heat.common.crypt module¶
-
class
heat.common.crypt.
SymmetricCrypto
(enctype='AES')[source]¶ Bases:
object
Symmetric Key Crypto object.
This class creates a Symmetric Key Crypto object that can be used to decrypt arbitrary data.
Note: This is a reimplementation of the decryption algorithm from oslo-incubator, and is provided for backward compatibility. Once we have a db migration script available to re-encrypt using new encryption method as part of upgrade, this can be removed.
- Parameters
enctype – Encryption Cipher name (default: AES)
-
decrypt
(key, msg, b64decode=True)[source]¶ Decrypts the provided ciphertext.
The ciphertext can be optionally base64 encoded.
Uses AES-128-CBC with an IV by default.
- Parameters
key – The Encryption key.
msg – the ciphetext, the first block is the IV
- Returns
the plaintext message, after padding is removed.
-
heat.common.crypt.
decrypted_dict
(data, encryption_key=None)[source]¶ Return a decrypted dict. Assume input values are encrypted json fields.
-
heat.common.crypt.
encrypted_dict
(data, encryption_key=None)[source]¶ Return an encrypted dict. Values converted to json before encrypted
-
heat.common.crypt.
heat_decrypt
(value, encryption_key=None)[source]¶ Decrypt data that has been encrypted using an older version of Heat.
Note: the encrypt function returns the function that is needed to decrypt the data. The database then stores this. When the data is then retrieved (potentially by a later version of Heat) the decrypt function must still exist. So whilst it may seem that this function is not referenced, it will be referenced from the database.