def rekey(options):
"""
Interactive target to change the passphrase for the database.
"""
info("This is an EXTREMELY DANGEROUS activity.")
info("Backup your database first.")
curr_passphrase = raw_input("Current passphrase: ")
crypto_util.configure_crypto_state(curr_passphrase)
new_passphrase = raw_input("New passphrase: ")
confirm = raw_input("MD5 of passphrase is %s (type \"YES\" to confirm): " % hashlib.md5(new_passphrase).hexdigest())
if confirm != 'YES':
raise ValueError("You must enter 'YES' to proceed.")
if crypto_util.has_encrypted_data():
confirm = raw_input("There is existing encrypted data in the database. Type 'REKEY' to proceed with re-encryption: ")
if confirm != 'REKEY':
raise ValueError("You must enter 'REKEY' to proceed.")
# Use the same salt as previous key
new_key = crypto_util.derive_configured_key(new_passphrase)
crypto_util.replace_key(new_key=new_key, force=True)
info("Re-encryption completed successfully.")
if config.get('debug'):
print "The new key is: %s%s" % (binascii.hexlify(new_key.encryption_key), binascii.hexlify(new_key.signing_key))
def initialize(self, **kwargs):
form = PassphraseSubmitForm(request_params())
if form.validate():
crypto_util.configure_crypto_state(form.passphrase.data)
raise cherrypy.HTTPRedirect("/")
else:
return render("startup.html", {'form': form})
def setup_crypto_state():
"""
Initialize the crypto engine for already-crypto-configured database.
"""
if config['debug'] and config['debug.secret_key']:
crypto_util.load_secret_key_file(config['debug.secret_key'])
else:
passphrase = raw_input("Database Master Passphrase: ")
crypto_util.configure_crypto_state(passphrase)