Omnindex Journal 09/feb - Testing: is the file encrypted?
This is a journal I write while I build Omnindex, a search app, and post here, without much editing, just writing what comes to mind
Now that I have an endpoint to get the encryption key, I should be able to encrypt and decrypt the indexes on the brain, so let's do some python today. How am I going to test that? How do I check the file is encrypted? I thought of something…
I should not be able to pickle.load my index so easily, it should raise something because the file will be encrypted. Does it make sense?
Well, the test fails, let's try to fix it now…
Okay I spent some time looking up encryption libraries for Python, and I stopped at cryptography.io, seems well recommended, it has this Fernet encryption by default, what is this? Can't I get an AES? Oh wait a minute, it seems that Fernet does use AES underneath… hmm there is one library fernetex for elixir as well, maybe I could refactor my elixir code to use that… nah it doesn't seem to be very maintained, I will stick to the simple excrypto solution.
The instructions on how to use it are dead simple:
Oh but what about this key huh? Now I wonder, is this key compatible with the one I generate from elixir with ExCrypto? Well, both use AES underneath so I surely hope so. Let me try on the REPL and… yes, it works! Encrypts and decrypts with the key generated by ExCrypto, awesome, no trouble!
So I created a tiny module, just to wrap it up because later I will have to call the API here to actually retrieve the encryption key:
And I changed the code writing the file like this:
Done! Now its throwing an exception when I try to unpickle it because the file is encrypted, the exception is actually not a RuntimeException but a pickle.UnpicklingError, a small adjustment on the test aaand… the test passes! Cool
But now another test fails of course, this one:
Which basically expects us to load the index back from the disk, it fails of course because data is encrypted and we need to decrypt it, I will fix it now. Done, you can guess the code.
Now we need to get the real encryption key for the user, here is how I've done:
It was a bit tricky to mock it to get it working on the tests as well, but I could do it, seems to be working well.
Seems like Omnindex encryption story is pretty much done! :)