Move from PyCrypto to the newer, maintained cryptography package.

Review Request #8813 - Created March 12, 2017 and submitted

Christian Hammond
Review Board

PyCrypto's been unmaintained for a while, which in theory opens the door
to security issues. In practice, this doesn't truly affect us, as we
only use the AES encryption/decryption, which doesn't appear to have had
any security problems. However, from a user standpoint, it's easier to
install the new cryptography module and harder to install PyCrypto, and
it's better to have more modern options.

This change moves us over from PyCrypto fully to cryptography, updating
dependencies accordingly. This is fully backwards-compatible, meaning
that existing installs with encrypted content from PyCrypto will
continue to work with cryptography, and vice-versa if downgrading.

Documentation for the functions have also been added, helping to
clarify the types of encryption used.

Unit tests were added to ensure these operations continue to work and
that backwards-compatibility does not break.

Tested that all credentials on my development server made from PyCrypto
were properly loaded, and new credentials could be saved and then loaded

Unit tests pass.

  • 0
  • 0
  • 1
  • 1
  • 2
Description From Last Updated
Review Bot
David Trowbridge
Barret Rennie
Christian Hammond
Review request changed

Status: Closed (submitted)

Change Summary:

Pushed to release-2.5.x (1a450a4)