The keys (and some embedded data) in PSKC files can be encrypted with either pre-shared keys, passphrase-based keys or asymmetric keys (asymmetric keys are currently unimplemented).
Embedded PSKC encryption is handled inside the Encryption class that defines encryption key and means of deriving keys. It is accessed from the encryption attribute of a PSKC instance:
>>> from pskc import PSKC
>>> pskc = PSKC('somefile.pskcxml')
>>> pskc.encryption.key = '12345678901234567890123456789012'.decode('hex')
or:
>>> pskc.encryption.derive_key('qwerty')
Once the encryption key has been set up any encrypted key values from the PSKC file are available transparently.
If an incorrect key has been set up, only upon accessing encrypted information (e.g. the secret attribute of a Key instance) a DecryptionError exception will be raised.
Optional identifier of the encryption key.
List of names provided for the encryption key.
Since usually only one name is defined for a key but the schema allows for multiple names, this is a shortcut for accessing the first value of key_names.
The binary value of the encryption key. In the case of pre-shared keys this value should be set before trying to access encrypted information in the PSKC file.
When using key derivation the secret key is available in this attribute after calling derive_key().
Derive a key from the supplied password and information in the PSKC file (generally algorithm, salt, etc.).
This function may raise a KeyDerivationError exception if key derivation fails for some reason.