U S¤ðW~ã @sÞdZddlZddlZddlTddlmZzddlmZWnBe k rzzddl mZWne k rte dƒ‚YnXYnXe  ej e ¡e  eje ¡e  eje ¡Gdd„deƒZGd d „d eeƒZGd d „d eeƒZdS) a„ Peewee integration with pysqlcipher. Project page: https://github.com/leapcode/pysqlcipher/ **WARNING!!! EXPERIMENTAL!!!** * Although this extention's code is short, it has not been propery peer-reviewed yet and may have introduced vulnerabilities. * The code contains minimum values for `passphrase` length and `kdf_iter`, as well as a default value for the later. **Do not** regard these numbers as advice. Consult the docs at http://sqlcipher.net/sqlcipher-api/ and security experts. Also note that this code relies on pysqlcipher and sqlcipher, and the code there might have vulnerabilities as well, but since these are widely used crypto modules, we can expect "short zero days" there. Example usage: from peewee.playground.ciphersql_ext import SqlCipherDatabase db = SqlCipherDatabase('/path/to/my.db', passphrase="don'tuseme4real", kdf_iter=1000000) * `passphrase`: should be "long enough". Note that *length beats vocabulary* (much exponential), and even a lowercase-only passphrase like easytorememberyethardforotherstoguess packs more noise than 8 random printable chatacters and *can* be memorized. * `kdf_iter`: Should be "as much as the weakest target machine can afford". When opening an existing database, passphrase and kdf_iter should be identical to the ones used when creating it. If they're wrong, an exception will only be raised **when you access the database**. If you need to ask for an interactive passphrase, here's example code you can put after the `db = ...` line: try: # Just access the database so that it checks the encryption. db.get_tables() # We're looking for a DatabaseError with a specific error message. except peewee.DatabaseError as e: # Check whether the message *means* "passphrase is wrong" if e.args[0] == 'file is encrypted or is not a database': raise Exception('Developer should Prompt user for passphrase ' 'again.') else: # A different DatabaseError. Raise it. raise e See a more elaborate example with this code at https://gist.github.com/thedod/11048875 éN)Ú*)ÚSqliteExtDatabase)Údbapi2z$Sqlcipher python bindings not found.c@seZdZdd„ZdS)Ú_SqlCipherDatabasecKs„| dd¡}| dd¡}t|ƒdkr,tdƒ‚|r@|dkr@tdƒ‚tj|f|Ž}| |¡| d  | d d ¡¡¡| d  |¡¡|S) NÚ passphraseÚÚkdf_iteriúézESqlCipherDatabase passphrase should be at least eight character long.i'z4SqlCipherDatabase kdf_iter should be at least 10000.zPRAGMA key='{0}'ú'z''zPRAGMA kdf_iter={0:d}) ÚpopÚlenZImproperlyConfiguredÚ sqlcipherZconnectZ_add_conn_hooksZexecuteÚformatÚreplace)ÚselfZdatabaseÚkwargsrrÚconn©rú/sqlcipher_ext.pyÚ_connectHs"   ÿ ÿ ÿz_SqlCipherDatabase._connectN)Ú__name__Ú __module__Ú __qualname__rrrrrrGsrc@s eZdZdS)ÚSqlCipherDatabaseN)rrrrrrrr]srcs(eZdZ‡fdd„Z‡fdd„Z‡ZS)ÚSqlCipherExtDatabasecsd|d<tt|ƒj||ŽdS)NFZ c_extensions)ÚsuperrÚ__init__)rÚargsr©Ú __class__rrrbszSqlCipherExtDatabase.__init__cshtt|ƒj||Ž}| |¡| |¡| |¡|jr>|j|_|jrd|  d¡|jD]}|  |¡qT|S)NT) rrrZ_load_aggregatesZ_load_collationsZ_load_functionsZ _row_factoryZ row_factoryZ _extensionsZenable_load_extensionZload_extension)rrrrÚ extensionrrrrfs      zSqlCipherExtDatabase._connect)rrrrrÚ __classcell__rrrrras r)Ú__doc__ZdatetimeZdecimalZpeeweeZplayhouse.sqlite_extrZ pysqlcipherrr Ú ImportErrorZ pysqlcipher3Zregister_adapterZDecimalÚstrÚdateÚtimeÚobjectrZSqliteDatabaserrrrrrÚs"4