reviewboard.scmtools.crypto_utils¶

get_default_aes_encryption_key()[source]¶

Return the default AES encryption key for the install.

The default key is the first 16 characters (128 bits) of SECRET_KEY.

Returns:	The default encryption key.
Return type:	bytes

aes_encrypt(data, key=None)[source]¶

Encrypt data using AES encryption.

This uses AES encryption in CFB mode (using an 8-bit shift register) and a random IV (which will be prepended to the encrypted value). The encrypted data will be decryptable using the aes_decrypt() function.

Parameters:	data (bytes) – The data to encrypt. If a unicode string is passed in, it will be encoded to UTF-8 first. key (bytes, optional) – The optional custom encryption key to use. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.
Returns:	The resulting encrypted value, with the random IV prepended.
Return type:	bytes
Raises:	ValueError – The encryption key was not in the right format.

aes_decrypt(data, key=None)[source]¶

Decrypt AES-encrypted data.

This will decrypt an AES-encrypted value in CFB mode (using an 8-bit shift register). It expects the 16-byte cipher IV to be prepended to the string.

This is intended as a counterpart for aes_encrypt().

Parameters:	data (bytes) – The data to decrypt. key (bytes, optional) – The optional custom encryption key to use. This must match the key used for encryption. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.
Returns:	The decrypted value.
Return type:	bytes
Raises:	ValueError – The encryption key was not in the right format.

encrypt_password(password, key=None)[source]¶

Encrypt a password and encode as Base64.

The password will be encrypted using AES encryption in CFB mode (using an 8-bit shift register), and serialized into Base64.

Parameters:	password (bytes) – The password to encrypt. If a unicode string is passed in, it will be encoded to UTF-8 first. key (bytes, optional) – The optional custom encryption key to use. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.
Returns:	The encrypted password encoded in Base64.
Return type:	bytes
Raises:	ValueError – The encryption key was not in the right format.

decrypt_password(encrypted_password, key=None)[source]¶

Decrypt an encrypted password encoded in Base64.

This will decrypt a Base64-encoded encrypted password (from encrypt_password()) into a usable password string.

Parameters:	encrypted_password (bytes) – The Base64-encoded encrypted password to decrypt. key (bytes, optional) – The optional custom encryption key to use. This must match the key used for encryption. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.
Returns:	The resulting password.
Return type:	bytes
Raises:	ValueError – The encryption key was not in the right format.

decrypt(data)[source]¶

Decrypt AES-encrypted data.

Parameters:	data (bytes) – The data to decrypt.
Returns:	The decrypted value.
Return type:	bytes

encrypt(data)[source]¶

Encrypt data using AES encryption.

Parameters:	data (bytes) – The data to encrypt. If a unicode string is passed in, it will be encoded to UTF-8 first.
Returns:	The resulting encrypted value, with the random IV prepended.
Return type:	bytes