Python Decryption

Well Alice, the good news is, your first encrypted file is so safe, only you can decrypt it. Let’s confirm that with your protected file. Then, we’ll grant access to someone you trust.

Meet Secure Reader, the easiest way to decrypt

Opening a protected HTML file will take you to Virtru’s Secure Reader.

Authenticating with Virtru Secure ReaderAuthenticating with Virtru Secure Reader

Authenticating with Virtru Secure Reader

Secure Reader will also ask you to authenticate. Again, no one trusts that you’re Alice. But trust us, it’s good for security. If Mallory tries to authenticate, he won’t see your sensitive data.

But if you authenticate, Secure Reader will render your file.

Decrypting with Virtru Secure ReaderDecrypting with Virtru Secure Reader

Decrypting with Virtru Secure Reader

If Secure Reader can’t render the file, you will still be able to download it.

Decrypting via SDK

Outside of Secure Reader, you can also decrypt a file via the SDK:

# Decryption example
import os
from virtru_sdk import Client

# Load email and appId from environment variables
VIRTRU_SDK_EMAIL = os.getenv("VIRTRU_SDK_EMAIL")
VIRTRU_SDK_APP_ID = os.getenv("VIRTRU_SDK_APP_ID")
if not (VIRTRU_SDK_EMAIL and VIRTRU_SDK_APP_ID):
    raise EnvironmentError("An environment variable is not set:\n- VIRTRU_SDK_EMAIL\n- VIRTRU_SDK_APP_ID")

# Authenticate
client = Client(owner=VIRTRU_SDK_EMAIL, app_id=VIRTRU_SDK_APP_ID)

# Decrypt
protected_file = "sensitive.txt.tdf.html"
unprotected_file = "sensitive_decrypted.txt"
client.decrypt_file(in_file_path=protected_file,
                    out_file_path=unprotected_file)

print(f"Decrypted file {unprotected_file}")

Allowing others to decrypt

But let’s say you wanted to share your sensitive data with your trusted colleague Bob, whose email is [email protected].

For existing files, you would grant access to [email protected] and save the changes to the Virtru Platform.

policy = Policy()
policy.share_with_users(["[email protected]"])

client.update_policy_for_file(policy, "sensitive.txt.tdf.html")

Now, [email protected] should be able to view your sensitive data in Secure Reader (anywhere) or via the SDK decrypt call (in your apps).

When protecting new files, you can grant access to Bob or any number of users as part of encryption params:

policy = Policy()
policy.share_with_users(["[email protected]"])

# encrypt the file with the new policy
param = EncryptFileParams(in_file_path="sensitive.txt",
                         out_file_path="sensitive.txt.tdf.html")
param.set_policy(policy)
client.encrypt_file(encrypt_file_params=param)

Did this page help you?