def decrypt_config(server_name, filename): """ Decrypt password in config. """ if not acmd.util.crypto.is_supported(): error( "Crypto functions are not supported on this system. Install pycrypto or pycryptodome" ) return USER_ERROR config = read_config(filename) section_name = 'server {}'.format(server_name) prop = config.get(section_name, PASSWORD_PROP) if not is_encrypted(prop): error("Password for server {} is not encrypted".format(server_name)) return USER_ERROR iv_bytes, key_salt, ciphertext_bytes, = parse_prop(prop) key_bytes = get_key(key_salt, "Passphrase: ") assert type(key_bytes) == bytes plaintext_password, err = decrypt(iv_bytes, key_bytes, ciphertext_bytes) if err is not None: error(err) return USER_ERROR config.set(section_name, PASSWORD_PROP, plaintext_password) with open(filename, 'w') as f: config.write(f) return OK
def password(self): if is_encrypted(self._password): passphrase = getpass.getpass("Passphrase: ") iv, salt, ciphertext = parse_prop(self._password) key = make_key(salt, passphrase) plaintext_password, err = decrypt(iv, key, ciphertext) if err is not None: raise Exception(err) self._password = plaintext_password return self._password
def password(self): if is_encrypted(self._password): passphrase = getpass.getpass("Passphrase: ") iv, salt, ciphertext = parse_prop(self._password) key = make_key(salt, passphrase) formatted_password = decrypt(iv, key, ciphertext) if formatted_password[0] != '[' or formatted_password[-1] != ']': raise Exception("Incorrect passphrase") plaintext_password = formatted_password[1:-1] self._password = plaintext_password return self._password
def test_prop_save(): iv = b'1234123412341234' salt = b'0123456789abcdef' eq_(IV_BLOCK_SIZE, len(iv)) ciphertext = b"ciphertext" prop = encode_prop(iv, salt, ciphertext) eq_('{MTIzNDEyMzQxMjM0MTIzNDAxMjM0NTY3ODlhYmNkZWZjaXBoZXJ0ZXh0}', prop) new_iv, new_salt, new_pass, = parse_prop(prop) eq_(ciphertext, new_pass) eq_(iv, new_iv) eq_(salt, new_salt)
def decrypt_config(server_name, filename): """ Decrypt password in config. """ config = read_config(filename) section_name = 'server {}'.format(server_name) prop = config.get(section_name, PASSWORD_PROP) if not is_encrypted(prop): error("Password for server {} is not encrypted".format(server_name)) return USER_ERROR iv_bytes, key_salt, ciphertext_bytes, = parse_prop(prop) key_bytes = get_key(key_salt, "Passphrase: ") assert type(key_bytes) == bytes msg = decrypt(iv_bytes, key_bytes, ciphertext_bytes) if msg[0] != '[' or msg[-1] != ']': error("Passphrase incorrect") return USER_ERROR plaintext_password = msg[1:-1] config.set(section_name, PASSWORD_PROP, plaintext_password) with open(filename, 'w') as f: config.write(f) return OK