blob: a47ae2e3279d99a19c99e717e429218f48c7fbc1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
Fernet (Symmetric encryption)
=============================
.. currentmodule:: cryptography.fernet
`Fernet`_ is an implementation of symmetric (also known as "secret key")
authenticated cryptography. Fernet provides guarantees that a message encrypted
using it cannot be manipulated or read without the key.
.. class:: Fernet(key)
This class provides both encryption and decryption facilities.
.. doctest::
>>> from cryptography.fernet import Fernet
>>> key = Fernet.generate_key()
>>> f = Fernet(key)
>>> token = f.encrypt(b"my deep dark secret")
>>> token
'...'
>>> f.decrypt(token)
'my deep dark secret'
:param bytes key: A URL-safe base64-encoded 32-byte key. This **must** be
kept secret. Anyone with this key is able to create and
read messages.
.. classmethod:: generate_key()
Generates a fresh fernet key. Keep this some place safe! If you lose it
you'll no longer be able to decrypt messages; if anyone else gains
access to it, they'll be able to decrypt all of your messages, and
they'll also be able forge arbitrary messages which will be
authenticated and decrypted.
.. method:: encrypt(plaintext)
:param bytes plaintext: The message you would like to encrypt.
:returns bytes: A secure message which cannot be read or altered
without the key. It is URL-safe base64-encoded. This is
refered to as a "Fernet token". Note that this *does*
contain the current time when it was generated in
plaintext, the time a message was created will
therefore be visible to a possible attacker.
.. method:: decrypt(token, ttl=None)
:param bytes token: The Fernet token. This is the result of calling
:meth:`encrypt`.
:param int ttl: Optionally, the number of seconds old a message may be
for it to be valid. If the message is older than
``ttl`` seconds (from the time it was originally
created) an exception will be raised. If ``ttl`` is not
provided (or is ``None``), the age of the message is
not considered.
:returns bytes: The original plaintext.
:raises InvalidToken: If the ``token`` is in any way invalid, this
exception is raised. A token may be invalid for a
number of reasons: it is older than the ``ttl``,
it is malformed, or it does not have a valid
signature.
.. class:: InvalidToken
See :meth:`Fernet.decrypt` for more information.
.. _`Fernet`: https://github.com/fernet/spec/
|