def test_derive_key(self):
""" Test the key deriviation routines. """
salt = os.urandom(8)
key = util.derive_key("password", salt)
self.assertEquals(32, len(key.encryption_key))
self.assertEquals(32, len(key.signing_key))
with self.assertRaises(ValueError):
util.derive_key("password", salt[:4])
key2 = util.derive_key("password", os.urandom(8))
self.assertNotEqual(key, key2)
def init_crypto(options):
"""
Interactive target to initialize the database with a new crypto passphrase.
"""
print "Initializing crypto for an empty database."
if crypto_util.has_encrypted_data():
raise BuildFailure("Database has existing encrypted contents; use the 'rekey' target instead.")
passphrase = raw_input("Passphrase: ")
print "The database will be initialized with the passphrase between the arrows: --->%s<---" % passphrase
print "The MD5 of the passphrase you entered is: %s" % hashlib.md5(passphrase).hexdigest()
confirm = raw_input("Type 'YES' to confirm passphrase and MD5 are correct: ")
if confirm != 'YES':
raise ValueError("You must enter 'YES' to proceed.")
salt = get_random_bytes(16)
key = crypto_util.derive_key(passphrase=passphrase, salt=salt)
crypto_util.initialize_key_metadata(key=key, salt=salt, force_overwrite=False)
print "Database key metadata has been initialized. Your application is ready for use."
if config.get('debug'):
print "The new key is: %s%s" % (binascii.hexlify(key.encryption_key), binascii.hexlify(key.signing_key))
print "*************************************************************"
print "IMPORTANT"
print "Make sure your database master passphrase is stored somewhere"
print "outside of Ensconce."
print ""
print "There is no recovery mechanism for this passphrase (or for "
print "your database, should you lose it.)"
print "*************************************************************"
