|
1
|
|
|
# Licensed to the StackStorm, Inc ('StackStorm') under one or more |
|
2
|
|
|
# contributor license agreements. See the NOTICE file distributed with |
|
3
|
|
|
# this work for additional information regarding copyright ownership. |
|
4
|
|
|
# The ASF licenses this file to You under the Apache License, Version 2.0 |
|
5
|
|
|
# (the "License"); you may not use this file except in compliance with |
|
6
|
|
|
# the License. You may obtain a copy of the License at |
|
7
|
|
|
# |
|
8
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0 |
|
9
|
|
|
# |
|
10
|
|
|
# Unless required by applicable law or agreed to in writing, software |
|
11
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS, |
|
12
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
13
|
|
|
# See the License for the specific language governing permissions and |
|
14
|
|
|
# limitations under the License. |
|
15
|
|
|
|
|
16
|
|
|
import binascii |
|
17
|
|
|
|
|
18
|
|
|
from keyczar.keys import AesKey |
|
19
|
|
|
|
|
20
|
|
|
__all__ = [ |
|
21
|
|
|
'read_crypto_key', |
|
22
|
|
|
'symmetric_encrypt', |
|
23
|
|
|
'symmetric_decrypt' |
|
24
|
|
|
] |
|
25
|
|
|
|
|
26
|
|
|
|
|
27
|
|
|
def read_crypto_key(key_path, key_type=AesKey): |
|
28
|
|
|
""" |
|
29
|
|
|
Return the crypto key given a path to key file and the key type. |
|
30
|
|
|
|
|
31
|
|
|
:param key_path: Absolute path to file containing crypto key. |
|
32
|
|
|
:type key_path: ``str`` |
|
33
|
|
|
|
|
34
|
|
|
:param key_type: Type of crypto key. |
|
35
|
|
|
:type key_type: :class:`keyczar.keys.KeyType` |
|
36
|
|
|
|
|
37
|
|
|
:rtype: ``str`` |
|
38
|
|
|
""" |
|
39
|
|
|
with open(key_path) as key_file: |
|
40
|
|
|
key = key_type.Read(key_file.read()) |
|
41
|
|
|
return key |
|
42
|
|
|
|
|
43
|
|
|
|
|
44
|
|
|
def symmetric_encrypt(encrypt_key, plaintext): |
|
45
|
|
|
""" |
|
46
|
|
|
Encrypt the given message using the encrypt_key. Returns a UTF-8 str |
|
47
|
|
|
ready to be stored in database. Note that we convert the hex notation |
|
48
|
|
|
to a ASCII notation to produce a UTF-8 friendly string. |
|
49
|
|
|
|
|
50
|
|
|
Also, this method will not return the same output on multiple invocations |
|
51
|
|
|
of same method. The reason is that the Encrypt method uses a different |
|
52
|
|
|
'Initialization Vector' per run and the IV is part of the output. |
|
53
|
|
|
|
|
54
|
|
|
:param encrypt_key: Symmetric AES key to use for encryption. |
|
55
|
|
|
:type encrypt_key: :class:`keyczar.keys.AesKey` |
|
56
|
|
|
|
|
57
|
|
|
:param plaintext: Plaintext / message to be encrypted. |
|
58
|
|
|
:type plaintext: ``str`` |
|
59
|
|
|
|
|
60
|
|
|
:rtype: ``str`` |
|
61
|
|
|
""" |
|
62
|
|
|
return binascii.hexlify(encrypt_key.Encrypt(plaintext)).upper() |
|
63
|
|
|
|
|
64
|
|
|
|
|
65
|
|
|
def symmetric_decrypt(decrypt_key, ciphertext): |
|
66
|
|
|
""" |
|
67
|
|
|
Decrypt the given crypto text into plain text. Returns the original |
|
68
|
|
|
string input. Note that we first convert the string to hex notation |
|
69
|
|
|
and then decrypt. This is reverse of the encrypt operation. |
|
70
|
|
|
|
|
71
|
|
|
:param decrypt_key: Symmetric AES key to use for decryption. |
|
72
|
|
|
:type decrypt_key: :class:`keyczar.keys.AesKey` |
|
73
|
|
|
|
|
74
|
|
|
:param crypto: Crypto text to be decrypted. |
|
75
|
|
|
:type crypto: ``str`` |
|
76
|
|
|
|
|
77
|
|
|
:rtype: ``str`` |
|
78
|
|
|
""" |
|
79
|
|
|
return decrypt_key.Decrypt(binascii.unhexlify(ciphertext)) |
|
80
|
|
|
|
StackStorm /
st2
