diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2013-11-22 10:25:13 -0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2013-11-22 10:25:13 -0800 |
| commit | 36597b4379bd62e520b9076072a030c73b85f471 (patch) | |
| tree | be6b32dc7ed2d1092dcf902223461d8fc904d90d | |
| parent | 7a121fce784efb6d436816d84ed01e873f251490 (diff) | |
| download | cryptography-36597b4379bd62e520b9076072a030c73b85f471.tar.gz cryptography-36597b4379bd62e520b9076072a030c73b85f471.tar.bz2 cryptography-36597b4379bd62e520b9076072a030c73b85f471.zip | |
An API for generating keys
| -rw-r--r-- | cryptography/fernet.py | 4 | ||||
| -rw-r--r-- | docs/fernet.rst | 13 | ||||
| -rw-r--r-- | tests/test_fernet.py | 2 |
3 files changed, 11 insertions, 8 deletions
diff --git a/cryptography/fernet.py b/cryptography/fernet.py index 1c6cb5dd..ba2ff4e3 100644 --- a/cryptography/fernet.py +++ b/cryptography/fernet.py @@ -67,6 +67,10 @@ class Fernet(object): self.encryption_key = key[16:] self.backend = backend + @classmethod + def generate_key(cls): + return base64.urlsafe_b64encode(os.urandom(32)) + def encrypt(self, data): current_time = int(time.time()) iv = os.urandom(16) diff --git a/docs/fernet.rst b/docs/fernet.rst index c95077bb..241bf1ea 100644 --- a/docs/fernet.rst +++ b/docs/fernet.rst @@ -3,13 +3,6 @@ Fernet .. currentmodule:: cryptography.fernet -.. testsetup:: - - import base64 - import binascii - key = base64.urlsafe_b64encode(binascii.unhexlify(b"0" * 64)) - - `Fernet`_ is an implementation of symmetric (also known as "secret key") authenticated cryptography. Fernet provides guarantees that a message encrypted using it cannot be manipulated or read without the key. @@ -21,6 +14,7 @@ using it cannot be manipulated or read without the key. .. doctest:: >>> from cryptography.fernet import Fernet + >>> key = Fernet.generate_key() >>> f = Fernet(key) >>> ciphertext = f.encrypt(b"my deep dark secret") >>> ciphertext @@ -32,6 +26,11 @@ using it cannot be manipulated or read without the key. kept secret. Anyone with this key is able to create and read messages. + .. classmethod:: generate_key() + + Generates a fresh fernet key. Keep this some place safe! If you lose it + you'll no longer be able to decrypt messages; if anyone else gains + access to it, they'll be able to decrypt all of your messages. .. method:: encrypt(plaintext) diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 8759229a..af64175e 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -76,5 +76,5 @@ class TestFernet(object): @pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xFF\x00\x80"]) def test_roundtrips(self, message): - f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32)) + f = Fernet(Fernet.generate_key()) assert f.decrypt(f.encrypt(message)) == message |