixer, seqner, diger, [sigers]) where: prefixer is pre of trans endorser seqner is sequence number of trans endorser’s est evt for keys for sigs diger is digest of trans endorser’s est evt for keys for sigs [sigers] is list of indexed sigs from trans endorser’s keys from est evt

BADA (Best Available Data Acceptance) model for each reply message. Latest-Seen-Signed Pairwise comparison of new update reply compared to old already accepted reply from same source for same route (same data). Accept new reply (update) if new reply is later than old reply where:

1. Later means date-time-stamp of new is greater than old

If non-trans signer then also (AND)

2. Later means sn (sequence number) of last (if forked) Est evt that provides keys for signature(s) of new is greater than or equal to sn of last Est evt that provides keys for signature(s) of new.

If nontrans and last Est Evt is not yet accepted then escrow. If nontrans and partially signed then escrow.

Escrow process logic is route dependent and is dispatched by route, i.e. route is address of buffer with route specific handler of escrow.

removeReply(saider)

Remove Reply SAD artifacts given by saider.

Parameters:

saider (Saider) – instance from said in serder (SAD)

updateReply(*, serder, saider, dater, cigar=None, prefixer=None, seqner=None, diger=None, sigers=None)

Update Reply SAD in database

Update Reply SAD in database given by by serder and associated databases for attached cig couple or sig quadruple. Overwrites val at key if already exists.

Parameters:

• serder (Serder) – instance of reply msg (SAD)

• saider (Saider) – instance from said in serder (SAD)

• dater (Dater) – instance from date-time in serder (SAD)

• cigar (Cigar) – instance that contain nontrans signing couple signature in .raw and public key in .verfer

• prefixer (Prefixer) – is pre of trans endorser

• seqner (Seqner) – is sequence number of trans endorser’s est evt for keys for sigs

• diger (Diger) – is digest of trans endorser’s est evt for keys for sigs

• sigers (list) – of indexed sigs from trans endorser’s key from est evt

class keri.core.routing.Route(regex, fields, resource, suffix=None)

Route class for registration of reply message handlers

This class represents a registered route internally to the Revery. the properties are created by using the Falcon compile route utility method

Properties:

.regex(re): compiled url template regex .fields(set): field names for matches in regex .resource(object): the handler for this route .suffix(Optional(str)): a suffix to be applied to the handler method

__init__(regex, fields, resource, suffix=None)

Initialize instance of route

Parameters:

• regex (re) – compiled url template regex

• fields (set) – field names for matches in regex

• resource (object) – the handler for this route

• suffix (Optional(str)) – a suffix to be applied to the handler method

class keri.core.routing.Router(routes=None)

Reply message router

Reply message router that accepts registration of route r handlers and dispatches reply messages to the appropriate handler.

__init__(routes=None)

Initialized instance with optiona list of existing routes

Parameters:

routes (list) – preregistered routes for this router

addRoute(routeTemplate, resource, suffix=None)

Add a route between a route template and a resource

Parameters:

• routeTemplate (str) – a route template to use for the resource

• resource (object) – the resource instance to associate with the route template

• suffix (str, optional) – Optional responder name suffix for this route. If a suffix is provided, Router will map reply routes to processReply{suffix}(). In this way, multiple closely-related routes can be mapped to the same resource.

dispatch(serder, saider, cigars, tsgs)

Parameters:

• serder

• saider

• cigars

• tsgs

Returns:

processRouteNotFound(*, serder, saider, route, cigars=None, tsgs=None, **kwargs)

Default handler for processing reply message with an unregistered route

Parameters:

• serder (Serder) – reply event message

• saider (Saider) – SAIDer of the sender

• route (str) – route (‘r’) of the event message

• cigars (Optional(list)) – list of non-transferable signature tuples

• tsgs (Optional(list)) – list of transferable signature tuples

• **kwargs (dict)

keri.core.routing.compile_uri_template(template)

Compile the given URI template string into a pattern matcher.

This function can be used to construct custom routing engines that iterate through a list of possible routes, attempting to match an incoming request against each route’s compiled regular expression.

Each field is converted to a named group, so that when a match is found, the fields can be easily extracted using re.MatchObject.groupdict().

This function does not support the more flexible templating syntax used in the default router. Only simple paths with bracketed field expressions are recognized. For example:

/
/books
/books/{isbn}
/books/{isbn}/characters
/books/{isbn}/characters/{name}

Also, note that if the template contains a trailing slash character, it will be stripped in order to normalize the routing logic.

Parameters:

template (str) – The template to compile. Note that field names are restricted to ASCII a-z, A-Z, and the underscore character.

Returns:

(template_field_names, template_regex)

Return type:

tuple

keri.core.scheming

keri.core.scheming module

self-addressing and schema support

class keri.core.scheming.CacheResolver(db)

Sample jsonschema resolver for loading schema $ref references from a local hash.

__init__(db)

Create a jsonschema resolver that can be used for loading references to schema remotely.

Parameters:

db (Baser)

add(key, schema)

Add schema to cache for resolution

Parameters:

• key (str) – URI to resolve to the schema

• schema (bytes) – is bytes of the schema for the URI

handler(uri)

Handler provided to jsonschema for cache resolution

Parameters:

uri (str) – the URI to resolve

resolver(scer=b'')

Locally cached schema resolver

Returns a jsonschema resolver for returning locally cached schema based on self-addressing identifier URIs.

Parameters:

scer (Optional(bytes))

class keri.core.scheming.JSONSchema(resolver=None)

JSON Schema support class

__init__(resolver=None)

Initialize instance

Parameters:

resolver (Optional(Resolver)) – instance used by JSONSchema parsing to resolve external refs

static detect(raw)

Detect if raw content is JSON Schema

Parameters:

raw (bytes) – data to check for JSON Schema

Returns:

True if content represents JSON Schema by checking

for $schema; False otherwise

Return type:

boolean

static dump(sed, kind='JSON')

Serailize schema based on kind

Parameters:

• sed (dict) – in memory representation of schema

• kind (Optional(Serials)) – kind of serialization to perform. Defaults to JSON

Returns:

Serialized schema

Return type:

bytes

load(raw, kind='JSON')

Schema loader

Loads schema based on kind by performing deserialization on raw bytes of schema

Parameters:

• raw (bytes) – raw serialized schema

• kind (Optional(Serials)) – serialization kind of schema raw content

Returns:

(dict, Serials, Saider) of schema

Return type:

tuple

resolve(uri)

Resolve remote reference to schema

Parameters:

uri (str) – uniform resource identifier of schema to load

verify_json(schema=b'', raw=b'')

Verify the raw content against the schema for JSON that conforms to the schema

Parameters:

• schema (bytes) – is the schema use for validation

• raw (bytes) – is JSON to validate against the Schema

Returns:

True if the JSON passes validation against the

provided complaint Draft 7 JSON Schema. Returns False if raw is not valid JSON, schema is not valid JSON Schema or the validation fails

Return type:

boolean

static verify_schema(schema)

Validate schema integrity

Returns True if the provided schema validates successfully

as complaint Draft 7 JSON Schema False otherwise

Parameters:

schema (dict) – is the JSON schema to verify

class keri.core.scheming.Schemer(raw=b'', sed=None, kind=None, typ=<keri.core.scheming.JSONSchema object>, code='E')

Schemer is KERI schema serializer-deserializer class

Verifies self-addressing identifier base on schema type Only supports current version VERSION

Has the following public properties:

Properties:

.raw (bytes): of serialized event only .sed (dict): schema dict .kind (Schema): kind string value (see namedtuple coring.Serials) .saider (Saider): instance of self-addressing identifier .said (qb64): digest from .saider

Hidden Attributes:

._raw (bytes): of serialized schema only ._sed (JSON): schema dict ._kind (schema): kind string value (see namedtuple coring.Serials)

supported kinds are ‘JSONSchema’

._code (default): code for .saider ._saider (Saider): instance of digest of .raw

__init__(raw=b'', sed=None, kind=None, typ=<keri.core.scheming.JSONSchema object>, code='E')

Initialize instance of Schemer

Deserialize if raw provided Serialize if sed provided but not raw When serializing if kind provided then use kind instead of field in sed

Parameters:

• raw (bytes) – of serialized schema

• sed (dict) – dict or None if None its deserialized from raw

• typ (JSONSchema) – type of schema

• kind (serialization) – kind string value or None (see namedtuple coring.Serials) supported kinds are ‘json’, ‘cbor’, ‘msgpack’, ‘binary’ if kind (None): then its extracted from ked or raw

• code (MtrDex) – default digest code

property kind

kind property getter

pretty(*, size=1024)

Returns str JSON of .sed with pretty formatting

ToDo: add default size limit on pretty when used for syslog UDP MCU like 1024 for ogler.logger

property raw

raw property getter

property said

said property getter, relies on saider

property saider

saider property getter

property sed

ked property getter

verify(raw=b'')

Returns True if derivation from ked for .code matches .qb64 and

If prefixed also verifies ked[“i”] matches .qb64 False otherwise

Parameters:

raw (bytes) – is serialised JSON content to verify against schema