Hash and encryption decorators

class minimalkv.crypt.HMACDecorator(secret_key, decorated_store, hashfunc=<built-in function openssl_sha256>)

HMAC authentication and integrity check decorator.

This decorator overrides the KeyValueStore.get(), KeyValueStore.get_file(), KeyValueStore.open(), KeyValueStore.put() and KeyValueStore.put_file() methods and alters the data that is store in the follow way:

First, the original data is stored while being fed to an hmac instance. The resulting hash is appended to the data as a binary string, every value stored therefore takes up an additional hmac_digestsize bytes.

Upon retrieval using any of KeyValueStore.get(), KeyValueStore.get_file() or KeyValueStore.open() methods, the data is checked as soon as the hash is readable. Since hashes are stored at the end, almost no extra memory is used when using streaming methods. However, KeyValueStore.get_file() and KeyValueStore.open() will only check the hash value once it is read, that is, at the end of the retrieval.

The decorator will protect against any modification of the stored data and ensures that only those with knowledge of the __secret_key can alter any data. The key used to store data is also used to extend the HMAC secret key, making it impossible to copy a valid message over to a different key.

exception minimalkv.crypt.VerificationException

Exception thrown if there was an error checking authenticity.