NPc@sdZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z dZ dZ dZ de ZdefdYZd efd YZd efd YZd efdYZdefdYZdefdYZdefdYZdefdYZdZdefdYZdefdYZdefdYZdefdYZd efd!YZdS("s Collection of all Keyczar classes used to perform cryptographic functions: encrypt, decrypt, sign and verify. @author: arkajit.dey@gmail.com (Arkajit Dey) iNitiitKeyczarcBseZdZejZdZedddZedddZ dZ dZ e d Z d Zd Zd ZRS( sAbstract Keyczar base class.cCs<tjj|j|_i|_d|_|jjj |_ |j |jj spt j d|jj n|jjrt|tj rt j dnx|jjD]}|jtjkr|jdk rt j dn||_ntj|jj|j|j}||j|<||j|jFstdocsList of versions in key set.cCs|j|jS(N(RR (R((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR$Iss!The primary key for this key set.cCs t|jS(N(tstrR(R((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyt__str__LscCsHt|d}|tkr.tj|n|jtj|dS(s Parse the header and verify version, format info. Return key if exists. @param header: the bytes of the header of Keyczar output @type header: string @return: the key identified by the hash in the header @rtype: L{keys.Key} @raise BadVersionError: if header specifies an illegal version @raise KeyNotFoundError: if key specified in header doesn't exist ii(tordtVERSIONRtBadVersionErrorRtutiltBase64WSEncode(RtheaderR((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyt _ParseHeaderOs  cCsttj|S(s  Return a Keyczar object created from FileReader at given location. @param location: pathname of the directory storing the key files @type location: string @return: a Keyczar to manage the keys stored at the given location @rtype: L{Keyczar} (RRt CreateReader(tlocation((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRas cCsdS(s4Indicates whether purpose is valid. Abstract method.N((RR ((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR nscCs6y|j|SWn tk r1tj|nXdS(sx Returns the key associated with the given key_id, a hash or a version. @param key_id: Either the hash identifier of the key or its version. @type key_id: string or L{keydata.KeyVersion} @return: key associated with this key_id or None if key_id doesn't exist. @rtype: L{keys.Key} @raise KeyNotFoundError: if key with given key_id doesn't exist N(RtKeyErrorRtKeyNotFoundError(Rtkey_id((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRqs  cCs/||j|<|j|j<|jj|dS(N(RRRt AddVersion(RRR ((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyt_AddKeys(t__name__t __module__t__doc__R+tABCMetat __metaclass__R!tpropertyRt primary_keyR'R.t staticmethodRR RR5(((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR(s          tGenericKeyczarcBseeZdZedZdZd dZdZdZ dZ d dZ d dZ RS( sTo be used by Keyczart.cCsttj|S(sBReturn a GenericKeyczar created from FileReader at given location.(R>RR/(R0((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRscCstS(sAll purposes ok for Keyczart.(tTrue(RR ((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR scCsX|dkr|j}n|jjj|sCtjd|nd}x,|jD]!}||jkrS|j}qSqSWt j |d|t }|t j kr|jdk rt j|j_n||_n||jkrd||jt|jjfGHnxAtrCtj|jj|}|jj|jdkrPqqW|j||dS(sY Adds a new key version with given status to key set. Generates a new key of same type (repeated until hash identifier is unique) for this version. Uses supplied key size (if provided) in lieu of the default key size. If this is an unacceptable key size, raises an error. Uses next available version number. @param status: the status of the new key to be added @type status: L{keyinfo.KeyStatus} @param size: size of key in bits, uses default size if not provided. @type size: integer @raise KeyczarError: if either key type or key size is unsupported. sUnsupported key size %d bits.iisYWARNING: %d-bit key size is less than recommended default keysize of %d bits for %s keys.N(RR RR t IsValidSizeRRRRRR"tFalseRRR tACTIVERR&R?RtGenKeyRtgetRR5(RRtsizetmax_version_numberRR ((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR4s*   ! cCs|jj|}|jtjkr6tjdnl|jtjkrtj|_|jdk rutj|j_n||_n!|jtj krtj|_ndS(sG Promotes the status of key with given version number. Promoting ACTIVE key automatically demotes current PRIMARY key to ACTIVE. @param version_number: the version number to promote @type version_number: integer @raise KeyczarError: if invalid version number or trying to promote a primary key sCan't promote a primary key.N( Rt GetVersionRRRRRRBR RtINACTIVE(RRR((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pytPromotes   cCs|jj|}|jtjkr<tj|_d|_nE|jtjkr]tj|_n$|jtjkrt j dndS(sU Demotes the status of key with given version number. Demoting PRIMARY key results in a key set with no primary version. @param version_number: the version number to demote @type version_number: integer @raise KeyczarError: if invalid version number or trying to demote an inactive key, use L{Revoke} instead. s*Can't demote an inactive key, only revoke.N( RRGRRRRBRR RHRR(RRR((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pytDemotes   cCsJ|jj|}|jtjkr7|jj|ntjddS(s Revokes the key with given version number if scheduled to be revoked. @param version_number: integer version number to revoke @type version_number: integer @raise KeyczarError: if invalid version number or key is not inactive. s!Can't revoke key if not inactive.N(RRGRRRHt RemoveVersionRR(RRR((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pytRevokes cCs|j}d}|jtjkrT|jtjkrTtj|j tj tj }n{|jtj kr|jtj krtj|j tjtj}q|jtjkrtj|j tj tj}qn|dkrtjdnxz|jD]o}|j||j|j}|r8|j|j|qtjt|tjj|t|jqW|r|||_n%tjt|tjj|ddS(sCExport the public keys corresponding to our key set to destination.sCannot export public keytmetaN(RRR RtDSA_PRIVR tSIGN_AND_VERIFYRRtnametVERIFYtDSA_PUBtRSA_PRIVtDECRYPT_AND_ENCRYPTtENCRYPTtRSA_PUBRRRR4Rt public_keyt SetPubKeyRR+t WriteFileR&tostpathtjointpubkmd(RtdesttmocktkmdR]tvtpubkey((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pytPublicKeyExports( $!!$  2 cCst|tr1tj|}tjdtn|dk |j_ |j |jx0|j D]%}|j |j ||j|q]WdS(s' Write this key set to the specified location. @param writer: where to write the key set @type writer: Writer or file path (deprecated) @param encrypter: which encryption to use for this key set. Use None to write an unencrypted key set. @type encrypter: Encrypter sDUsing a string as the writer is deprecated. Use writers.CreateWriterN(Rt basestringtwriterst CreateWritertwarningstwarntDeprecationWarningRRRt WriteMetadataRtWriteKeyRR(Rtwritert encrypterRa((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pytWrites  N( R6R7R8R=RR RR4RIRJRLRcRn(((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR>s  1    t EncryptercBsDeZdZedZdZejdZej dZ RS(sCapable of encrypting only.cCsttj|S(s< Return an Encrypter object created from FileReader at given location. @param location: pathname of the directory storing the key files @type location: string @return: an Encrypter to manage the keys stored at the given location and perform encryption functions. @rtype: L{Encrypter} (RoRR/(R0((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR0s cCs|tjkp|tjkS(s*Only valid if purpose includes encrypting.(RRURT(RR ((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR >scCsG|j}|dkr$tjn|j|}|rC||S|S(s Encrypt the data and return the ciphertext. @param data: message to encrypt @type data: string @param encoder: function to perform final encoding. Defaults to Base64, use None for no encoding. @type encoder: function @return: ciphertext, by default Base64 encoded @rtype: string @raise NoPrimaryKeyError: if no primary key can be found to encrypt N(R<RRtNoPrimaryKeyErrortEncrypt(Rtdatatencodertencrypting_keyt ciphertext((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRqBs   cCsO|j}|dkr$tjn|r9||}n|}tj||S(s Create an encrypting stream capable of writing a ciphertext byte stream containing Header|IV|Ciph|Sig. @param output_stream: target stream for encrypted output @type output_stream: 'file-like' object @param encoder: the encoding stream to use on the ciphertext stream. Defaults to base64 encoding with no padding or line breaks. Use None for raw bytes. @type encoder: 'file-like' object @return: an encrypting stream capable of creating a ciphertext byte stream @rtype: EncryptingStreamWriter N(R<RRRpRtEncryptingStreamWriter(Rt output_streamRsRttstream((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pytCreateEncryptingStreamWriterXs  ( R6R7R8R=RR R+R,RqtIncrementalBase64WSStreamWriterRy(((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRo-s  tVerifiercBsDeZdZedZdZdZdZddZ RS(sCapable of verifying only.cCsttj|S(s3 Return a Verifier object created from FileReader at given location. @param location: pathname of the directory storing the key files @type location: string @return: a Verifier to manage the keys stored at the given location and perform verify functions. @rtype: L{Verifier} (R{RR/(R0((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRvs cCs|tjkp|tjkS(s)Only valid if purpose includes verifying.(RRQRO(RR ((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR scCsTtj|}t|tkr9tjt|n|j|t |t|S(s= Verifies whether the signature corresponds to the given data. @param data: message that has been signed with sig @type data: string @param sig: Base64 string formatted as Header|Signature @type sig: string @return: True if sig corresponds to data, False otherwise. @rtype: boolean (R+tBase64WSDecodetlent HEADER_SIZERtShortSignatureErrort_Verifier__InternalVerify(RRrtsigt sig_bytes((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pytVerifys cCsYtj|}tj|t\}}||}|j|t |||rQ|SdSdS(s. Verifies the signature in the signed blob corresponds to the data in the signed blob and the provided nonce, and returns the data. @param signed_data: the blob, produced by AttachedSign, containing data and signature. @type signed_data: string @param nonce: Nonce string that was used when the signature was generated. If the provided value doesn't match, verification will fail. @type sig: string @return: If verification succeeds, the extracted data will be returned, otherwise, None @rtype: string N(R+R|tUnpackByteArrayR~RR(Rt signed_datatnoncet decoded_dataRrtoffsett signature((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pytAttachedVerifys  cCs0|j|}|j|tj|t|S(N(R.RR+t PackByteArrayt VERSION_BYTE(RR-RRrRR ((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyt__InternalVerifysN( R6R7R8R=RR RRRR(((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR{ss    tUnversionedVerifiercBs/eZdZedZdZdZRS(s;Capable of verifying unversioned, standard signatures only.cCsttj|S(sB Return a UnversionedVerifier object created from FileReader at given location. @param location: pathname of the directory storing the key files @type location: string @return: a Verifier to manage the keys stored at the given location and perform verify functions. @rtype: L{Verifier} (RRt FileReader(R0((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRs cCs|tjkp|tjkS(s)Only valid if purpose includes verifying.(RRQRO(RR ((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR scCsPtj|}x:|jD]/}|j|}|j||}|rtSqWtS(s Verifies whether the signature corresponds to the given data. This is a stanard signature (i.e. HMAC-SHA1, RSA-SHA1, DSA-SHA1) that contains no version information, so this will try to verify with each key in a keyset. @param data: message that has been signed with sig @type data: string @param sig: Base64 string formatted as Header|Signature @type sig: string @return: True if sig corresponds to data, False otherwise. @rtype: boolean (R+R|RRRR?RA(RRrRRRR tresult((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRs (R6R7R8R=RR R(((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRs tCryptercBsJeZdZedZdZejdZej ej dZ RS(s%Capable of encrypting and decrypting.cCsttj|S(sC Return a Crypter object created from FileReader at given location. @param location: pathname of the directory storing the key files @type location: string @return: a Crypter to manage the keys stored at the given location and perform encryption and decryption functions. @rtype: L{Crypter} (RRR/(R0((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRs cCs |tjkS(s)Only valid if purpose includes decrypting(RRT(RR ((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR scCsb|r||n|}t|tkrBtjt|n|j|t }|j|S(s Decrypts the given ciphertext and returns the plaintext. @param ciphertext: ciphertext to be decrypted - by default is Base64 encoded @type ciphertext: string @param decoder: function to perform decoding. Defaults to Base64, use None for no decoding. @type encoder: function @return: plaintext message @rtype: string @raise ShortCiphertextError: if length is too short to have Header, IV, Sig @raise BadVersionError: if header specifies an illegal version @raise BadFormatError: if header specifies an illegal format @raise KeyNotFoundError: if key specified in header doesn't exist @raise InvalidSignatureError: if the signature can't be verified (R}R~RtShortCiphertextErrorR.tDecrypt(RRutdecodert data_bytesR ((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRs cCs.|r||}n|}tj|||S(s Create a decrypting stream capable of processing a ciphertext byte stream containing Header|IV|Ciph|Sig into plain text. @param output_stream: target stream for decrypted output @type output_stream: 'file-like' object @param decoder: the decoding stream to use on the incoming stream. Defaults to base64 decoding with no padding or line breaks. Use None for handling raw bytes. @type decoder: 'file-like' object @param buffer_size: Suggested buffer size for writing data (will be adjusted to suit the underlying cipher. @type buffer_size: integer @return: a decrypting stream capable of reading a ciphertext byte stream and converting it to plaintext output @rtype: DecryptingStreamReader (RtDecryptingStreamReader(RRwRt buffer_sizeRx((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pytCreateDecryptingStreamReaders( R6R7R8R=RR R+R|RtIncrementalBase64WSStreamReadertDEFAULT_STREAM_BUFF_SIZER(((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRs  tSignercBsDeZdZedZdZdZdZddZ RS(s&Capable of both signing and verifying.cCsttj|S(s6 Return a Signer object created from FileReader at given location. @param location: pathname of the directory storing the key files @type location: string @return: a Signer to manage the keys stored at the given location and perform sign and verify functions. @rtype: L{Signer} (RRR/(R0((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR;s cCs |tjkS(s'Only valid if purpose includes signing.(RRO(RR ((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR IscCs#tj|jj|j|S(s Sign given data and return corresponding signature. For message M, outputs the signature as Header|Sig(Header.M). @param data: message to be signed @type data: string @return: signature on the data encoded as a Base64 string @rtype: string (R+R,R<tHeadert_Signer__InternalSign(RRr((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pytSignMs cCs3tj|jjtj||j||S(s Sign given data and nonce and return a blob containing both data and signature For message M, and nonce N, outputs Header|len(M)|M|Sig(Header|M|N). @param data: message to be signed @type data: string @param nonce: nonce to be included in the signature @type nonce: string @return: signature on the data encoded as a Base64 string @rtype: string (R+R,R<RRR(RRrR((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyt AttachedSign\scCsB|j}|dkr$tjn|j|tj|tS(N(R<RRRpRR+RR(RRrRt signing_key((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyt__InternalSignqs  N( R6R7R8R=RR RRRR(((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR8s    tUnversionedSignercBs/eZdZedZdZdZRS(sCapable of both signing and verifying. This outputs standard signatures (i.e. HMAC-SHA1, DSA-SHA1, RSA-SHA1) that contain no key versioning. cCsttj|S(sF Return an UnversionedSigner object created from FileReader at given location. @param location: pathname of the directory storing the key files @type location: string @return: a Signer to manage the keys stored at the given location and perform sign and verify functions. @rtype: L{Signer} (RRR(R0((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR|s cCs |tjkS(s'Only valid if purpose includes signing.(RRO(RR ((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR scCs:|j}|dkr$tjntj|j|S(s@ Sign given data and return corresponding signature. This signature contains no header or version information. For message M, outputs the signature as Sig(M). @param data: message to be signed @type data: string @return: signature on the data encoded as a Base64 string @rtype: string N(R<RRRpR+R,R(RRrR((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRs  (R6R7R8R=RR R(((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRws it_SessioncBseZdZedZedZedZedZee j dZ edZ edZ edZRS( s A utility object which holds a session key and, optionally, a nonce. This class is only for use by SessionEncrypter, SessionDecrypter, SignedSessionEncrypter, and SignedSessionDecrypter. cCs"tjtjjtjtS(st Constructs and returns a new _Session instance, containing a newly-generated AES key and random nonce. (Rt_Session__CreateRtAesKeytGenerateR+t RandBytestSESSION_NONCE_SIZE(((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pytNewscCstj|}t|dks't|d}|d}tjtj|t|d}tjtj||t|dtj }t j |dS(s Constructs and returns a new _Session instance, initialized with the key data extracted from the provided packed_key_data, which must have been produced by _Session.packed_key. iiiiN( R+tUnpackMultipleByteArraysR}tAssertionErrorRtHmacKeyR,RRtCBCRRR(tpacked_key_datatunpackedt aes_key_bytesthmac_key_bytesthmac_keyt session_key((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyt LoadPackedKeys  %" cCsKtj|}tj|d}tjtjj|tj |dS(s Constructs and returns a new _Session instance, initialized with the key and nonce extracted from the provided json_session_data, which must have been produced by _Session.json. R R( tjsontloadstdumpsRRRRRR+R|(tjson_session_datat json_dicttaes_key_string((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pytLoadJsonSessionscCst}||_||_|S(sf Creates a new _Session instance, with the private fields initialized to the provided values. (Rt_Session__session_keyt_Session__nonce(RRtsession((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyt__Creates   cCsttj|jtjS(s` Returns a Crypter which can be used to encrypt and decrypt data using the session key. (RRtStaticKeyReaderRRRT(R((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pytcrypterscCs|jS(N(R(R((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRscCstj|jj|jjjS(sB Returns the session key data in a compact binary format. (R+tPackMultipleByteArraysRt key_bytesR(R((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyt packed_keyscCs?tjt|j}tji|d6tj|jd6S(s@ Returns the session key data and nonce in Json format. R R(RRR&RRR+R,R(RR((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRs(R6R7R8R=RRRRR;R+tMemoizeRRRR(((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRs  tSessionEncryptercBs/eZdZdZedZdZRS(s An Encrypter that encrypts the data with a generated AES session key. The session key is in turn encrypted with a user-provided Encrypter, producing session_material, which must be provided to the SessionDecrypter to be able to decrypt session-encrypted data. cCs+tj|_|j|jj|_dS(N(RRt_sessionRqRt_encrypted_session_material(RRm((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR!scCs|jS(s Returns the base64-encoded, encrypted session blob that must be provided to the SessionDecrypter in order to decrypt data encrypted by this object. (R(R((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pytsession_materialscCs|jjj|S(sc Encrypts the given plaintext with the session key and returns the base 64-encoded result. (RRRq(Rt plaintext((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRq s(R6R7R8R!R;RRq(((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRs tSessionDecryptercBs eZdZdZdZRS(s A Decrypter that can decrypt data encrypted with a session key, which is obtained by decrypting the provided session_material using the provided Crypter. cCstj|j||_dS(N(RRRR(RRR((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR!scCs|jjj|S(su Decrypts the given base 64-encoded ciphertext with the session key and returns the decrypted plaintext. (RRR(RRu((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRs(R6R7R8R!R(((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRs tSignedSessionEncryptercBs/eZdZdZedZdZRS(s An object that encrypts data with a session key, which is in turn encrypted by the provided encrypter, and signs the data with the provided signer. cCs4tj|_|j|jj|_||_dS(N(RRRRqRRt_signer(RRmtsigner((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR!'scCs|jS(s Returns the base64-encoded, encrypted session blob that must be provided to the SignedSessionDecrypter in order to decrypt data encrypted by this object. (R(R((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR,scCs1|jjj|d}|jj||jjS(N(RRRqRRRR(RRRu((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRq4s(R6R7R8R!R;RRq(((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR!s tSignedSessionDecryptercBs eZdZdZdZRS(sp An object that verifies signatures on and decrypts data signed and encrypted by a SignedSessionEncrypter cCs(tj|j||_||_dS(N(RRRRt _verifier(RRtverifierR((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR!?scCs;|jj||jj}|s%dS|jjj|dS(s Verifies the signature on the given ciphertext and, if successful, decrypts it and returns the decrypted plaintext. If verification fails, returns None. N(RRRRRRR(Rtsigned_ciphertextRu((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyRCs(R6R7R8R!R(((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyR9s (R8RZRgRRRRRRReR+R)Rt KEY_HASH_SIZER~tobjectRR>RoR{RRRRRRRRRR(((s3/usr/lib/python2.7/site-packages/keyczar/keyczar.pyts8           ^FG1M?+R