def decrypt_config(server_name, filename):
""" Decrypt password in config. """
if not acmd.util.crypto.is_supported():
error(
"Crypto functions are not supported on this system. Install pycrypto or pycryptodome"
)
return USER_ERROR
config = read_config(filename)
section_name = 'server {}'.format(server_name)
prop = config.get(section_name, PASSWORD_PROP)
if not is_encrypted(prop):
error("Password for server {} is not encrypted".format(server_name))
return USER_ERROR
iv_bytes, key_salt, ciphertext_bytes, = parse_prop(prop)
key_bytes = get_key(key_salt, "Passphrase: ")
assert type(key_bytes) == bytes
plaintext_password, err = decrypt(iv_bytes, key_bytes, ciphertext_bytes)
if err is not None:
error(err)
return USER_ERROR
config.set(section_name, PASSWORD_PROP, plaintext_password)
with open(filename, 'w') as f:
config.write(f)
return OK
def test_encrypt_decrypt_str():
iv = b'This is an IV456'
msg = "Hello Wörld"
key = b'Some kind of key'
ciphertext = encrypt_str(iv, key, msg)
eq_(b'I\xaaL/\t?6\xa7\x07\xbb.2', ciphertext)
new_msg = decrypt(iv, key, ciphertext)
eq_(msg, new_msg)
def password(self):
if is_encrypted(self._password):
passphrase = getpass.getpass("Passphrase: ")
iv, salt, ciphertext = parse_prop(self._password)
key = make_key(salt, passphrase)
plaintext_password, err = decrypt(iv, key, ciphertext)
if err is not None:
raise Exception(err)
self._password = plaintext_password
return self._password
def test_encrypt_decrypt_str():
iv = b'This is an IV456'
msg = "Hello Wörld"
key = b'Some kind of key'
ciphertext = encrypt_str(iv, key, msg)
eq_(b'Z\xa7\xdce\xd9]\x9b\x02?\x12\xe0\x95\xf6\\', ciphertext)
new_msg, err = decrypt(iv, key, ciphertext)
eq_(msg, new_msg)
def password(self):
if is_encrypted(self._password):
passphrase = getpass.getpass("Passphrase: ")
iv, salt, ciphertext = parse_prop(self._password)
key = make_key(salt, passphrase)
formatted_password = decrypt(iv, key, ciphertext)
if formatted_password[0] != '[' or formatted_password[-1] != ']':
raise Exception("Incorrect passphrase")
plaintext_password = formatted_password[1:-1]
self._password = plaintext_password
return self._password
def decrypt_config(server_name, filename):
""" Decrypt password in config. """
config = read_config(filename)
section_name = 'server {}'.format(server_name)
prop = config.get(section_name, PASSWORD_PROP)
if not is_encrypted(prop):
error("Password for server {} is not encrypted".format(server_name))
return USER_ERROR
iv_bytes, key_salt, ciphertext_bytes, = parse_prop(prop)
key_bytes = get_key(key_salt, "Passphrase: ")
assert type(key_bytes) == bytes
msg = decrypt(iv_bytes, key_bytes, ciphertext_bytes)
if msg[0] != '[' or msg[-1] != ']':
error("Passphrase incorrect")
return USER_ERROR
plaintext_password = msg[1:-1]
config.set(section_name, PASSWORD_PROP, plaintext_password)
with open(filename, 'w') as f:
config.write(f)
return OK