Stack Exchange network consists of 183 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.
Visit Stack Exchange
Stack Internal
Knowledge at work
Bring the best of human thought and AI automation together at your work.
Explore Stack Internalhttp://stackoverflow.com/questions/20852664/python-pycrypto-encrypt-decrypt-text-files-with-aeshttps://stackoverflow.com/questions/20852664/python-pycrypto-encrypt-decrypt-text-files-with-aes
http://stackoverflow.com/questions/4102761/python-config-parser-cache-to-reduce-i-o-on-an-embedded-systemhttps://stackoverflow.com/questions/4102761/python-config-parser-cache-to-reduce-i-o-on-an-embedded-system
I'I'm writing a tool, whichto manage our application.
To, specifically to store passwords in encrypted view -. I made a class which is based on two posts:
Cleartext file (it's doesn'tnot stored in projectэыproject's repository) looks like:
All I want is to hide plaintext from the source code - it's not intended to be super-secure against hackers.
What is wrong or can it be done better here?
I' writing tool, which manage our application.
To store passwords in encrypted view - I made class which based on two posts:
Cleartext file (it's doesn't stored in projectэы repository) looks like:
All I want is to hide plaintext from source code - it's not intended to be super-secure against hackers.
What wrong or can be done better here?
I'm writing a tool, to manage our application, specifically to store passwords in encrypted view. I made a class which is based on two posts:
Cleartext file (it's not stored in project's repository) looks like:
All I want is to hide plaintext from the source code - it's not intended to be super-secure against hackers.
What is wrong or can it be done better here?
I' writing tool, which manage our application.
To store passwords in encrypted view - I made class which based on two posts:
http://stackoverflow.com/questions/20852664/python-pycrypto-encrypt-decrypt-text-files-with-aes
and:
#!/usr/bin/env python import os import StringIO import hashlib from Crypto import Random from Crypto.Cipher import AES from lib.shared import ConfigParser class RDSCryptor(object): def __init__(self, rdsmanager_local_path): password = 'password' self.key = hashlib.sha256(password).digest() self.passfile_enc = os.path.join(rdsmanager_local_path, 'conf', 'credentials.txt.enc') self.passfile_clear = os.path.join(rdsmanager_local_path, 'conf', 'credentials.txt') def pad(self, s): return s + b"\0" * (AES.block_size - len(s) % AES.block_size) def encrypt(self, message): message = self.pad(message) iv = Random.new().read(AES.block_size) cipher = AES.new(self.key, AES.MODE_CBC, iv) return iv + cipher.encrypt(message) def decrypt(self, ciphertext): iv = ciphertext[:AES.block_size] cipher = AES.new(self.key, AES.MODE_CBC, iv) plaintext = cipher.decrypt(ciphertext[AES.block_size:]) return plaintext.rstrip(b"\0") def encrypt_file(self): with open(self.passfile_enc, 'rb') as fo: plaintext = fo.read() enc = self.encrypt(plaintext) with open(self.passfile_enc + '.enc', 'wb') as fo: fo.write(enc) def decrypt_file(self): with open(self.passfile_enc, 'rb') as fo: ciphertext = fo.read() dec = self.decrypt(ciphertext) return dec def get_credentials(self, section, option): buf = StringIO.StringIO(self.decrypt_file()) config = ConfigParser.ConfigParser() config.readfp(buf) return config.get(section, option) Cleartext file (it's doesn't stored in projectэы repository) looks like:
[cloudlibrary] clc_user = username clc_password = password [kantar_smtp] smtpconnect_user = username smtpconnect_password = password
Thet - this class used in main tool's script with:
... # Cloudlibrary access data crypto = RDSCryptor(rdsmanager_local_path) clc_user = crypto.get_credentials('cloudlibrary', 'clc_user') clc_password = crypto.get_credentials('cloudlibrary', 'clc_password') # Sendmail credentials smtpconnect_user = crypto.get_credentials('kantar_smtp', 'smtpconnect_user') smtpconnect_password = crypto.get_credentials('kantar_smtp', 'smtpconnect_password') ... All I want is to hide plaintext from source code - it's not intended to be super-secure against hackers.
What wrong or can be done better here?