Beispiel #1
0
    def open_safe(given_pw: str, dir):
        #	0: read password file
        expected_pw = HashedPassword.read_from_file(
            join(dir, consts.SAFE_PASSWORD_FILE))

        #	1: verify password
        if not hash_utils.verify_password(given_pw, expected_pw):
            raise Exception("incorrect password")

        #	2: get key_hash
        mkey_hashed = hash_utils.hash_for_key(given_pw, expected_pw.kdf_params)
        mkey = Key(conversions.string_to_bytes(mkey_hashed.hash))
        given_pw = ""

        #	4: open encyrpted key file
        with open(join(dir, consts.SAFE_KEY_FILE)) as key_file:
            encrypted_key = key_file.read()

        #	5: decyrpt derived key
        dkey_string = cipher_utils.decrypt_string(encrypted_key, mkey)
        dkey = Key(conversions.string_to_bytes(dkey_string))

        mkey_hashed.destroy()
        mkey.destroy()

        #	6: decrpyt file names to get note names
        notes = Note.load_from_dir(dir, dkey)

        # 	7: return new safe with info
        return Safe(dir, notes, dkey)
Beispiel #2
0
    def generate_and_encrypt(password: str, safe_dir):
        mkey = conversions.string_to_bytes(password)

        dkey_bytes = urandom(consts.MASTER_KEY_LENGTH)
        dkey = conversions.bytes_to_b64string(dkey_bytes)

        enc_dkey = cipher_utils.encrypt_string(dkey, Key(mkey))

        with open(join(safe_dir, consts.SAFE_KEY_FILE), 'w') as key_file:
            key_file.write(enc_dkey)

        return Key(conversions.string_to_bytes(dkey))
Beispiel #3
0
def _get_kdf_instance(kdf_params):
    salt = conversions.string_to_bytes(kdf_params.salt)

    kdf = PBKDF2HMAC(algorithm=hashes.SHA256(),
                     length=kdf_params.output_length,
                     salt=salt,
                     iterations=kdf_params.iterations,
                     backend=default_backend())

    return kdf
Beispiel #4
0
def verify_password(password: str, expected: HashedPassword):
    given_bytes = conversions.string_to_bytes(password)
    expected_bytes = conversions.encoded_string_to_bytes(expected.hash)
    kdf_params = expected.kdf_params

    first_iteration = _hash_bytes(given_bytes, kdf_params)

    # will raise exception if bytes don't match
    _verify_bytes(first_iteration, expected_bytes, kdf_params)

    return True
Beispiel #5
0
def create_verification_hash(password):
    kdf_params = KDFParams.default()

    # double hash because verification
    hash = _hash_bytes(
        _hash_bytes(conversions.string_to_bytes(password), kdf_params),
        kdf_params)
    password = ""

    hash = conversions.bytes_to_b64string(hash)
    return HashedPassword(hash, kdf_params)
Beispiel #6
0
def encrypt_string(plaintext: str, key):
    fernet_key = key.fernet_key()
    plaintext_bytes = conversions.string_to_bytes(plaintext)

    return fernet_key.encrypt(plaintext_bytes).decode()
Beispiel #7
0
def decrypt_string(ciphertext: str, key):
    fernet_key = key.fernet_key()
    ciphertext_bytes = conversions.string_to_bytes(ciphertext)

    return fernet_key.decrypt(ciphertext_bytes).decode()
Beispiel #8
0
def hash_for_key(password, kdf_params):
    hash = _hash_bytes(conversions.string_to_bytes(password), kdf_params)
    password = ""

    hash = conversions.bytes_to_b64string(hash)
    return HashedPassword(hash, kdf_params)