diff options
author | drebs <drebs@leap.se> | 2013-02-14 20:52:12 -0200 |
---|---|---|
committer | drebs <drebs@leap.se> | 2013-02-14 20:52:12 -0200 |
commit | 023bfa360d85387d2c76a9de9059bcb1b294006c (patch) | |
tree | d0dc496a91adda66dab9c0b0e9dc6873f42c02af | |
parent | 2005acb21a8ac678b5efb65873b1e0a56dd6a4ea (diff) |
Make gpg use AES256 for symmetric encryption.
-rw-r--r-- | __init__.py | 1 | ||||
-rw-r--r-- | util.py | 35 |
2 files changed, 34 insertions, 2 deletions
diff --git a/__init__.py b/__init__.py index 16a7da0c..6329cf30 100644 --- a/__init__.py +++ b/__init__.py @@ -70,7 +70,6 @@ class Soledad(object): # one for symmetric encryption. self._db = sqlcipher.open(self.LOCAL_DB_PATH, True, self._secret, soledad=self) - def close(self): """ @@ -5,6 +5,7 @@ Utilities for Soledad. import os import gnupg import re +from gnupg import logger class GPGWrapper(gnupg.GPG): @@ -39,7 +40,8 @@ class GPGWrapper(gnupg.GPG): return super(GPGWrapper, self).encrypt(data, recipient, sign=sign, always_trust=always_trust, passphrase=passphrase, - symmetric=symmetric) + symmetric=symmetric, + cipher_algo='AES256') def decrypt(self, data, always_trust=True, passphrase=None): """ @@ -63,3 +65,34 @@ class GPGWrapper(gnupg.GPG): gnupg.logger.debug('send_keys result: %r', result.__dict__) data.close() return result + + def encrypt_file(self, file, recipients, sign=None, + always_trust=False, passphrase=None, + armor=True, output=None, symmetric=False, + cipher_algo=None): + "Encrypt the message read from the file-like object 'file'" + args = ['--encrypt'] + if symmetric: + args = ['--symmetric'] + if cipher_algo: + args.append('--cipher-algo %s' % cipher_algo) + else: + args = ['--encrypt'] + if not _is_sequence(recipients): + recipients = (recipients,) + for recipient in recipients: + args.append('--recipient "%s"' % recipient) + if armor: # create ascii-armored output - set to False for binary + args.append('--armor') + if output: # write the output to a file with the specified name + if os.path.exists(output): + os.remove(output) # to avoid overwrite confirmation message + args.append('--output "%s"' % output) + if sign: + args.append('--sign --default-key "%s"' % sign) + if always_trust: + args.append("--always-trust") + result = self.result_map['crypt'](self) + self._handle_io(args, file, result, passphrase=passphrase, binary=True) + logger.debug('encrypt result: %r', result.data) + return result |