def decrypt_config(server_name, filename):
""" Decrypt password in config. """
if not acmd.util.crypto.is_supported():
error(
"Crypto functions are not supported on this system. Install pycrypto or pycryptodome"
)
return USER_ERROR
config = read_config(filename)
section_name = 'server {}'.format(server_name)
prop = config.get(section_name, PASSWORD_PROP)
if not is_encrypted(prop):
error("Password for server {} is not encrypted".format(server_name))
return USER_ERROR
iv_bytes, key_salt, ciphertext_bytes, = parse_prop(prop)
key_bytes = get_key(key_salt, "Passphrase: ")
assert type(key_bytes) == bytes
plaintext_password, err = decrypt(iv_bytes, key_bytes, ciphertext_bytes)
if err is not None:
error(err)
return USER_ERROR
config.set(section_name, PASSWORD_PROP, plaintext_password)
with open(filename, 'w') as f:
config.write(f)
return OK
def password(self):
if is_encrypted(self._password):
passphrase = getpass.getpass("Passphrase: ")
iv, salt, ciphertext = parse_prop(self._password)
key = make_key(salt, passphrase)
plaintext_password, err = decrypt(iv, key, ciphertext)
if err is not None:
raise Exception(err)
self._password = plaintext_password
return self._password
def password(self):
if is_encrypted(self._password):
passphrase = getpass.getpass("Passphrase: ")
iv, salt, ciphertext = parse_prop(self._password)
key = make_key(salt, passphrase)
formatted_password = decrypt(iv, key, ciphertext)
if formatted_password[0] != '[' or formatted_password[-1] != ']':
raise Exception("Incorrect passphrase")
plaintext_password = formatted_password[1:-1]
self._password = plaintext_password
return self._password
def test_prop_save():
iv = b'1234123412341234'
salt = b'0123456789abcdef'
eq_(IV_BLOCK_SIZE, len(iv))
ciphertext = b"ciphertext"
prop = encode_prop(iv, salt, ciphertext)
eq_('{MTIzNDEyMzQxMjM0MTIzNDAxMjM0NTY3ODlhYmNkZWZjaXBoZXJ0ZXh0}', prop)
new_iv, new_salt, new_pass, = parse_prop(prop)
eq_(ciphertext, new_pass)
eq_(iv, new_iv)
eq_(salt, new_salt)
def decrypt_config(server_name, filename):
""" Decrypt password in config. """
config = read_config(filename)
section_name = 'server {}'.format(server_name)
prop = config.get(section_name, PASSWORD_PROP)
if not is_encrypted(prop):
error("Password for server {} is not encrypted".format(server_name))
return USER_ERROR
iv_bytes, key_salt, ciphertext_bytes, = parse_prop(prop)
key_bytes = get_key(key_salt, "Passphrase: ")
assert type(key_bytes) == bytes
msg = decrypt(iv_bytes, key_bytes, ciphertext_bytes)
if msg[0] != '[' or msg[-1] != ']':
error("Passphrase incorrect")
return USER_ERROR
plaintext_password = msg[1:-1]
config.set(section_name, PASSWORD_PROP, plaintext_password)
with open(filename, 'w') as f:
config.write(f)
return OK