This interface is similar to that of the original rotor module, but it uses better encryption
algorithms. AES is a popular private key encryption algorithm. It requires a fixed length
key and a data string to have a length that is a multiple of 16 bytes.
Unfortunately, this is not part of standard Python, may be subject to U.S. (and other
countries’) export controls in binary form at this writing, and is too large and complex
a topic for us to address in this text. This makes it less than universally applicable; at
the least, shipping its binary installer with this book’s examples package may require
legal expertise. And since data encryption is a core requirement of PyMailCGI, this
seems too strong an external dependency.
The real showstopper for this book’s fourth edition, though, is that PyCrypto is a 2.X-
only system not yet available for Python 3.X today; this makes it unusable with the
examples in this book. Still, if you are able to install and learn PyCrypto, this can be a
powerful solution. For more details, search for PyCrypto on the Web.
HTTPS: Secure HTTP transmissions
Provided you are using a server that supports secure HTTP, you can simply write HTML
and delegate the encryption to the web server and browser. As long as both ends of the
transmission support this protocol, it is probably the ultimate encrypting solution for
web security. In fact, it is used by most e-commerce sites on the Web today.
Secure HTTP (HTTPS) is designated in URLs by using the protocol name https://
rather than http://. Under HTTPS, data is still sent with the usual HTTP protocol, but
it is encrypted with the SSL secure sockets layer. HTTPS is supported by most web
browsers and can be configured in most web servers, including Apache and the
webserver.py script that we are running locally in this chapter. If SSL support is com-
piled into your Python, Python sockets support it with ssl module socket wrappers,
and the client-side module urllib.request we met in Chapter 13 supports HTTPS.
Unfortunately, enabling secure HTTP in a web server requires more configuration and
background knowledge than we can cover here, and it may require installing tools
outside the standard Python release. If you want to explore this issue further, search
the Web for resources on setting up a Python-coded HTTPS server that supports SSL
secure communications. As one possible lead, see the third-party M2Crypto package’s
OpenSSL wrapper support for password encryption, HTTPS in urllib, and more; this
could be a viable alternative to manual encryption, but it is not yet available for Python
3.X at this writing.
Also see the Web for more details on HTTPS in general. It is not impossible that some
of the HTTPS extensions for Python’s standard web server classes may make their way
into the Python standard library in the future, but they have not in recent years, perhaps
reflecting the classes’ intended roles—they provide limited functionality for use in lo-
cally running servers oriented toward testing, not deployment.
Utility Modules | 1281