id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 19980 Signer broken when SECRET_KEY contains non-ASCII bytes Vincent Driessen MattBlack "This happens on Django 1.5 only. When the `SECRET_KEY` setting contains non-ASCII bytes (which is very likely for randomly generated keys), the following code breaks {{{#!python from django.conf import settings from django.core.signing import Signer settings.SECRET_KEY = b'\xe7' # binary key with non-ASCII chars s = Signer() print(s.sign('foo')) }}} Relevant stack trace: {{{#!text Traceback (most recent call last): File ""minimal_example.py"", line 7, in s.sign('foo') File ""/Users/nvie/.virtualenvs/foo/lib/python2.7/site-packages/django/core/signing.py"", line 175, in sign return str('%s%s%s') % (value, self.sep, self.signature(value)) File ""/Users/nvie/.virtualenvs/foo/lib/python2.7/site-packages/django/core/signing.py"", line 169, in signature signature = base64_hmac(self.salt + 'signer', value, self.key) File ""/Users/nvie/.virtualenvs/foo/lib/python2.7/site-packages/django/core/signing.py"", line 75, in base64_hmac return b64_encode(salted_hmac(salt, value, key).digest()) File ""/Users/nvie/.virtualenvs/foo/lib/python2.7/site-packages/django/utils/crypto.py"", line 48, in salted_hmac key = hashlib.sha1((key_salt + secret).encode('utf-8')).digest() UnicodeDecodeError: 'ascii' codec can't decode byte 0xe7 in position 0: ordinal not in range(128) }}} This is due to the fact that unicode and bytes are concatenated and, as a result, the bytes are implicitly decoded, which is an invalid operation, hence the UnicodeDecodeError. The error, thus, is perfectly valid. I think the source of the bug is that, internally, the `Signer` works with text-based keys, salts and values, where it should work with byte streams instead." Bug closed Core (Other) 1.5 Normal fixed signer Accepted 1 0 0 0 0 0