diff options
author | Victor Shyba <victor.shyba@gmail.com> | 2015-01-12 16:23:04 -0300 |
---|---|---|
committer | Victor Shyba <victor.shyba@gmail.com> | 2015-01-12 16:23:04 -0300 |
commit | 92d19ed855cda44d3fa10777020594d8b345ff18 (patch) | |
tree | d65ba282797f0679fd8f26388f2e190ad8a25db4 /service/pixelated/support | |
parent | 00803b97f39d6b213381f4698c3991d286c6d030 (diff) |
card #227, replacing lib for debian compatibility: cryptography -> nacl
Diffstat (limited to 'service/pixelated/support')
-rw-r--r-- | service/pixelated/support/encrypted_file_storage.py | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/service/pixelated/support/encrypted_file_storage.py b/service/pixelated/support/encrypted_file_storage.py index 5661b5e5..b859863b 100644 --- a/service/pixelated/support/encrypted_file_storage.py +++ b/service/pixelated/support/encrypted_file_storage.py @@ -20,14 +20,15 @@ from hashlib import sha512 import os from whoosh.filedb.filestore import FileStorage from whoosh.filedb.structfile import StructFile, BufferFile -from cryptography.fernet import Fernet +from nacl.secret import SecretBox +import nacl.utils from whoosh.util import random_name class EncryptedFileStorage(FileStorage): def __init__(self, path, masterkey=None): self.masterkey = masterkey - self.f = Fernet(masterkey) + self.secret_box = SecretBox(masterkey) self._tmp_storage = self.temp_storage self.length_cache = {} FileStorage.__init__(self, path, supports_mmap=False) @@ -48,6 +49,10 @@ class EncryptedFileStorage(FileStorage): def file_length(self, name): return self.length_cache[name][0] + @property + def _nonce(self): + return nacl.utils.random(SecretBox.NONCE_SIZE) + def _encrypt_index_on_close(self, name): def wrapper(struct_file): struct_file.seek(0) @@ -56,13 +61,13 @@ class EncryptedFileStorage(FileStorage): if name in self.length_cache and file_hash == self.length_cache[name][1]: return self.length_cache[name] = (len(content), file_hash) - encrypted_content = self.f.encrypt(content) + encrypted_content = self.secret_box.encrypt(content, self._nonce) with open(self._fpath(name), 'w+b') as f: f.write(encrypted_content) return wrapper def _open_encrypted_file(self, name, onclose=lambda x: None): file_content = open(self._fpath(name), "rb").read() - decrypted = self.f.decrypt(file_content) + decrypted = self.secret_box.decrypt(file_content) self.length_cache[name] = (len(decrypted), sha512(decrypted).digest()) return BufferFile(buffer(decrypted), name=name, onclose=onclose) |