dapr · paulyuk · Jan 22, 2025 · Jan 14, 2025 · Jan 21, 2025 · Jan 22, 2025
@@ -34,7 +34,7 @@ Run the `SmartDevice.Service`, which will start service itself and the Dapr side
 <!-- STEP
 name: Run actor service
 expected_stdout_lines:
-  - "Request finished HTTP/1.1 GET http://127.0.0.1:5001/healthz - 200"
+  - "Request finished HTTP/1.1 GET http://127.0.0.1:5001/dapr/config - 200"
 expected_stderr_lines:
 working_dir: .
 output_match_mode: substring
@@ -50,14 +50,23 @@ dapr run --app-id actorservice --app-port 5001 --app-protocol http --dapr-http-p
 Expected output:
 
 ```bash
+== APP == info: Microsoft.Hosting.Lifetime[14]
+== APP ==       Now listening on: http://localhost:5001
+== APP == info: Microsoft.Hosting.Lifetime[0]
+== APP ==       Application started. Press Ctrl+C to shut down.
+== APP == info: Microsoft.Hosting.Lifetime[0]
+== APP ==       Hosting environment: Production
+== APP == info: Microsoft.Hosting.Lifetime[0]
 == APP == info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
-== APP ==       Request starting HTTP/1.1 GET http://127.0.0.1:5001/healthz - -
+== APP ==       Request starting HTTP/1.1 GET http://127.0.0.1:5001/dapr/config - application/json -
+== APP == warn: Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware[3]
+== APP ==       Failed to determine the https port for redirect.
 == APP == info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
-== APP ==       Executing endpoint 'Dapr Actors Health Check'
+== APP ==       Executing endpoint 'Dapr Actors Config'
 == APP == info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
-== APP ==       Executed endpoint 'Dapr Actors Health Check'
+== APP ==       Executed endpoint 'Dapr Actors Config'
 == APP == info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
-== APP ==       Request finished HTTP/1.1 GET http://127.0.0.1:5001/healthz - - - 200 - text/plain 5.2599ms
+== APP ==       Request finished HTTP/1.1 GET http://127.0.0.1:5001/dapr/config - 200 - application/json 30.6175ms
 ```
 
 ### Step 4: Run the client app

@@ -0,0 +1,74 @@
+# Dapr cryptography (Dapr SDK)
+
+In this quickstart, you'll create an application that encrypts, and then decrypts, data using the Dapr cryptography APIs (high-level). We will:
+
+- Encrypt and then decrypt a short string, reading the result in-memory
+- Encrypt and then decrypt a large file, storing the encrypted and decrypted data to files
+
+Visit the documentation to learn more about the [Cryptography building block](https://v1-11.docs.dapr.io/developing-applications/building-blocks/cryptography/) in Dapr.
+
+> **Note:** This example uses the Dapr SDK. Using the Dapr SDK, which leverages gRPC internally, is **strongly** recommended when using the high-level cryptography APIs (to encrypt and decrypt messages).
+
+This quickstart includes one application:
+
+- Python application `crypto-quickstart`
+
+### Run Python service with Dapr
+
+> In order to run this sample, make sure that OpenSSL is available on your system.
+
+1. Navigate into the folder with the source code:
+
+<!-- STEP
+name: Navigate into folder
+expected_stdout_lines:
+expected_stderr_lines:
+-->
+
+```bash
+cd ./crypto-quickstart
+pip3 install -r requirements.txt
+```
+
+<!-- END_STEP -->
+
+2. This sample requires a private RSA key and a 256-bit symmetric (AES) key. We will generate them using OpenSSL:
+
+<!-- STEP
+name: Generate keys
+working_dir: crypto-quickstart
+expected_stdout_lines:
+expected_stderr_lines:
+-->
+
+```bash
+mkdir -p keys
+# Generate a private RSA key, 4096-bit keys
+openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out keys/rsa-private-key.pem
+# Generate a 256-bit key for AES
+openssl rand -out keys/symmetric-key-256 32
+```
+
+<!-- END_STEP -->
+
+3. Run the Python service app with Dapr:
+
+<!-- STEP
+name: Run order-processor service
+working_dir: crypto-quickstart
+expected_stdout_lines:
+  - '== APP == Encrypted the message, got 856 bytes'
+  - '== APP == Decrypted the message, got 24 bytes'
+  - '== APP == The secret is "passw0rd"'
+  - '== APP == Wrote encrypted data to encrypted.out'
+  - '== APP == Wrote decrypted data to decrypted.out.jpg'
+  - "Exited App successfully"
+expected_stderr_lines:
+output_match_mode: substring
+-->
+
+```bash
+dapr run --app-id crypto-quickstart --resources-path ../../../components/ -- python3 app.py
+```
+
+<!-- END_STEP -->
@@ -0,0 +1,6 @@
+# Output files
+encrypted.out
+decrypted.out.jpg
+
+# Generated keys
+keys/
@@ -0,0 +1,95 @@
+from dapr.clients import DaprClient
+from dapr.clients.grpc._crypto import EncryptOptions, DecryptOptions
+
+# Name of the crypto component to use
+CRYPTO_COMPONENT_NAME = 'localstorage'
+# Name of the RSA private key to use
+RSA_KEY_NAME = 'rsa-private-key.pem'
+# Name of the symmetric (AES) key to use
+SYMMETRIC_KEY_NAME = 'symmetric-key-256'
+
+
+def main():
+    print('Running gRPC client synchronous API')
+
+    with DaprClient() as dapr:
+        # Step 1: encrypt a string using the RSA key, then decrypt it and show the output in the terminal
+        print('Running encrypt/decrypt operation on string')
+        encrypt_decrypt_string(dapr)
+
+        # Step 2: encrypt a large file and then decrypt it, using the AES key
+        print('Running encrypt/decrypt operation on file')
+        encrypt_decrypt_file(dapr)
+
+
+def encrypt_decrypt_string(dapr: DaprClient):
+    message = 'The secret is "passw0rd"'
+
+    # Encrypt the message
+    resp = dapr.encrypt(
+        data=message.encode(),
+        options=EncryptOptions(
+            component_name=CRYPTO_COMPONENT_NAME,
+            key_name=RSA_KEY_NAME,
+            key_wrap_algorithm='RSA',
+        ),
+    )
+
+    # The method returns a readable stream, which we read in full in memory
+    encrypt_bytes = resp.read()
+    print(f'Encrypted the message, got {len(encrypt_bytes)} bytes')
+
+    # Decrypt the encrypted data
+    resp = dapr.decrypt(
+        data=encrypt_bytes,
+        options=DecryptOptions(
+            component_name=CRYPTO_COMPONENT_NAME,
+            key_name=RSA_KEY_NAME,
+        ),
+    )
+
+    # The method returns a readable stream, which we read in full in memory
+    decrypt_bytes = resp.read()
+    print(f'Decrypted the message, got {len(decrypt_bytes)} bytes')
+
+    print(decrypt_bytes.decode())
+    assert message == decrypt_bytes.decode()
+
+
+def encrypt_decrypt_file(dapr: DaprClient):
+    file_name = 'desert.jpg'
+
+    # Encrypt the file
+    with open(file_name, 'r+b') as target_file:
+        encrypt_stream = dapr.encrypt(
+            data=target_file.read(),
+            options=EncryptOptions(
+                component_name=CRYPTO_COMPONENT_NAME,
+                key_name=SYMMETRIC_KEY_NAME,
+                key_wrap_algorithm='AES',
+            ),
+        )
+
+    # Write the encrypted data to a file "encrypted.out"
+    with open('encrypted.out', 'w+b') as encrypted_file:
+        encrypted_file.write(encrypt_stream.read())
+        print('Wrote encrypted data to encrypted.out')
+
+    # Decrypt the encrypted data
+    with open('encrypted.out', 'r+b') as encrypted_file:
+        decrypt_stream = dapr.decrypt(
+            data=encrypted_file.read(),
+            options=DecryptOptions(
+                component_name=CRYPTO_COMPONENT_NAME,
+                key_name=SYMMETRIC_KEY_NAME,
+            ),
+        )
+
+    # Write the decrypted data to a file "decrypted.out.jpg"
+    with open('decrypted.out.jpg', 'w+b') as decrypted_file:
+        decrypted_file.write(decrypt_stream.read())
+        print('Wrote decrypted data to decrypted.out.jpg')
+
+
+if __name__ == '__main__':
+    main()
@@ -0,0 +1,2 @@
+dapr>=1.14
+typing-extensions
@@ -0,0 +1,9 @@
+include ../../../docker.mk
+include ../../../validate.mk
+
+# Remove generated files
+.PHONY: clean
+clean:
+	-rm -r crypto-quickstart/keys
+	-rm crypto-quickstart/encrypted.out
+	-rm crypto-quickstart/decrypted.out.jpg
@@ -1 +1,2 @@
-dapr-ext-workflow
+dapr-ext-workflow>=0.6.0rc2
+dapr>=1.15.0rc2