-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
87 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
############################################################################## | ||
# | ||
# Copyright (c) 2008 Zope Foundation and Contributors. | ||
# All Rights Reserved. | ||
# | ||
# This software is subject to the provisions of the Zope Public License, | ||
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. | ||
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED | ||
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS | ||
# FOR A PARTICULAR PURPOSE. | ||
# | ||
############################################################################## | ||
""" | ||
$Id | ||
""" | ||
__docformat__ = "reStructuredText" | ||
|
||
from zope.interface import implements | ||
|
||
from keas.kmi.interfaces import IKeyHolder | ||
|
||
|
||
class KeyHolder(object): | ||
"""A key holder utility that loads the key from a file and keeps it in RAM.""" | ||
|
||
implements(IKeyHolder) | ||
|
||
def __init__(self, filename): | ||
self.key = file(filename, 'rb').read() | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
=================== | ||
Database key holder | ||
=================== | ||
|
||
If you want to have encrypted objects in the database, you need to store the | ||
key encrypting key somewhere. A DatabaseKeyHolder stores it in the database | ||
alongside your encrypted objects. This is convenient, and slightly secure: | ||
If someone steals your database, they won't be able to decrypt your data | ||
without gaining access to the Key Management Server. | ||
|
||
>>> from keas.kmi.keyholder import DatabaseKeyHolder | ||
>>> from keas.kmi.interfaces import IKeyHolder | ||
>>> from zope.interface.verify import verifyObject | ||
>>> holder = DatabaseKeyHolder() | ||
>>> verifyObject(IKeyHolder, holder) | ||
True | ||
|
||
Initially there is no key | ||
|
||
>>> holder.key | ||
|
||
We can set it | ||
|
||
>>> holder.key = 'xyzzy' | ||
>>> holder.key | ||
'xyzzy' | ||
|
||
It is actually stored in the database | ||
|
||
>>> from keas.kmi.keyholder improt KEY | ||
>>> from zope.component import getUtility | ||
>>> from ZODB.interfaces import IDatabase | ||
>>> getUtility(IDatabase).open().root()[KEY] | ||
'xyzzy' | ||
|
||
You cannot change the key once it's set | ||
|
||
>>> holder.key = 'wubawuba' | ||
Traceback (most recent call last): | ||
... | ||
ValueError: waaah | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters