def rekey(options):
"""
Interactive target to change the passphrase for the database.
"""
info("This is an EXTREMELY DANGEROUS activity.")
info("Backup your database first.")
curr_passphrase = raw_input("Current passphrase: ")
crypto_util.configure_crypto_state(curr_passphrase)
new_passphrase = raw_input("New passphrase: ")
confirm = raw_input("MD5 of passphrase is %s (type \"YES\" to confirm): " % hashlib.md5(new_passphrase).hexdigest())
if confirm != 'YES':
raise ValueError("You must enter 'YES' to proceed.")
if crypto_util.has_encrypted_data():
confirm = raw_input("There is existing encrypted data in the database. Type 'REKEY' to proceed with re-encryption: ")
if confirm != 'REKEY':
raise ValueError("You must enter 'REKEY' to proceed.")
# Use the same salt as previous key
new_key = crypto_util.derive_configured_key(new_passphrase)
crypto_util.replace_key(new_key=new_key, force=True)
info("Re-encryption completed successfully.")
if config.get('debug'):
print "The new key is: %s%s" % (binascii.hexlify(new_key.encryption_key), binascii.hexlify(new_key.signing_key))
def validate_passphrase(form, field):
"""
"""
try:
passphrase = field.data
key = crypto_util.derive_configured_key(passphrase)
if not crypto_util.validate_key(key):
raise ValidationError("Invalid passphrase entered.")
except ValidationError:
raise
except exc.MissingKeyMetadata:
log.exception("Missing key metadata.")
raise ValidationError("Database crypto has not yet been initialized.")
except:
log.exception("Error validating passphrase.")
raise ValidationError("Error validating passphrase (see server logs).")
