def rekey(options): """ Interactive target to change the passphrase for the database. """ info("This is an EXTREMELY DANGEROUS activity.") info("Backup your database first.") curr_passphrase = raw_input("Current passphrase: ") crypto_util.configure_crypto_state(curr_passphrase) new_passphrase = raw_input("New passphrase: ") confirm = raw_input("MD5 of passphrase is %s (type \"YES\" to confirm): " % hashlib.md5(new_passphrase).hexdigest()) if confirm != 'YES': raise ValueError("You must enter 'YES' to proceed.") if crypto_util.has_encrypted_data(): confirm = raw_input("There is existing encrypted data in the database. Type 'REKEY' to proceed with re-encryption: ") if confirm != 'REKEY': raise ValueError("You must enter 'REKEY' to proceed.") # Use the same salt as previous key new_key = crypto_util.derive_configured_key(new_passphrase) crypto_util.replace_key(new_key=new_key, force=True) info("Re-encryption completed successfully.") if config.get('debug'): print "The new key is: %s%s" % (binascii.hexlify(new_key.encryption_key), binascii.hexlify(new_key.signing_key))
def initialize(self, **kwargs): form = PassphraseSubmitForm(request_params()) if form.validate(): crypto_util.configure_crypto_state(form.passphrase.data) raise cherrypy.HTTPRedirect("/") else: return render("startup.html", {'form': form})
def setup_crypto_state(): """ Initialize the crypto engine for already-crypto-configured database. """ if config['debug'] and config['debug.secret_key']: crypto_util.load_secret_key_file(config['debug.secret_key']) else: passphrase = raw_input("Database Master Passphrase: ") crypto_util.configure_crypto_state(passphrase)