Jump to >

djblets.secrets.crypto

Encryption/decryption utilities.

New in version 3.0.

get_default_aes_encryption_key() bytes[source]

Return the default AES encryption key for the install.

The default key is the first 16 characters (128 bits) of SECRET_KEY.

New in version 3.0.

Returns

The default encryption key.

Return type

bytes

aes_encrypt(data: Union[bytes, str], *, key: Optional[bytes] = None) bytes[source]

Encrypt data using AES encryption.

This uses AES encryption in CFB mode (using an 8-bit shift register) and a random IV (which will be prepended to the encrypted value). The encrypted data will be decryptable using the aes_decrypt() function.

New in version 3.0.

Parameters
  • data (bytes or str) – The data to encrypt. If a Unicode string is passed in, it will be encoded to UTF-8 first.

  • key (bytes, optional) – The optional custom encryption key to use. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.

Returns

The resulting encrypted value, with the random IV prepended.

Return type

bytes

Raises

ValueError – The encryption key was not in the right format.

aes_encrypt_base64(data: AnyStr, *, key: Optional[bytes] = None) str[source]

Encrypt data and encode as Base64.

The result will be encrypted using AES encryption in CFB mode (using an 8-bit shift register), and serialized into Base64.

New in version 3.0.

Parameters
  • data (bytes or str) – The data to encrypt. If a Unicode string is passed in, it will be encoded to UTF-8 first.

  • key (bytes, optional) – The optional custom encryption key to use. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.

Returns

The encrypted password encoded in Base64.

Return type

str

Raises

ValueError – The encryption key was not in the right format.

aes_encrypt_iter(data_iter: Iterable[Union[bytes, str]], *, key: Optional[bytes] = None) Iterator[bytes][source]

Encrypt and yield data iteratively.

This iterates through an iterable (a generator, list, or similar), yielding AES-encrypted batches of data. This can be used when streaming a source and yielding encrypted data to a file, HTTP response, across multiple cache keys, etc.

The result can be decrypted either by joining together all the results or by passing the results to aes_decrypt_iter().

Parameters
  • data_iter (iterable) – An iterator that yields byte strings or Unicode strings.

  • key (bytes, optional) – The optional custom encryption key to use. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.

Yields

bytes – An encrypted block of data.

Raises

ValueError – The encryption key was not in the right format.

aes_decrypt(encrypted_data: bytes, *, key: Optional[bytes] = None) bytes[source]

Decrypt AES-encrypted data.

This will decrypt an AES-encrypted value in CFB mode (using an 8-bit shift register). It expects the 16-byte cipher IV to be prepended to the string.

This is intended as a counterpart for aes_encrypt().

New in version 3.0.

Parameters
  • encrypted_data (bytes) – The data to decrypt.

  • key (bytes, optional) – The optional custom encryption key to use. This must match the key used for encryption. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.

Returns

The decrypted value.

Return type

bytes

Raises
  • TypeError – One or more arguments had an invalid type.

  • ValueError – The encryption key was not in the right format.

aes_decrypt_base64(encrypted_data: AnyStr, *, key: Optional[bytes] = None) str[source]

Decrypt an encrypted value encoded in Base64.

This will decrypt a Base64-encoded encrypted value (from aes_encrypt_base64()) into a string.

New in version 3.0.

Parameters
  • encrypted_data (bytes or str) – The Base64-encoded encrypted data to decrypt.

  • key (bytes, optional) – The optional custom encryption key to use. This must match the key used for encryption. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.

Returns

The resulting decrypted data.

Return type

str

Raises

ValueError – The encryption key was not in the right format.

aes_decrypt_iter(encrypted_iter: Iterable[bytes], *, key: Optional[bytes] = None) Iterator[bytes][source]

Decrypt and yield data iteratively.

This iterates through an iterable (a generator, list, or similar), decrypting items and yielding the decrypted values. This can be used when streaming an encrypted source and yielding the decrypted results to a file, HTTP response, across multiple cache keys, etc.

Parameters
  • encrypted_iter (iterable) – An iterator that yields AES-encrypted data as byte strings.

  • key (bytes, optional) – The optional custom encryption key to use. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.

Yields

bytes – A decrypted block of data.

Raises

ValueError – The encryption key was not in the right format or the encrypted data was invalid.