Add support for encrypted data bag items

[kamilbednarz]

Hello,

I noticed there is no support for interaction with encrypted data bag items so I created one, I hope you will like it.

It's based on the m2crypto package (python wrapper over openssl) - AFAIK it's available as a system package for most of the popular distributions (RedHat - https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/m2crypto.html, Ubuntu - http://packages.ubuntu.com/pl/lucid/python-m2crypto) so it should not be a problem to create such a dependency.

The pull request contains some specs, I also tested the interaction with OpsCode's knife and it works just great!

Please notice there is no support for Chef encryption in legacy version 0, since it uses some custom ruby-based keygen implementation for encryption (http://apidock.com/ruby/v1_9_2_180/OpenSSL/Cipher/pkcs5_keyivgen) and I couldn't find a Python equivalent. Version 0 is also deprecated/disabled in Chef 11 according to this article http://docs.opscode.com/chef/essentials_data_bags.html so it shouldn't be a big problem and I guess the feature is still very useful.

Please let me know if you have any questions or concerns.

Best regards from Poland,
Kamil Bednarz

Please let me know if you

[kamilbednarz]

I see Travis fails after adding M2Crypto - probably it would make sense to create a travis.yml file and put there a python-m2crypto package installation (in the before_install section).

[coderanger]

Hmm, not sure I want to merge this. Please use ctypes to access the needed OpenSSL functionality as I do with all other crypto. This keeps dependencies to a minimum (it has none other than Python and libopenssl) and reduces the chance of an intermediary library getting things wrong. Closing this as is, please feel free to reopen with the m2crypto usage removed.

[kamilbednarz]

Sure, will do, it makes sense.