def upload_photo_id_image(self, img_data): """ Upload an the user's photo ID image. `img_data` should be a raw bytestream of a PNG image. This method will take the data, encrypt it using a randomly generated AES key, encode it with base64 and save it to the storage backend. The random key is also encrypted using Software Secure's public RSA key and stored in our `photo_id_key` field. Yes, encoding it to base64 adds compute and disk usage without much real benefit, but that's what the other end of this API is expecting to get. """ # Skip this whole thing if we're running acceptance tests or if we're # developing and aren't interested in working on student identity # verification functionality. If you do want to work on it, you have to # explicitly enable these in your private settings. if settings.FEATURES.get('AUTOMATIC_VERIFY_STUDENT_IDENTITY_FOR_TESTING'): # fake photo id key is set only for initial verification self.photo_id_key = 'fake-photo-id-key' self.save() return aes_key = random_aes_key() rsa_key_str = settings.VERIFY_STUDENT["SOFTWARE_SECURE"]["RSA_PUBLIC_KEY"] rsa_encrypted_aes_key = rsa_encrypt(aes_key, rsa_key_str) # Save this to the storage backend path = self._get_path("photo_id") buff = ContentFile(encrypt_and_encode(img_data, aes_key)) self._storage.save(path, buff) # Update our record fields self.photo_id_key = rsa_encrypted_aes_key.encode('base64') self.save()
def upload_photo_id_image(self, img_data): """ Upload an the user's photo ID image. `img_data` should be a raw bytestream of a PNG image. This method will take the data, encrypt it using a randomly generated AES key, encode it with base64 and save it to the storage backend. The random key is also encrypted using Software Secure's public RSA key and stored in our `photo_id_key` field. Yes, encoding it to base64 adds compute and disk usage without much real benefit, but that's what the other end of this API is expecting to get. """ # Skip this whole thing if we're running acceptance tests or if we're # developing and aren't interested in working on student identity # verification functionality. If you do want to work on it, you have to # explicitly enable these in your private settings. if settings.FEATURES.get('AUTOMATIC_VERIFY_STUDENT_IDENTITY_FOR_TESTING'): # fake photo id key is set only for initial verification self.photo_id_key = 'fake-photo-id-key' self.save() return aes_key = random_aes_key() rsa_key_str = settings.VERIFY_STUDENT["SOFTWARE_SECURE"]["RSA_PUBLIC_KEY"] rsa_encrypted_aes_key = rsa_encrypt(aes_key, rsa_key_str) # Save this to the storage backend path = self._get_path("photo_id") buff = ContentFile(encrypt_and_encode(img_data, aes_key)) self._storage.save(path, buff) # Update our record fields self.photo_id_key = rsa_encrypted_aes_key.encode('base64') self.save()
def upload_face_image(self, img_data): """ Upload an image of the user's face. `img_data` should be a raw bytestream of a PNG image. This method will take the data, encrypt it using our FACE_IMAGE_AES_KEY, encode it with base64 and save it to the storage backend. Yes, encoding it to base64 adds compute and disk usage without much real benefit, but that's what the other end of this API is expecting to get. """ # Skip this whole thing if we're running acceptance tests or if we're # developing and aren't interested in working on student identity # verification functionality. If you do want to work on it, you have to # explicitly enable these in your private settings. if settings.FEATURES.get( 'AUTOMATIC_VERIFY_STUDENT_IDENTITY_FOR_TESTING'): return aes_key_str = settings.VERIFY_STUDENT["SOFTWARE_SECURE"][ "FACE_IMAGE_AES_KEY"] aes_key = aes_key_str.decode("hex") path = self._get_path("face") buff = ContentFile(encrypt_and_encode(img_data, aes_key)) self._storage.save(path, buff)
def assert_roundtrip(data): """ Verify that the original data is retrieved after encrypting and decrypting, and again when also using base64 encoding/decoding. """ assert aes_decrypt(aes_encrypt(data, AES_KEY_BYTES), AES_KEY_BYTES) == data assert decode_and_decrypt(encrypt_and_encode(data, AES_KEY_BYTES), AES_KEY_BYTES) == data
def assert_roundtrip(data): """ Verify that the original data is retrieved after encrypting and decrypting, and again when also using base64 encoding/decoding. """ assert aes_decrypt(aes_encrypt(data, AES_KEY_BYTES), AES_KEY_BYTES) == data assert decode_and_decrypt(encrypt_and_encode(data, AES_KEY_BYTES), AES_KEY_BYTES) == data
def assert_roundtrip(text): assert_equals(text, aes_decrypt(aes_encrypt(text, key), key)) assert_equals( text, decode_and_decrypt( encrypt_and_encode(text, key), key ) )
def upload_face_image(self, img_data): """ Upload an image of the user's face. `img_data` should be a raw bytestream of a PNG image. This method will take the data, encrypt it using our FACE_IMAGE_AES_KEY, encode it with base64 and save it to the storage backend. Yes, encoding it to base64 adds compute and disk usage without much real benefit, but that's what the other end of this API is expecting to get. """ # Skip this whole thing if we're running acceptance tests or if we're # developing and aren't interested in working on student identity # verification functionality. If you do want to work on it, you have to # explicitly enable these in your private settings. if settings.FEATURES.get('AUTOMATIC_VERIFY_STUDENT_IDENTITY_FOR_TESTING'): return aes_key_str = settings.VERIFY_STUDENT["SOFTWARE_SECURE"]["FACE_IMAGE_AES_KEY"] aes_key = aes_key_str.decode("hex") path = self._get_path("face") buff = ContentFile(encrypt_and_encode(img_data, aes_key)) self._storage.save(path, buff)
def assert_roundtrip(text): assert_equals(text, aes_decrypt(aes_encrypt(text, key), key)) assert_equals(text, decode_and_decrypt(encrypt_and_encode(text, key), key))