initial scaffolding for SDK encryption

[Lance-Drane]

Needs to be completed before done:

• - basic scaffolding for encryption (Lance)
• - encryption implementation (Marshall/Jesse/Andrew/etc.)
• - e2e / integration test examples (Lance/Marshall/Jesse/Andrew/etc.)

(I don't really care too much about unit tests, but you can unit test the encryption function itself if you want)

To add the capability endpoints for a Service (which, IIRC, is just the get_public_key function), add it to IntersectSdkCoreCapability (https://github.com/INTERSECT-SDK/python-sdk/blob/candidate-0.9.0/src/intersect_sdk/capability/universal_capability/universal_capability.py), it should be annotated with @intersect_message . If we need additional state in the capability, we can modify the constructor for this capability and potentially the service as well.

Then you can call the capability with intersect_sdk.<YOUR_FUNCTION_NAME_HERE> as the operation from clients.

The actual encrypt/decrypt functions I would prefer to be separated out into utility functions in another file somewhere under the _internal directory, because both the Service and the Client will use them and users also have no reason to ever use this function themselves. I have marked the areas which need the inserted functions with #TODO comments, there should be one of each in client.py and two of each in service.py.

[marshallmcdonnell]

UPDATE:

• I finally took a stab at adding the encryption into the SDK for this PR!
• Mainly, added the encryption module to hold data models and utility functions for encryption and decryption
• I am WIP for the service.py and client.py adding in the encryption and decryption TODO spots
  • The decryption is relatively simple since it is just to receive an encrypted message and, using local key pair stuff, decrypt the message; I am probably messing it up where I also try to cast it to the unencrypted data model, though
  • The more challenging one is the encryption, since this requires client or service to first send a message to get the public key, receive it, and then do the encryption
    • In all honestly, the current state is me throwing LLM coding agent at it first to get an idea of how to start; doesn't seem to work so I'll start working on that

One thing that is sort of blocking me:

• I have unit tests passing but need integration and end-to-end testing
• Trying to use the docker compose, I cannot get the rabbitmq and minio to work now for me (getting connection refused and such); it might be a network thing locally for me but also noticed we are now on RabbitMQ 4, so not sure if that could also be a culprit
• Digging into that now!

[Lance-Drane]

we should be more explicit with the typing here, we can use Union types if necessary

[Lance-Drane]

this might need to be an Any typing because we don't necessarily require BaseModels as the input/output models

[Lance-Drane]

move to intersect-sdk-common: https://github.com/INTERSECT-SDK/intersect-python-common

[Lance-Drane]

be more explicit in the RSA typing, i.e. RSA_AES_2048

[Lance-Drane]

Everything in this namespace should probably be moved to intersect-sdk-common: https://github.com/INTERSECT-SDK/intersect-python-common

[Lance-Drane]

we should use a configuration parameter (both here and the Client) to ensure that we can always regenerate the same public/private key. We should also have some logic to allow for key rotation without necessarily restarting the Service/Client.

[Lance-Drane]

may want to explicitly set the encryption schemes to the RSA scheme only, to enforce the encryption

[Lance-Drane]

this will need to call intersect_sdk.get_public_key before calling say_hello_to_name