dabo Commit
Revision 5584
Date: 2010-01-03 12:13:57 -0800 (Sun, 03 Jan 2010)
Author: Ed
Trac: http://trac.dabodev.com/changeset/5584
Changed:
U trunk/dabo/lib/SimpleCrypt.py
U trunk/dabo/settings.py
Log:
Added support for using the DES module of the Crypto.Cipher package. If that is
installed, and the setting for 'dabo.cryptoKeyDES' is set to a string,
SimpleCrypt will use the DES module instead of the relatively weak default Dabo
encryption.
Diff:
Modified: trunk/dabo/lib/SimpleCrypt.py
===================================================================
--- trunk/dabo/lib/SimpleCrypt.py 2010-01-03 15:26:00 UTC (rev 5583)
+++ trunk/dabo/lib/SimpleCrypt.py 2010-01-03 20:13:57 UTC (rev 5584)
@@ -1,7 +1,10 @@
# -*- coding: utf-8 -*-
import random
import warnings
+import base64
+import dabo
+
class SimpleCrypt(object):
""" Provides basic encryption for Dabo. Perhaps a better term would
be 'obscure' rather than 'encrypt', since the latter implies strong
@@ -15,32 +18,77 @@
encrypt(val)
decrypt(val)
- Thanks to Raymond Hettinger for this code, originally found on
+ Thanks to Raymond Hettinger for the default (non-DES) code, originally
found on
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/266586
"""
+ def __init__(self):
+ super(SimpleCrypt, self).__init__()
+ self._cryptoProvider = None
+ # If the Crypto package is available, use it.
+ useDES = True
+ try:
+ from Crypto.Cipher import DES
+ except ImportError:
+ useDES = False
+ try:
+ ckey = dabo.cryptoKeyDES[:8].rjust(8, "@")
+ except TypeError:
+ dabo.errorLog.write("The 'cryptoKey' value has not been
configured in dabo")
+ useDES = False
+ if useDES:
+ self._cryptoProvider = DES.new(ckey,
DES.MODE_ECB)
+
def showWarning(self):
warnings.warn("WARNING: SimpleCrypt is not secure. Please see
http://wiki.dabodev.com/SimpleCrypt for more information")
def encrypt(self, aString):
- self.showWarning()
- tmpKey = self.generateKey(aString)
- myRand = random.Random(tmpKey).randrange
- crypted = [chr(ord(elem)^myRand(256)) for elem in aString]
- hex = self.strToHex("".join(crypted))
- ret = "".join([tmpKey[i/2] + hex[i:i+2] for i in range(0,
len(hex), 2)])
- return ret
+ if not aString:
+ return ""
+ try:
+ # If we are not using
+ encMethod = self._cryptoProvider.encrypt
+ # Strings must be multiples of 8 in length
+ padlen = 0
+ pad = ""
+ diffToEight = len(aString) % 8
+ if diffToEight:
+ padlen = 8 - diffToEight
+ pad = "@" * padlen
+ padVal = "%s%s" % (aString, pad)
+ ret = "%s%s" % (padlen, encMethod(padVal))
+ ret = base64.b64encode(ret)
+ return ret
+ except AttributeError:
+ self.showWarning()
+ tmpKey = self.generateKey(aString)
+ myRand = random.Random(tmpKey).randrange
+ crypted = [chr(ord(elem)^myRand(256)) for elem in
aString]
+ hex = self.strToHex("".join(crypted))
+ ret = "".join([tmpKey[i/2] + hex[i:i+2] for i in
range(0, len(hex), 2)])
+ return ret
def decrypt(self, aString):
- self.showWarning()
- tmpKey = "".join([aString[i] for i in range(0, len(aString),
3)])
- val = "".join([aString[i+1:i+3] for i in range(0, len(aString),
3)])
- myRand = random.Random(tmpKey).randrange
- out = self.hexToStr(val)
- decrypted = [chr(ord(elem)^myRand(256)) for elem in out]
- return "".join(decrypted)
+ if not aString:
+ return ""
+ try:
+ decString = base64.b64decode(aString)
+ padlen = int(decString[0])
+ encval = decString[1:]
+ ret = self._cryptoProvider.decrypt(encval)
+ if padlen:
+ ret = ret[:-padlen]
+ return ret
+ except AttributeError:
+ self.showWarning()
+ tmpKey = "".join([aString[i] for i in range(0,
len(aString), 3)])
+ val = "".join([aString[i+1:i+3] for i in range(0,
len(aString), 3)])
+ myRand = random.Random(tmpKey).randrange
+ out = self.hexToStr(val)
+ decrypted = [chr(ord(elem)^myRand(256)) for elem in out]
+ return "".join(decrypted)
def generateKey(self, s):
Modified: trunk/dabo/settings.py
===================================================================
--- trunk/dabo/settings.py 2010-01-03 15:26:00 UTC (rev 5583)
+++ trunk/dabo/settings.py 2010-01-03 20:13:57 UTC (rev 5584)
@@ -175,12 +175,16 @@
# URL of the Web Update server
webupdate_urlbase = "http://daboserver.com/webupdate";
-
+# Customized encryption key if using the DES cipher from the Crypto package.
+# If you are using that package, you need to override this in the
settings_override.py
+# file to something unique for your application.
+cryptoKeyDES = None
+
+
### Settings - end
# Do not copy/paste anything below this line into settings_override.py.
-
try:
from settings_override import *
except ImportError:
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://leafe.com/mailman/listinfo/dabo-dev
Searchable Archives: http://leafe.com/archives/search/dabo-dev
This message:
http://leafe.com/archives/byMID/[email protected]
