My Little Secret

I have been working on an installer system that needs to ask the user a bunch of questions, including passwords, and store the answers in an .ini so that if the user runs the installer again, they will get prefilled answers. After the first installation it should be possible to run the installer in a batch mode since all the answers were recorded. But being security conscious, I did not like all those passwords being stored in plain text.

Luckily for me, I had already implemented almost exactly what I needed in Chandler, namely the password manager feature of Chandler which encrypts account passwords with a master password. I just needed to rip out the Chandler-specific features to get a general purpose encryption and decryption library, which defaults to 256 bit AES (Rijndael) in CBC mode and derives a key from the master password using PBKDF2 algorithm. The encrypted data serializes to just text, which can appear in .ini file. The serialized form does not follow any standards. With a few extra lines of code it can also act as a utility to encrypt and decrypt files. Thus, m2secret was born. It is built using the M2Crypto library.

Here’s how you could use it:

import m2secret
 
# Encrypt
secret = m2secret.Secret()
secret.encrypt('my data', 'my master password')
serialized = secret.serialize()
 
# Decrypt
secret = m2secret.Secret()
secret.deserialize(serialized)
data = secret.decrypt('my master password')
 
assert data == 'my data'

The command line utility is called m2secret.

Installation should be as easy as easy_install m2secret.

Similar Posts:

    None Found