heat.common.crypt module¶
- class heat.common.crypt.SymmetricCrypto(enctype='AES')[source]¶
Bases:
object
Symmetric Key Crypto object.
This class creates a Symmetric Key Crypto object that can be used to decrypt arbitrary data.
Note: This is a reimplementation of the decryption algorithm from oslo-incubator, and is provided for backward compatibility. Once we have a DB migration script available to re-encrypt using new encryption method as part of upgrade, this can be removed.
- Parameters:
enctype – Encryption Cipher name (default: AES)
- decrypt(key, msg, b64decode=True)[source]¶
Decrypts the provided ciphertext.
The ciphertext can be optionally base64 encoded.
Uses AES-128-CBC with an IV by default.
- Parameters:
key – The Encryption key.
msg – the ciphetext, the first block is the IV
- Returns:
the plaintext message, after padding is removed.
- heat.common.crypt.decrypted_dict(data, encryption_key=None)[source]¶
Return a decrypted dict. Assume input values are encrypted json fields.
- heat.common.crypt.encrypted_dict(data, encryption_key=None)[source]¶
Return an encrypted dict. Values converted to json before encrypted
- heat.common.crypt.heat_decrypt(value, encryption_key=None)[source]¶
Decrypt data that has been encrypted using an older version of Heat.
Note: the encrypt function returns the function that is needed to decrypt the data. The database then stores this. When the data is then retrieved (potentially by a later version of Heat) the decrypt function must still exist. So whilst it may seem that this function is not referenced, it will be referenced from the database.