Add _get_digest to CryptoEngine,

Add testing too

pwman/tests/test_crypto_engine.py

@@ -34,4 +34,11 @@ class CryptoEngineTest(unittest.TestCase):
 
     def test_d_get_crypto(self):
         ce = CryptoEngine.get()
-        secret = ce.changepassword(reader=give_key)
+        secret2 = ce.changepassword(reader=give_key)
+        secret1 = ce.changepassword(reader=give_key)
+        # althouth the same secret key is used,
+        # the secret hash is not the same, because a
+        # different random seed is used when calling
+        # CryptoEngine._get_digest
+        self.assertNotEqual(secret1, secret2)
+

pwman/util/crypto_engine.py

@@ -193,7 +193,7 @@ class CryptoEngine(object):  # pagma: no cover
         """
         salt = base64.b64encode(os.urandom(32))
         passwd = reader("Please type in the secret key:")
-        key = get_digest(passwd, salt)
+        key = self._get_digest(passwd, salt)
         hpk = salt+'$6$'.encode('utf8')+binascii.hexlify(key)
         return hpk.decode('utf-8')
 
@@ -201,6 +201,13 @@ class CryptoEngine(object):  # pagma: no cover
         self._keycrypted = self._create_password(reader=reader)
         return self._keycrypted
 
+    def _get_digest(self, password, salt):
+        """
+        Get a digest based on clear text password
+        """
+        iterations = 5000
+        return PBKDF2(password, salt, dkLen=32, count=iterations)
+
     def __init__(self, keycrypted=None, algorithm='AES', timeout=-1):
         """
         Initialise the Cryptographic Engine