Make gpg use AES256 for symmetric encryption.

2 files changed, 34 insertions, 2 deletions

diff --git a/__init__.py b/__init__.py
index 16a7da0c..6329cf30 100644
--- a/__init__.py
+++ b/__init__.py
@@ -70,7 +70,6 @@ class Soledad(object):
         # one for symmetric encryption.
         self._db = sqlcipher.open(self.LOCAL_DB_PATH, True, self._secret,
                                   soledad=self)
-        
 
     def close(self):
         """
diff --git a/util.py b/util.py
index 56d1a9a0..09bca6b4 100644
--- a/util.py
+++ b/util.py
@@ -5,6 +5,7 @@ Utilities for Soledad.
 import os
 import gnupg
 import re
+from gnupg import logger
 
 
 class GPGWrapper(gnupg.GPG):
@@ -39,7 +40,8 @@ class GPGWrapper(gnupg.GPG):
         return super(GPGWrapper, self).encrypt(data, recipient, sign=sign,
                                                always_trust=always_trust,
                                                passphrase=passphrase,
-                                               symmetric=symmetric)
+                                               symmetric=symmetric,
+                                               cipher_algo='AES256')
 
     def decrypt(self, data, always_trust=True, passphrase=None):
         """
@@ -63,3 +65,34 @@ class GPGWrapper(gnupg.GPG):
         gnupg.logger.debug('send_keys result: %r', result.__dict__)
         data.close()
         return result
+
+    def encrypt_file(self, file, recipients, sign=None,
+                     always_trust=False, passphrase=None,
+                     armor=True, output=None, symmetric=False,
+                     cipher_algo=None):
+        "Encrypt the message read from the file-like object 'file'"
+        args = ['--encrypt']
+        if symmetric:
+            args = ['--symmetric']
+            if cipher_algo:
+                args.append('--cipher-algo %s' % cipher_algo)
+        else:
+            args = ['--encrypt']
+            if not _is_sequence(recipients):
+                recipients = (recipients,)
+            for recipient in recipients:
+                args.append('--recipient "%s"' % recipient)
+        if armor:  # create ascii-armored output - set to False for binary
+            args.append('--armor')
+        if output:  # write the output to a file with the specified name
+            if os.path.exists(output):
+                os.remove(output)  # to avoid overwrite confirmation message
+            args.append('--output "%s"' % output)
+        if sign:
+            args.append('--sign --default-key "%s"' % sign)
+        if always_trust:
+            args.append("--always-trust")
+        result = self.result_map['crypt'](self)
+        self._handle_io(args, file, result, passphrase=passphrase, binary=True)
+        logger.debug('encrypt result: %r', result.data)
+        return result