djblets.secrets.crypto¶
Encryption/decryption utilities.
New in version 3.0.
- get_default_aes_encryption_key() bytes [source]¶
Return the default AES encryption key for the install.
The default key is the first 16 characters (128 bits) of
SECRET_KEY
.New in version 3.0.
- Returns:
The default encryption key.
- Return type:
- aes_encrypt(data: Union[bytes, str], *, key: Optional[bytes] = None) bytes [source]¶
Encrypt data using AES encryption.
This uses AES encryption in CFB mode (using an 8-bit shift register) and a random IV (which will be prepended to the encrypted value). The encrypted data will be decryptable using the
aes_decrypt()
function.New in version 3.0.
- Parameters:
- Returns:
The resulting encrypted value, with the random IV prepended.
- Return type:
- Raises:
ValueError – The encryption key was not in the right format.
- aes_encrypt_base64(data: AnyStr, *, key: Optional[bytes] = None) str [source]¶
Encrypt data and encode as Base64.
The result will be encrypted using AES encryption in CFB mode (using an 8-bit shift register), and serialized into Base64.
New in version 3.0.
- Parameters:
- Returns:
The encrypted password encoded in Base64.
- Return type:
- Raises:
ValueError – The encryption key was not in the right format.
- aes_encrypt_iter(data_iter: Iterable[Union[bytes, str]], *, key: Optional[bytes] = None) Iterator[bytes] [source]¶
Encrypt and yield data iteratively.
This iterates through an iterable (a generator, list, or similar), yielding AES-encrypted batches of data. This can be used when streaming a source and yielding encrypted data to a file, HTTP response, across multiple cache keys, etc.
The result can be decrypted either by joining together all the results or by passing the results to
aes_decrypt_iter()
.- Parameters:
data_iter (
iterable
) – An iterator that yields byte strings or Unicode strings.key (
bytes
, optional) – The optional custom encryption key to use. If not supplied, the default encryption key (fromget_default_aes_encryption_key)()
will be used.
- Yields:
bytes
– An encrypted block of data.- Raises:
ValueError – The encryption key was not in the right format.
- aes_decrypt(encrypted_data: bytes, *, key: Optional[bytes] = None) bytes [source]¶
Decrypt AES-encrypted data.
This will decrypt an AES-encrypted value in CFB mode (using an 8-bit shift register). It expects the 16-byte cipher IV to be prepended to the string.
This is intended as a counterpart for
aes_encrypt()
.New in version 3.0.
- Parameters:
- Returns:
The decrypted value.
- Return type:
- Raises:
TypeError – One or more arguments had an invalid type.
ValueError – The encryption key was not in the right format.
- aes_decrypt_base64(encrypted_data: AnyStr, *, key: Optional[bytes] = None) str [source]¶
Decrypt an encrypted value encoded in Base64.
This will decrypt a Base64-encoded encrypted value (from
aes_encrypt_base64()
) into a string.New in version 3.0.
- Parameters:
- Returns:
The resulting decrypted data.
- Return type:
- Raises:
ValueError – The encryption key was not in the right format.
- aes_decrypt_iter(encrypted_iter: Iterable[bytes], *, key: Optional[bytes] = None) Iterator[bytes] [source]¶
Decrypt and yield data iteratively.
This iterates through an iterable (a generator, list, or similar), decrypting items and yielding the decrypted values. This can be used when streaming an encrypted source and yielding the decrypted results to a file, HTTP response, across multiple cache keys, etc.
- Parameters:
encrypted_iter (
iterable
) – An iterator that yields AES-encrypted data as byte strings.key (
bytes
, optional) – The optional custom encryption key to use. If not supplied, the default encryption key (fromget_default_aes_encryption_key)()
will be used.
- Yields:
bytes
– A decrypted block of data.- Raises:
ValueError – The encryption key was not in the right format or the encrypted data was invalid.