def rekey(options): """ Interactive target to change the passphrase for the database. """ info("This is an EXTREMELY DANGEROUS activity.") info("Backup your database first.") curr_passphrase = raw_input("Current passphrase: ") crypto_util.configure_crypto_state(curr_passphrase) new_passphrase = raw_input("New passphrase: ") confirm = raw_input("MD5 of passphrase is %s (type \"YES\" to confirm): " % hashlib.md5(new_passphrase).hexdigest()) if confirm != 'YES': raise ValueError("You must enter 'YES' to proceed.") if crypto_util.has_encrypted_data(): confirm = raw_input("There is existing encrypted data in the database. Type 'REKEY' to proceed with re-encryption: ") if confirm != 'REKEY': raise ValueError("You must enter 'REKEY' to proceed.") # Use the same salt as previous key new_key = crypto_util.derive_configured_key(new_passphrase) crypto_util.replace_key(new_key=new_key, force=True) info("Re-encryption completed successfully.") if config.get('debug'): print "The new key is: %s%s" % (binascii.hexlify(new_key.encryption_key), binascii.hexlify(new_key.signing_key))
def validate_passphrase(form, field): """ """ try: passphrase = field.data key = crypto_util.derive_configured_key(passphrase) if not crypto_util.validate_key(key): raise ValidationError("Invalid passphrase entered.") except ValidationError: raise except exc.MissingKeyMetadata: log.exception("Missing key metadata.") raise ValidationError("Database crypto has not yet been initialized.") except: log.exception("Error validating passphrase.") raise ValidationError("Error validating passphrase (see server logs).")