summaryrefslogtreecommitdiff
path: root/__init__.py
diff options
context:
space:
mode:
authordrebs <drebs@leap.se>2012-12-20 11:35:19 -0200
committerdrebs <drebs@leap.se>2012-12-20 11:35:19 -0200
commitd4e139929f6353d9b587ef201bd693e1502ab9f0 (patch)
tree91acaea49422facae8e689f7fba1f87a643bb520 /__init__.py
parent0799298acb902a7509f889bc01b22f610f8b0207 (diff)
Use doc_id with HMAC for symmetric encryption
Diffstat (limited to '__init__.py')
-rw-r--r--__init__.py14
1 files changed, 8 insertions, 6 deletions
diff --git a/__init__.py b/__init__.py
index 4325d773..9f5d6e22 100644
--- a/__init__.py
+++ b/__init__.py
@@ -6,6 +6,7 @@ import os
import string
import random
import cStringIO
+import hmac
from soledad.util import GPGWrapper
class Soledad(object):
@@ -39,7 +40,7 @@ class Soledad(object):
def _load_secret(self):
try:
with open(self.SECRET_PATH) as f:
- self._secret = self._gpg.decrypt(f.read())
+ self._secret = str(self._gpg.decrypt(f.read()))
except IOError as e:
raise IOError('Failed to open secret file %s.' % self.SECRET_PATH)
@@ -72,12 +73,13 @@ class Soledad(object):
return str(self._gpg.encrypt(data, self._fingerprint, sign=sign,
passphrase=passphrase, symmetric=symmetric))
- def encrypt_symmetric(self, data, sign=None):
- return self.encrypt(data, sign=sign, passphrase=self._secret,
- symmetric=True)
+ def encrypt_symmetric(self, doc_id, data, sign=None):
+ h = hmac.new(self._secret, doc_id).hexdigest()
+ return self.encrypt(data, sign=sign, passphrase=h, symmetric=True)
def decrypt(self, data, passphrase=None, symmetric=False):
return str(self._gpg.decrypt(data, passphrase=passphrase))
- def decrypt_symmetric(self, data):
- return self.decrypt(data, passphrase=self._secret)
+ def decrypt_symmetric(self, doc_id, data):
+ h = hmac.new(self._secret, doc_id).hexdigest()
+ return self.decrypt(data, passphrase=h)