DB Encryption Python

#!/bin/python
# I use this to secure the AIDE database. When run with: -d <passphrase> /var/lib/aide.db.gz.enc
# it will decrypt the database, run aide and then re-encrypt the DB.
# for first setup do: -e <passphrase> <path to database>.


from Crypto.Cipher import AES
from subprocess import call
import base64
import os, sys, random, struct, hashlib,md5

def usage():
    print "Encryption"
    print ""
    print "___________________________________"
    print "|  Aide database encryption tool  |"
    print "___________________________________"
    print "\n Usage: " + sys.argv[0] + " <options> <passkey> <filename> \n"
    print "Options:"
    print "     -e: encrypt a file, output encrypted file as <filename>.enc "
    print "     -d: decrypt a file. Takes a .enc file and decrypts it"

def run_aide():
        try:
            call(["aide"])
            return
        except:
            print "Aide failed to run"
            sys.exit(2)

def encrypt_file(key, in_filename, out_filename=None, chunksize=64*1024):
    #key = sys.argv[2]
    if not out_filename:
        out_filename = in_filename + '.enc'
    try:
        iv = ''.join(chr(random.randint(0, 0xFF)) for i in range(16))
        encryptor = AES.new(key, AES.MODE_CBC, iv)
        filesize = os.path.getsize(in_filename)
        with open(in_filename, 'rb') as infile:
            with open(out_filename, 'wb') as outfile:
                outfile.write(struct.pack('<Q', filesize))
                outfile.write(iv)
                while True:
                    chunk = infile.read(chunksize)
                    if len(chunk) == 0:
                        break
                    elif len(chunk) % 16 != 0:
                        chunk += ' ' * (16 - len(chunk) % 16)
                    outfile.write(encryptor.encrypt(chunk))
        os.remove(in_filename)
    except:
        print "File Encryption Failed"
        sys.exit(2)


def decrypt_file(key, in_filename, out_filename=None, chunksize=24*1024):
    #key = sys.argv[2]
    if not out_filename:
        out_filename = os.path.splitext(in_filename)[0]

    with open(in_filename, 'rb') as infile:
        origsize = struct.unpack('<Q', infile.read(struct.calcsize('Q')))[0]
        iv = infile.read(16)
        decryptor = AES.new(key, AES.MODE_CBC, iv)

        with open(out_filename, 'wb') as outfile:
            while True:
                chunk = infile.read(chunksize)
                if len(chunk) == 0:
                    break
                outfile.write(decryptor.decrypt(chunk))
            outfile.truncate(origsize)
    try:
        call(["gzip", "-lq" , out_filename])
        print out_filename
        os.remove(in_filename)
        run_aide()
        encrypt_file(key, out_filename)
        return
    except:
        print "incorrect passphrase"
        sys.exit(2)


def check_user_input():
    if len (sys.argv) == 1:
        usage()
        sys.exit(2)
    else:
        return

def check_infile():
    input_file = sys.argv[3]
    if os.path.isfile(input_file) == True:
        return
    else:
        print "File does not exist"
        sys.exit(2)

if __name__ == '__main__':

    decider = sys.argv[1]
    if decider == "-e":
        # md5 hases the passkey to ensure 16 byte length
        keys = sys.argv[2]
        m = md5.new()
        m.update(keys)
        key = m.hexdigest()
        # end md5 conversion
        check_user_input()
        check_infile()
        input_file = sys.argv[3]
        #print "encrypting"
        encrypt_file(key,input_file)
    if decider == "-d":
         # md5 hashes the passkey to ensure 16 byte length
        keys = sys.argv[2]
        m = md5.new()
        m.update(keys)
        key = m.hexdigest()
        # end md5 conversion
        check_user_input()
        check_infile()
        input_file = sys.argv[3]
        #print "decrypting"
        decrypt_file(key,input_file)
        #run_aide()