Jump to >

reviewboard.scmtools.crypto_utils

get_default_aes_encryption_key()[source]

Return the default AES encryption key for the install.

The default key is the first 16 characters (128 bits) of SECRET_KEY.

Returns:The default encryption key.
Return type:bytes
aes_encrypt(data, key=None)[source]

Encrypt data using AES encryption.

This uses AES encryption in CFB mode (using an 8-bit shift register) and a random IV (which will be prepended to the encrypted value). The encrypted data will be decryptable using the aes_decrypt() function.

Parameters:
  • data (bytes) – The data to encrypt. If a unicode string is passed in, it will be encoded to UTF-8 first.
  • key (bytes, optional) – The optional custom encryption key to use. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.
Returns:

The resulting encrypted value, with the random IV prepended.

Return type:

bytes

Raises:

ValueError – The encryption key was not in the right format.

aes_decrypt(data, key=None)[source]

Decrypt AES-encrypted data.

This will decrypt an AES-encrypted value in CFB mode (using an 8-bit shift register). It expects the 16-byte cipher IV to be prepended to the string.

This is intended as a counterpart for aes_encrypt().

Parameters:
  • data (bytes) – The data to decrypt.
  • key (bytes, optional) – The optional custom encryption key to use. This must match the key used for encryption. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.
Returns:

The decrypted value.

Return type:

bytes

Raises:
  • TypeError – One or more arguments had an invalid type.
  • ValueError – The encryption key was not in the right format.
encrypt_password(password, key=None)[source]

Encrypt a password and encode as Base64.

The password will be encrypted using AES encryption in CFB mode (using an 8-bit shift register), and serialized into Base64.

Changed in version 4.0: The return type has been changed to unicode, in order to improve the expected behavior on Python 3.

Parameters:
  • password (unicode or bytes) – The password to encrypt. If a unicode string is passed in, it will be encoded to UTF-8 first.
  • key (bytes, optional) – The optional custom encryption key to use. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.
Returns:

The encrypted password encoded in Base64.

Return type:

unicode

Raises:

ValueError – The encryption key was not in the right format.

decrypt_password(encrypted_password, key=None)[source]

Decrypt an encrypted password encoded in Base64.

This will decrypt a Base64-encoded encrypted password (from encrypt_password()) into a usable password string.

Changed in version 4.0: The return type has been changed to unicode, in order to improve the expected behavior on Python 3.

Parameters:
  • encrypted_password (unicode or bytes) – The Base64-encoded encrypted password to decrypt.
  • key (bytes, optional) – The optional custom encryption key to use. This must match the key used for encryption. If not supplied, the default encryption key (from get_default_aes_encryption_key)() will be used.
Returns:

The resulting password.

Return type:

unicode

Raises:

ValueError – The encryption key was not in the right format.