Secure Cell passphrase API: PyThemis #596
Merged
Commits on Feb 28, 2020
-
SCell passphrase API in PyThemis
Add support for passphrase API by extending SCellSeal construction API. It is possible to add via Python's __new__ special method which may return an instance of a diffrent class (typically, more appropriate subclass). We introduce a SCellSealPassphrase subclass with the same API but different implementation of "encrypt" and "decrypt" methods. To make things easier we also add a SecureCellError to provide more contexts in exceptions without making error messages too long. Initially a different syntax was planned: SCellSeal.with_passphrase('a secret') SCellSeal.with_key(binary_master_key) It had a noble idea of maintaining similarity with other languages which do not have named arguments. However, after updating tests and examples this syntax came off as unnatural and non-Pythonic. -
Those are mostly straighforward. Also, update existing tests for master key API and ensure that positional arguments to Secure Cell constuctors are interpreted as keys, not passphrases. Another change is update of tests to use a proper master key instead of a fixed password with master key API.
-
-
Update Secure Cell code examples
The main showcase has been reworked completely to demonstrate API. Other examples got cosmetic updates to avoid using 'passwords' when in fact they work with master keys.
-
-
Optional "encoding=" argument for passphrases
Instead of forcing the users to do '.encode(...)' calls themselves, adhere to standard Python practice of accepting an "encoding" argument with specified default encoding.
-
Use "six" library for Python 2/3 compatibility
Instead of writing type hacks, use a compatibility library. This should make it easier to convert PyThemis into Python 3-only when we decide to drop Python 2 compatibility. We will need to replace all "six" calls with native equivalents.
Commits on Mar 2, 2020
Commits on Mar 5, 2020
-
-
Raise warnings for possible misuse of master key API
Raise warnings instead of exceptions when we suspect that master key API is misused with strings. Since we're not introducing a new API, it would be rude to break Existing Code with unannounced exceptions. Howerver, we cannot pass on the possible misuse either. Master key API should not be used with strings. Currently, if you pass a Unicode string, it will be encoded in some internal encoding (usually UTF-8, but this may not be the case on Windows). Master key API should not be used with human-readable strings due to security concerns. Produce a warning when we see master key API to be used with types that we previously allowed but no longer recommend. Provide suggestions on what API should be used instead. This warns the user of possible misuse (if they pay attention to warnings) and does not break production code, which will keep the old behavior of misusing strings as master keys.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.