Jump to content

Connect SuperML | Leeroopedia MCP: Equip your AI agents with best practices, code verification, and debugging knowledge. Powered by Leeroo — building Organizational Superintelligence. Contact us at founders@leeroo.com.

Implementation:Infiniflow Ragflow CryptoUtil

From Leeroopedia
Knowledge Sources
Domains Security, Cryptography
Last Updated 2026-02-12 06:00 GMT

Overview

Concrete tool for symmetric encryption and decryption using AES and SM4 algorithms provided by the RAGFlow common library.

Description

The CryptoUtil factory class manages symmetric encryption across multiple algorithms. It builds on BaseCrypto, which implements PBKDF2 key derivation and PKCS7 padding, with concrete subclasses AES128CBC, AES256CBC, and SM4CBC. The factory selects the correct cipher variant based on an algorithm string (e.g., "aes-256-cbc", "sm4-cbc").

Usage

Import this module when you need to encrypt or decrypt sensitive data such as database passwords or API keys stored in configuration files. The primary entry point is CryptoUtil, which wraps algorithm selection, key derivation, and cipher operations behind a simple encrypt / decrypt interface.

Code Reference

Source Location

Signature

class CryptoUtil:
    SUPPORTED_ALGORITHMS = {
        "aes-128-cbc": AES128CBC,
        "aes-256-cbc": AES256CBC,
        "sm4-cbc": SM4CBC,
    }

    def __init__(self, algorithm: str = "aes-256-cbc", key: str = None, iv: str = None):
        """Initialize with algorithm selection, key, and optional IV."""

    def encrypt(self, data: str) -> str:
        """Encrypt plaintext data, returns base64-encoded ciphertext."""

    def decrypt(self, encrypted_data: str) -> str:
        """Decrypt base64-encoded ciphertext, returns plaintext."""

Import

from common.crypto_utils import CryptoUtil

I/O Contract

Inputs

Name Type Required Description
algorithm str No Encryption algorithm identifier (default: "aes-256-cbc")
key str Yes Encryption key string
iv str No Initialization vector (auto-generated if omitted)
data str Yes Plaintext data to encrypt (for encrypt method)
encrypted_data str Yes Base64-encoded ciphertext (for decrypt method)

Outputs

Name Type Description
encrypt() returns str Base64-encoded ciphertext with prepended IV
decrypt() returns str Original plaintext string

Usage Examples

from common.crypto_utils import CryptoUtil

# Initialize with default AES-256-CBC
crypto = CryptoUtil(algorithm="aes-256-cbc", key="my-secret-key")

# Encrypt sensitive data
encrypted = crypto.encrypt("database_password_123")
print(encrypted)  # Base64-encoded string

# Decrypt data
decrypted = crypto.decrypt(encrypted)
assert decrypted == "database_password_123"

# Use SM4 algorithm
sm4_crypto = CryptoUtil(algorithm="sm4-cbc", key="another-key")
encrypted_sm4 = sm4_crypto.encrypt("sensitive-data")

Related Pages

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Implementation:Infiniflow_Ragflow_CryptoUtil&oldid=3026"