Example #1
0
def init_crypto(options):
    """
    Interactive target to initialize the database with a new crypto passphrase.
    """
    print "Initializing crypto for an empty database."
    if crypto_util.has_encrypted_data():
        raise BuildFailure("Database has existing encrypted contents; use the 'rekey' target instead.")

    passphrase = raw_input("Passphrase: ")
    print "The database will be initialized with the passphrase between the arrows: --->%s<---" % passphrase
    print "The MD5 of the passphrase you entered is: %s" % hashlib.md5(passphrase).hexdigest()
    
    confirm = raw_input("Type 'YES' to confirm passphrase and MD5 are correct: ")
    if confirm != 'YES':
        raise ValueError("You must enter 'YES' to proceed.")
    
    salt = get_random_bytes(16)
    key = crypto_util.derive_key(passphrase=passphrase, salt=salt)
    crypto_util.initialize_key_metadata(key=key, salt=salt, force_overwrite=False)
    
    print "Database key metadata has been initialized.  Your application is ready for use."
    if config.get('debug'):
        print "The new key is: %s%s" % (binascii.hexlify(key.encryption_key), binascii.hexlify(key.signing_key))

    print "*************************************************************"
    print "IMPORTANT"
    print "Make sure your database master passphrase is stored somewhere"
    print "outside of Ensconce."
    print ""
    print "There is no recovery mechanism for this passphrase (or for "
    print "your database, should you lose it.)"
    print "*************************************************************"    
Example #2
0
 def _set_key(self, encryption_key, signing_key):
     """
     Sets a key on the ephemeral store; this method also takes care of
     setting up the key metadata (otherwise loading mismatched key will fail).
     """
     state.secret_key = None
     key = MasterKey(encryption_key=encryption_key, signing_key=signing_key)
     crypto_util.initialize_key_metadata(key=key, salt=os.urandom(8), force_overwrite=True)
     state.secret_key = key
Example #3
0
 def test_validate_key(self):
     """ Ensure successful key validation . """
     # Unset the global crypto engine state first.
     state.secret_key = None
     
     # Create a new key
     ekey = hashlib.sha256('encrypt').digest()
     skey = hashlib.sha256('sign').digest()
     key = MasterKey(encryption_key=ekey, signing_key=skey)
     
     # Now set new metadata
     util.initialize_key_metadata(key=key, salt=os.urandom(8), force_overwrite=True)
     
     # And then validate it.
     self.assertTrue(util.validate_key(key=key))
Example #4
0
 def test_initialize(self):
     """ Test initiazation of key metadata. """
     ekey = hashlib.sha256('encrypt').digest()
     skey = hashlib.sha256('sign').digest()
     new_key = MasterKey(encryption_key=ekey, signing_key=skey)
     with self.assertRaises(exc.CryptoAlreadyInitialized):
         util.initialize_key_metadata(key=new_key, salt=os.urandom(8))
         
     # Uninitailzie engine
     state.secret_key = None
      
     with self.assertRaises(exc.ExistingKeyMetadata):
         util.initialize_key_metadata(key=new_key, salt=os.urandom(8))
         
     util.initialize_key_metadata(key=new_key, salt=os.urandom(8), force_overwrite=True)
     self.assertTrue(util.validate_key(new_key))
Example #5
0
 def tearDown(self):
     # Remove key_metadata rows so that they can be re-initialized.
     super(EphemeralStateTest, self).tearDown()
     crypto_util.initialize_key_metadata(key=self.SECRET_KEY, salt=os.urandom(8), force_overwrite=True)
Example #6
0
 def tearDown(self):
     # Replace the key_metadata rows in cases test cases have changed this.
     super(KeyValidationTest, self).tearDown()
     util.initialize_key_metadata(key=self.SECRET_KEY, salt=os.urandom(8), force_overwrite=True)