summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordrebs <drebs@leap.se>2013-02-14 20:52:12 -0200
committerdrebs <drebs@leap.se>2013-02-14 20:52:12 -0200
commit023bfa360d85387d2c76a9de9059bcb1b294006c (patch)
treed0dc496a91adda66dab9c0b0e9dc6873f42c02af
parent2005acb21a8ac678b5efb65873b1e0a56dd6a4ea (diff)
Make gpg use AES256 for symmetric encryption.
-rw-r--r--__init__.py1
-rw-r--r--util.py35
2 files changed, 34 insertions, 2 deletions
diff --git a/__init__.py b/__init__.py
index 16a7da0c..6329cf30 100644
--- a/__init__.py
+++ b/__init__.py
@@ -70,7 +70,6 @@ class Soledad(object):
# one for symmetric encryption.
self._db = sqlcipher.open(self.LOCAL_DB_PATH, True, self._secret,
soledad=self)
-
def close(self):
"""
diff --git a/util.py b/util.py
index 56d1a9a0..09bca6b4 100644
--- a/util.py
+++ b/util.py
@@ -5,6 +5,7 @@ Utilities for Soledad.
import os
import gnupg
import re
+from gnupg import logger
class GPGWrapper(gnupg.GPG):
@@ -39,7 +40,8 @@ class GPGWrapper(gnupg.GPG):
return super(GPGWrapper, self).encrypt(data, recipient, sign=sign,
always_trust=always_trust,
passphrase=passphrase,
- symmetric=symmetric)
+ symmetric=symmetric,
+ cipher_algo='AES256')
def decrypt(self, data, always_trust=True, passphrase=None):
"""
@@ -63,3 +65,34 @@ class GPGWrapper(gnupg.GPG):
gnupg.logger.debug('send_keys result: %r', result.__dict__)
data.close()
return result
+
+ def encrypt_file(self, file, recipients, sign=None,
+ always_trust=False, passphrase=None,
+ armor=True, output=None, symmetric=False,
+ cipher_algo=None):
+ "Encrypt the message read from the file-like object 'file'"
+ args = ['--encrypt']
+ if symmetric:
+ args = ['--symmetric']
+ if cipher_algo:
+ args.append('--cipher-algo %s' % cipher_algo)
+ else:
+ args = ['--encrypt']
+ if not _is_sequence(recipients):
+ recipients = (recipients,)
+ for recipient in recipients:
+ args.append('--recipient "%s"' % recipient)
+ if armor: # create ascii-armored output - set to False for binary
+ args.append('--armor')
+ if output: # write the output to a file with the specified name
+ if os.path.exists(output):
+ os.remove(output) # to avoid overwrite confirmation message
+ args.append('--output "%s"' % output)
+ if sign:
+ args.append('--sign --default-key "%s"' % sign)
+ if always_trust:
+ args.append("--always-trust")
+ result = self.result_map['crypt'](self)
+ self._handle_io(args, file, result, passphrase=passphrase, binary=True)
+ logger.debug('encrypt result: %r', result.data)
+ return result