• Get Review Board
  • What's New
  • Products
  • Review Board Code review, image review, and document review
  • Documentation
  • Release Notes
  • Power Pack Enterprise integrations, reports, and enhanced document review
  • Try for 60 Days
  • Purchase
  • RBCommons Review Board as a Service, hosted by us
  • Pricing
  • RBTools Command line tools and Python API for Review Board
  • Documentation
  • Release Notes
  • Review Bot Automated code review, connecting tools you already use
  • Documentation
  • Release Notes
  • RB Gateway Manage Git and Mercurial repositories in your network
  • Documentation
  • Release Notes
  • Learn and Explore
  • What is Code Review?
  • Documentation
  • Frequently Asked Questions
  • Support Options
  • Third-Party Integrations
  • Demo
  • Review Board RBTools Power Pack Review Bot Djblets RB Gateway
    1. Djblets 5.x
    2. Version 5.x
    3. Version 4.x
    4. Version 3.x
    5. Version 2.x
    6. Version 2.0
    7. Version 1.0
    8. Version 0.9
    9. Djblets Documentation
    10. Module and Class References
    11. djblets.secrets.crypto
  • Home
  • Guides
  • Avatar Services Guides
  • Writing Avatar Services
  • Extension Guides
  • Writing Extensions
  • Testing Extensions
  • Feature Checks Guides
  • Introduction to Feature Checks
  • Writing Features
  • Writing Feature Checkers
  • Testing with Feature Checks
  • Integration Guides
  • Supporting Integrations
  • Writing Integrations
  • Privacy Compliance Guides
  • Getting and Checking Consent
  • Working with Personally Identifiable Information
  • Service Integrations
  • reCAPTCHA Guides
  • Using reCAPTCHA
  • Registries Guides
  • Writing Registries
  • Web API Guides
  • Writing Web API Resources
  • Adding OAuth2 Support
  • Module and Class References
  • djblets
  • djblets.deprecation
  • djblets.auth.forms
  • djblets.auth.ratelimit
  • djblets.auth.signals
  • djblets.auth.util
  • djblets.auth.views
  • djblets.avatars.errors
  • djblets.avatars.forms
  • djblets.avatars.registry
  • djblets.avatars.services
  • djblets.avatars.services.base
  • djblets.avatars.services.fallback
  • djblets.avatars.services.file_upload
  • djblets.avatars.services.gravatar
  • djblets.avatars.services.url
  • djblets.avatars.settings
  • djblets.cache.backend
  • djblets.cache.backend_compat
  • djblets.cache.context_processors
  • djblets.cache.errors
  • djblets.cache.forwarding_backend
  • djblets.cache.serials
  • djblets.cache.synchronizer
  • djblets.conditions
  • djblets.conditions.choices
  • djblets.conditions.conditions
  • djblets.conditions.errors
  • djblets.conditions.operators
  • djblets.conditions.values
  • djblets.configforms.forms
  • djblets.configforms.mixins
  • djblets.configforms.pages
  • djblets.configforms.registry
  • djblets.configforms.views
  • djblets.datagrid.grids
  • djblets.db.backends.mysql.base
  • djblets.db.fields
  • djblets.db.fields.base64_field
  • djblets.db.fields.comma_separated_values_field
  • djblets.db.fields.counter_field
  • djblets.db.fields.json_field
  • djblets.db.fields.modification_timestamp_field
  • djblets.db.fields.relation_counter_field
  • djblets.db.managers
  • djblets.db.query
  • djblets.db.query_catcher
  • djblets.db.query_comparator
  • djblets.db.validators
  • djblets.extensions.admin
  • djblets.extensions.errors
  • djblets.extensions.extension
  • djblets.extensions.forms
  • djblets.extensions.hooks
  • djblets.extensions.loaders
  • djblets.extensions.manager
  • djblets.extensions.middleware
  • djblets.extensions.models
  • djblets.extensions.packaging
  • djblets.extensions.resources
  • djblets.extensions.settings
  • djblets.extensions.signals
  • djblets.extensions.staticfiles
  • djblets.extensions.testing
  • djblets.extensions.testing.testcases
  • djblets.extensions.urls
  • djblets.extensions.views
  • djblets.extensions.templatetags.djblets_extensions
  • djblets.features
  • djblets.features.checkers
  • djblets.features.decorators
  • djblets.features.errors
  • djblets.features.feature
  • djblets.features.level
  • djblets.features.registry
  • djblets.features.testing
  • djblets.features.templatetags.features
  • djblets.forms.fields
  • djblets.forms.fieldsets
  • djblets.forms.forms
  • djblets.forms.forms.key_value_form
  • djblets.forms.widgets
  • djblets.gravatars
  • djblets.gravatars.templatetags.gravatars
  • djblets.http.middleware
  • djblets.http.responses
  • djblets.integrations.errors
  • djblets.integrations.forms
  • djblets.integrations.hooks
  • djblets.integrations.integration
  • djblets.integrations.manager
  • djblets.integrations.mixins
  • djblets.integrations.models
  • djblets.integrations.urls
  • djblets.integrations.views
  • djblets.log
  • djblets.log.middleware
  • djblets.log.siteconfig
  • djblets.log.urls
  • djblets.log.views
  • djblets.mail.dmarc
  • djblets.mail.message
  • djblets.mail.testing
  • djblets.mail.utils
  • djblets.markdown
  • djblets.markdown.extensions.escape_html
  • djblets.markdown.extensions.wysiwyg
  • djblets.markdown.extensions.wysiwyg_email
  • djblets.pipeline.compilers.es6
  • djblets.pipeline.compilers.less
  • djblets.pipeline.compilers.mixins
  • djblets.pipeline.compilers.rollup
  • djblets.pipeline.compilers.typescript
  • djblets.pipeline.settings
  • djblets.privacy.consent
  • djblets.privacy.consent.base
  • djblets.privacy.consent.common
  • djblets.privacy.consent.errors
  • djblets.privacy.consent.forms
  • djblets.privacy.consent.hooks
  • djblets.privacy.consent.registry
  • djblets.privacy.consent.tracker
  • djblets.privacy.models
  • djblets.privacy.pii
  • djblets.privacy.templatetags.djblets_privacy
  • djblets.recaptcha.mixins
  • djblets.recaptcha.siteconfig
  • djblets.recaptcha.templatetags.djblets_recaptcha
  • djblets.recaptcha.widgets
  • djblets.registries
  • djblets.registries.errors
  • djblets.registries.importer
  • djblets.registries.mixins
  • djblets.registries.registry
  • djblets.registries.signals
  • djblets.secrets
  • djblets.secrets.crypto
  • djblets.secrets.token_generators
  • djblets.secrets.token_generators.base
  • djblets.secrets.token_generators.legacy_sha1
  • djblets.secrets.token_generators.registry
  • djblets.secrets.token_generators.vendor_checksum
  • djblets.siteconfig
  • djblets.siteconfig.admin
  • djblets.siteconfig.context_processors
  • djblets.siteconfig.django_settings
  • djblets.siteconfig.forms
  • djblets.siteconfig.managers
  • djblets.siteconfig.middleware
  • djblets.siteconfig.models
  • djblets.siteconfig.signals
  • djblets.siteconfig.views
  • djblets.template.caches
  • djblets.template.context
  • djblets.template.loaders.conditional_cached
  • djblets.template.loaders.namespaced_app_dirs
  • djblets.testing.decorators
  • djblets.testing.testcases
  • djblets.testing.testrunners
  • djblets.urls.context_processors
  • djblets.urls.decorators
  • djblets.urls.patterns
  • djblets.urls.resolvers
  • djblets.urls.root
  • djblets.urls.staticfiles
  • djblets.util.compat.django.core.cache
  • djblets.util.compat.python.past
  • djblets.util.contextmanagers
  • djblets.util.dates
  • djblets.util.decorators
  • djblets.util.filesystem
  • djblets.util.functional
  • djblets.util.html
  • djblets.util.http
  • djblets.util.humanize
  • djblets.util.json_utils
  • djblets.util.properties
  • djblets.util.serializers
  • djblets.util.symbols
  • djblets.util.templatetags.djblets_deco
  • djblets.util.templatetags.djblets_email
  • djblets.util.templatetags.djblets_forms
  • djblets.util.templatetags.djblets_images
  • djblets.util.templatetags.djblets_js
  • djblets.util.templatetags.djblets_utils
  • djblets.util.typing
  • djblets.util.views
  • djblets.views.generic.base
  • djblets.views.generic.etag
  • djblets.webapi.auth
  • djblets.webapi.auth.backends
  • djblets.webapi.auth.backends.api_tokens
  • djblets.webapi.auth.backends.base
  • djblets.webapi.auth.backends.basic
  • djblets.webapi.auth.backends.oauth2_tokens
  • djblets.webapi.auth.views
  • djblets.webapi.decorators
  • djblets.webapi.encoders
  • djblets.webapi.errors
  • djblets.webapi.fields
  • djblets.webapi.managers
  • djblets.webapi.models
  • djblets.webapi.oauth2_scopes
  • djblets.webapi.resources
  • djblets.webapi.resources.base
  • djblets.webapi.resources.group
  • djblets.webapi.resources.registry
  • djblets.webapi.resources.root
  • djblets.webapi.resources.user
  • djblets.webapi.resources.mixins.api_tokens
  • djblets.webapi.resources.mixins.forms
  • djblets.webapi.resources.mixins.oauth2_tokens
  • djblets.webapi.resources.mixins.queries
  • djblets.webapi.responses
  • djblets.webapi.signals
  • djblets.webapi.testing
  • djblets.webapi.testing.decorators
  • djblets.webapi.testing.testcases
  • General Index
  • Python Module Index
  • Release Notes
  • djblets.secrets.crypto¶

    Encryption/decryption utilities.

    New in version 3.0.

    get_default_aes_encryption_key() → bytes[source]¶

    Return the default AES encryption key for the install.

    The default key is the first 16 characters (128 bits) of SECRET_KEY.

    New in version 3.0.

    Returns:

    The default encryption key.

    Return type:

    bytes

    aes_encrypt(data: Union[bytes, str], *, key: Optional[bytes] = None) → bytes[source]¶

    Encrypt data using AES encryption.

    This uses AES encryption in CFB mode (using an 8-bit shift register) and a random IV (which will be prepended to the encrypted value). The encrypted data will be decryptable using the aes_decrypt() function.

    New in version 3.0.

    Parameters:
    • data (bytes or str) – The data to encrypt. If a Unicode string is passed in, it will be encoded to UTF-8 first.

    • key (bytes, optional) – The optional custom encryption key to use. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.

    Returns:

    The resulting encrypted value, with the random IV prepended.

    Return type:

    bytes

    Raises:

    ValueError – The encryption key was not in the right format.

    aes_encrypt_base64(data: AnyStr, *, key: Optional[bytes] = None) → str[source]¶

    Encrypt data and encode as Base64.

    The result will be encrypted using AES encryption in CFB mode (using an 8-bit shift register), and serialized into Base64.

    New in version 3.0.

    Parameters:
    • data (bytes or str) – The data to encrypt. If a Unicode string is passed in, it will be encoded to UTF-8 first.

    • key (bytes, optional) – The optional custom encryption key to use. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.

    Returns:

    The encrypted password encoded in Base64.

    Return type:

    str

    Raises:

    ValueError – The encryption key was not in the right format.

    aes_encrypt_iter(data_iter: Iterable[Union[bytes, str]], *, key: Optional[bytes] = None) → Iterator[bytes][source]¶

    Encrypt and yield data iteratively.

    This iterates through an iterable (a generator, list, or similar), yielding AES-encrypted batches of data. This can be used when streaming a source and yielding encrypted data to a file, HTTP response, across multiple cache keys, etc.

    The result can be decrypted either by joining together all the results or by passing the results to aes_decrypt_iter().

    Parameters:
    • data_iter (iterable) – An iterator that yields byte strings or Unicode strings.

    • key (bytes, optional) – The optional custom encryption key to use. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.

    Yields:

    bytes – An encrypted block of data.

    Raises:

    ValueError – The encryption key was not in the right format.

    aes_decrypt(encrypted_data: bytes, *, key: Optional[bytes] = None) → bytes[source]¶

    Decrypt AES-encrypted data.

    This will decrypt an AES-encrypted value in CFB mode (using an 8-bit shift register). It expects the 16-byte cipher IV to be prepended to the string.

    This is intended as a counterpart for aes_encrypt().

    New in version 3.0.

    Parameters:
    • encrypted_data (bytes) – The data to decrypt.

    • key (bytes, optional) – The optional custom encryption key to use. This must match the key used for encryption. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.

    Returns:

    The decrypted value.

    Return type:

    bytes

    Raises:
    • TypeError – One or more arguments had an invalid type.

    • ValueError – The encryption key was not in the right format.

    aes_decrypt_base64(encrypted_data: AnyStr, *, key: Optional[bytes] = None) → str[source]¶

    Decrypt an encrypted value encoded in Base64.

    This will decrypt a Base64-encoded encrypted value (from aes_encrypt_base64()) into a string.

    New in version 3.0.

    Parameters:
    • encrypted_data (bytes or str) – The Base64-encoded encrypted data to decrypt.

    • key (bytes, optional) – The optional custom encryption key to use. This must match the key used for encryption. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.

    Returns:

    The resulting decrypted data.

    Return type:

    str

    Raises:

    ValueError – The encryption key was not in the right format.

    aes_decrypt_iter(encrypted_iter: Iterable[bytes], *, key: Optional[bytes] = None) → Iterator[bytes][source]¶

    Decrypt and yield data iteratively.

    This iterates through an iterable (a generator, list, or similar), decrypting items and yielding the decrypted values. This can be used when streaming an encrypted source and yielding the decrypted results to a file, HTTP response, across multiple cache keys, etc.

    Parameters:
    • encrypted_iter (iterable) – An iterator that yields AES-encrypted data as byte strings.

    • key (bytes, optional) – The optional custom encryption key to use. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.

    Yields:

    bytes – A decrypted block of data.

    Raises:

    ValueError – The encryption key was not in the right format or the encrypted data was invalid.

    Keep up with the latest Review Board releases, security updates, and helpful information.

    About
    News
    Demo
    RBCommons Hosting
    Integrations
    Happy Users
    Support Options
    Documentation
    FAQ
    User Manual
    RBTools
    Administration Guide
    Power Pack
    Release Notes
    Downloads
    Review Board
    RBTools
    Djblets
    Power Pack
    Package Store
    PGP Signatures
    Contributing
    Bug Tracker
    Submit Patches
    Development Setup
    Wiki
    Follow Us
    Mailing Lists
    Reddit
    Twitter
    Mastodon
    Facebook
    YouTube

    Copyright © 2006-2025 Beanbag, Inc. All rights reserved.

    Terms of Service — Privacy Policy — AI Ethics Policy — Branding

    On this page

    • [Top]
    • get_default_aes_encryption_key()
    • aes_encrypt()
    • aes_encrypt_base64()
    • aes_encrypt_iter()
    • aes_decrypt()
    • aes_decrypt_base64()
    • aes_decrypt_iter()