def test_bad_version(self):
# test incorrect version of Fernet 0x91
key = Fernet.generate_key()
fernet = Fernet(key)
ct = fernet.encrypt('Secret message!')
ct = list(base64.urlsafe_b64decode(ct)) # decode ciphertext
ct[0] = b'\x00' # change version
ct = ''.join(ct)
ct = base64.urlsafe_b64encode(ct) # encode ciphertext
with pytest.raises(InvalidToken) as e:
fernet.decrypt(ct)
def test_Functionality_extensive(self):
# extensively test the decrpytion(encryption(msg)) == msg
key = Fernet.generate_key()
fernet = Fernet(key)
# decrypt(encrypt(msg)) == msg
for i in xrange(100):
for l in range(20):
msg = os.urandom(l)
assert fernet.decrypt(fernet.encrypt(msg)) == msg
def decrypt(filename, key):
print("Decrypting...")
f = Fernet(key)
with open(filename, "rb") as fr:
# read the encrypted data
encrypted_data = fr.read()
# decrypt data
decrypted_data = f.decrypt(encrypted_data)
# write the original file
with open(filename, "wb") as fl:
fl.write(decrypted_data)
print("Finished")
sys.exit()
def test_fernet():
current_time = int(time.time())
iv = os.urandom(16)
from cryptography.fernet import Fernet as CFernet
salt = os.urandom(16)
key = pbkdf2_hmac('sha256', b"password", salt, 100000, dklen=32)
ckey = base64.urlsafe_b64encode(key)
cfernet = CFernet(ckey)
ccipher = cfernet._encrypt_from_parts(b"Secret message!", current_time, iv)
fernet = Fernet(ckey)
cipher = fernet._encrypt_from_parts(b"Secret message!", current_time, iv)
assert cipher == ccipher
ctext = cfernet.decrypt(ccipher)
text = fernet.decrypt(cipher)
assert ctext == text
class Fernet2(object):
def __init__(self, key, backend=None):
if backend is None:
backend = default_backend()
# initialize a fernet object
self._f = Fernet(key, backend=backend)
key = base64.urlsafe_b64decode(key)
if len(key) != 32:
raise ValueError(
"Fernet2 key must be 32 url-safe base64-encoded bytes.")
h0 = HMAC(key, hashes.SHA256(), backend=backend)
h1 = HMAC(key, hashes.SHA256(), backend=backend)
#
h0.update(b"0")
h1.update(b"1")
k0 = h0.finalize()[:16]
k1 = h1.finalize()[:16]
self._signing_key = k0
self._encryption_key = k1
self._backend = backend
@classmethod
def generate_key(cls):
return base64.urlsafe_b64encode(os.urandom(32))
def encrypt(self, data, adata=""):
# removed current time
iv = os.urandom(16)
return self._encrypt_from_parts(data, iv, adata)
def _encrypt_from_parts(self, data, iv, adata=""):
if not isinstance(data, bytes):
raise TypeError("data must be bytes.")
padder = padding.PKCS7(algorithms.AES.block_size).padder()
padded_data = padder.update(data) + padder.finalize()
encryptor = Cipher(algorithms.AES(self._encryption_key), modes.CBC(iv),
self._backend).encryptor()
# ctx = AES( iv || msg )
ctx = encryptor.update(padded_data) + encryptor.finalize()
basic_parts = (b"\x81" + iv + ctx)
# print(str(len(basic_parts)), "basic_parts_len == ", basic_parts)
# print("iv = " + str(len(iv)), iv)
# print(str(len(ctx)), "ctx == ", ctx)
# print("adata == " , len(adata), adata)
h = HMAC(self._signing_key, hashes.SHA256(), backend=self._backend)
h.update(basic_parts + adata)
# tag = HMAC( 0x81 || iv || ctx )
tag = h.finalize()
# print("tag = " , len(tag))
return base64.urlsafe_b64encode(basic_parts + tag)
def decrypt(self, token, ttl=None, adata=""):
if not isinstance(token, bytes):
raise TypeError("token must be bytes.")
# print("token = ", token)
try:
data = base64.urlsafe_b64decode(token)
except (TypeError, binascii.Error):
raise InvalidToken
# print("data = ", data)
if not data or six.indexbytes(data, 0) == 0x80:
print("80 version\n")
# TODO: if 80:
try:
msg = self._f.decrypt(token, ttl)
return msg
except:
raise InvalidToken
elif not data or six.indexbytes(data, 0) == 0x81:
# print("81 version\n")
############ VERIFYING adata
# print("data = " + str(len(data)), data)
h = HMAC(self._signing_key, hashes.SHA256(), backend=self._backend)
basic_parts = data[:-32]
basic_adata = basic_parts + bytes(adata)
# print("==================", base64.urlsafe_b64decode(base64.urlsafe_b64encode(adata)))
h.update(basic_adata)
# print("basic_parts_len = " + str(len(basic_parts)), basic_parts)
# print("basic_adata = " + str(len(basic_adata)), basic_adata)
# print("adata = " , len(adata), adata)
try:
h.verify(data[-32:])
except InvalidSignature:
raise InvalidToken
################ signature stuff from fernet.py
# h = HMAC(self._signing_key, hashes.SHA256(), backend=self._backend)
# h.update(data[:-32]) # get everything from data except for last 32 bytes
# # print(h.update(data[:-32]))
# try:
# # verifying signature with the last 32 bytes
# h.verify(data[-32:])
# except InvalidSignature:
# raise InvalidToken
################ END-OF signature stuff from fernet.py
# iv = data[9:25]
iv = data[1:17]
# print("iv == " + str(len(iv)), iv)
# find out associated data in data
# try satement, if adata_to_get = adata
ciphertext = data[17:-32]
decryptor = Cipher(algorithms.AES(self._encryption_key),
modes.CBC(iv), self._backend).decryptor()
plaintext_padded = decryptor.update(ciphertext)
try:
plaintext_padded += decryptor.finalize()
except ValueError:
raise InvalidToken
unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder()
unpadded = unpadder.update(plaintext_padded)
try:
unpadded += unpadder.finalize()
except ValueError:
raise InvalidToken
return unpadded
else:
raise InvalidToken
def decryptMessage(data, key):
f = Fernet(key)
return f.decrypt(data).decode()
class Fernet2(object):
def __init__(self, key, backend=None):
if backend is None:
backend = default_backend()
# initialize a fernet object
self._f = Fernet(key, backend=backend)
key = base64.urlsafe_b64decode(key)
if len(key) != 32:
raise ValueError(
"Fernet2 key must be 32 url-safe base64-encoded bytes."
)
h0 = HMAC(key, hashes.SHA256(), backend=backend)
h1 = HMAC(key, hashes.SHA256(), backend=backend)
#
h0 .update(b"0")
h1 .update(b"1")
k0 = h0.finalize()[:16]
k1 = h1.finalize()[:16]
self._signing_key = k0
self._encryption_key = k1
self._backend = backend
@classmethod
def generate_key(cls):
return base64.urlsafe_b64encode(os.urandom(32))
def encrypt(self, data, adata=""):
# removed current time
iv = os.urandom(16)
return self._encrypt_from_parts(data, iv, adata)
def _encrypt_from_parts(self, data, iv, adata=""):
if not isinstance(data, bytes):
raise TypeError("data must be bytes.")
padder = padding.PKCS7(algorithms.AES.block_size).padder()
padded_data = padder.update(data) + padder.finalize()
encryptor = Cipher(
algorithms.AES(self._encryption_key), modes.CBC(iv), self._backend
).encryptor()
# ctx = AES( iv || msg )
ctx = encryptor.update(padded_data) + encryptor.finalize()
basic_parts = (
b"\x81" + iv + ctx
)
# print(str(len(basic_parts)), "basic_parts_len == ", basic_parts)
# print("iv = " + str(len(iv)), iv)
# print(str(len(ctx)), "ctx == ", ctx)
# print("adata == " , len(adata), adata)
h = HMAC(self._signing_key, hashes.SHA256(), backend=self._backend)
h.update(basic_parts+adata)
# tag = HMAC( 0x81 || iv || ctx )
tag = h.finalize()
# print("tag = " , len(tag))
return base64.urlsafe_b64encode( basic_parts + tag)
def decrypt(self, token, ttl=None, adata=""):
if not isinstance(token, bytes):
raise TypeError("token must be bytes.")
# print("token = ", token)
try:
data = base64.urlsafe_b64decode(token)
except (TypeError, binascii.Error):
raise InvalidToken
# print("data = ", data)
if not data or six.indexbytes(data, 0) == 0x80:
print("80 version\n")
# TODO: if 80:
try:
msg = self._f.decrypt(token, ttl)
return msg
except:
raise InvalidToken
elif not data or six.indexbytes(data, 0) == 0x81:
# print("81 version\n")
############ VERIFYING adata
# print("data = " + str(len(data)), data)
h = HMAC(self._signing_key, hashes.SHA256(), backend=self._backend)
basic_parts = data[:-32]
basic_adata = basic_parts + bytes(adata)
# print("==================", base64.urlsafe_b64decode(base64.urlsafe_b64encode(adata)))
h.update(basic_adata)
# print("basic_parts_len = " + str(len(basic_parts)), basic_parts)
# print("basic_adata = " + str(len(basic_adata)), basic_adata)
# print("adata = " , len(adata), adata)
try:
h.verify(data[-32:])
except InvalidSignature:
raise InvalidToken
################ signature stuff from fernet.py
# h = HMAC(self._signing_key, hashes.SHA256(), backend=self._backend)
# h.update(data[:-32]) # get everything from data except for last 32 bytes
# # print(h.update(data[:-32]))
# try:
# # verifying signature with the last 32 bytes
# h.verify(data[-32:])
# except InvalidSignature:
# raise InvalidToken
################ END-OF signature stuff from fernet.py
# iv = data[9:25]
iv = data[1:17]
# print("iv == " + str(len(iv)), iv)
# find out associated data in data
# try satement, if adata_to_get = adata
ciphertext = data[17:-32]
decryptor = Cipher(
algorithms.AES(self._encryption_key), modes.CBC(iv), self._backend
).decryptor()
plaintext_padded = decryptor.update(ciphertext)
try:
plaintext_padded += decryptor.finalize()
except ValueError:
raise InvalidToken
unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder()
unpadded = unpadder.update(plaintext_padded)
try:
unpadded += unpadder.finalize()
except ValueError:
raise InvalidToken
return unpadded
else:
raise InvalidToken
def decrypt():
file = open('encrypted.txt', 'rb')
encrypted = file.read()
f = Fernet(key)
decrypted = f.decrypt(encrypted)
print(decrypted.decode('utf-8'))
# @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
with open("../challenge/0/0", "r") as f:
s = f.readlines()[0]
# print(s[0])
s = s[::-1]
print(s)
s_overall.append("2") # bit or byte
# @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
f = Fernet(b'LgCqSwV-aldTQzgqrF3ndMe4qG30KtTj-hUZ_PblzMI=') # from notes.txt
with open("../challenge/1/1", "r") as fi:
s = fi.readlines()[0]
s = f.decrypt(s.encode())
print(str(s))
s_overall.append("9") # mimikatz
# @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
with open("../challenge/2/2", "r") as fi:
s = fi.readlines()[0]
s = s.strip().encode()
with open("../challenge/2/keys", "r") as fi:
for key in fi.readlines():
key = key.strip().encode()
try:
f = Fernet(key)
s = f.decrypt(s)
break
class Fernet2(object):
def __init__(self, key, backend=None):
if backend is None:
backend = default_backend()
try:
self._fernet1 = Fernet(key, backend)
except ValueError:
self._fernet1 = None
self._backend = backend
key = base64.urlsafe_b64decode(key)
hkey = hkdf.HKDF(algorithm=hashes.SHA256(), length=32,
salt='0'*16, info='', backend=backend)
stretched_key = hkey.derive(key)
self._signing_key, self._encryption_key = stretched_key[:16], stretched_key[16:]
def SHA256hmac(self, key, data, sig=''):
h = hmac.HMAC(key, hashes.SHA256(), backend=self._backend)
h.update(data)
if len(sig)>0:
try:
return h.verify(sig)
except Exception as e:
raise e
else:
return h.finalize()
def _prf_hmac(self, key, data):
out = self.SHA256hmac(key, data)
while len(out)<len(data):
out += self.SHA256hmac(key, out)
return out[:len(data)]
@classmethod
def generate_key(cls):
return base64.urlsafe_b64encode(os.urandom(32))
def encrypt(self, data, associated_data=''):
iv = os.urandom(16)
return self._encrypt_from_parts(data, associated_data, iv)
def _encrypt_from_parts(self, data, associated_data, iv):
if not isinstance(data, bytes):
raise TypeError("data must be bytes.")
padder = padding.PKCS7(algorithms.AES.block_size).padder()
padded_data = padder.update(data) + padder.finalize()
encryptor = Cipher(
algorithms.AES(self._encryption_key), modes.CBC(iv), self._backend
).encryptor()
ciphertext = encryptor.update(padded_data) + encryptor.finalize()
# MAC: version || ad || iv || ctx
basic_parts = (
b"\x81" + bytes(associated_data) + iv + ciphertext
)
tag = self.SHA256hmac(self._signing_key, basic_parts)
# return: version || iv || ctx || tag
return base64.urlsafe_b64encode(b"\x81" + iv + ciphertext + tag)
def decrypt(self, ctxt, ttl=None, associated_data=''):
if not isinstance(ctxt, bytes):
raise TypeError("ctxt must be bytes.")
try:
data = base64.urlsafe_b64decode(ctxt)
except (TypeError, binascii.Error):
raise InvalidToken
if not data:
raise InvalidToken
# return: version || iv || ctx || tag
if six.indexbytes(data, 0) == 0x80:
# This is a Fernet1 (old version) ctx, handle accordingly
try:
msg = self._fernet1.decrypt(ctxt, ttl=ttl)
except Exception:
raise InvalidToken
return msg
elif six.indexbytes(data, 0) != 0x81:
raise InvalidToken
assert not debug or not ttl, "You are calling new fernet with ttl values."
# First, verify the tag
basic_parts = (
b"\x81" + bytes(associated_data) + data[1:-32]
)
try:
self.SHA256hmac(self._signing_key, basic_parts, sig=data[-32:])
except InvalidSignature:
raise InvalidToken
# Now decrypt the text
# version (1-byte) || iv (16-byte) || ctx || tag (32-byte)
iv = data[1:17]
ciphertext = data[17:-32]
decryptor = Cipher(
algorithms.AES(self._encryption_key), modes.CBC(iv), self._backend
).decryptor()
plaintext_padded = decryptor.update(ciphertext)
try:
plaintext_padded += decryptor.finalize()
except ValueError:
raise InvalidToken
unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder()
unpadded = unpadder.update(plaintext_padded)
try:
unpadded += unpadder.finalize()
except ValueError:
raise InvalidToken
return unpadded
def decrypt(txt):
txt = base64.urlsafe_b64decode(txt)
cipher_suite = Fernet(settings.ENCRYPT_KEY)
decoded_text = cipher_suite.decrypt(txt).decode("ascii")
return decoded_text
class ProjectConfig:
"""
Read and write XML on profiles. Represents a database connection configuration.
"""
SAVE_VERSION = VERSION_1_2 #: Version for saving
#: Folder where to read/write project configs.
profile_dir: str = filedir(
config.value("ebcomportamiento/profiles_folder",
"%s/Pineboo/profiles" % Path.home()))
version: VersionNumber #: Version number for the profile read.
fernet: Optional[Fernet] #: Cipher used, if any.
database: str #: Database Name, file path to store it, or :memory:
host: Optional[str] #: DB server Hostname. None for local files.
port: Optional[int] #: DB server port. None for local files.
username: Optional[str] #: Database User login name.
password: Optional[str] #: Database User login password.
type: str #: Driver Type name to use when connecting
project_password: str #: Password to cipher when load/saving. Empty string for no ciphering.
password_required: bool #: True if a password is required to read data. (Was partially loaded.)
description: str #: Project name in GUI
filename: str #: File path to read / write this project from / to
def __init__(
self,
database: Optional[str] = None,
host: Optional[str] = None,
port: Optional[int] = None,
type: Optional[str] = None,
username: Optional[str] = None,
password: Optional[str] = None,
load_xml: Optional[str] = None,
connstring: Optional[str] = None,
description: Optional[str] = None,
filename: Optional[str] = None,
project_password: str = "",
) -> None:
"""Initialize."""
self.project_password = project_password
self.password_required = False
self.version = self.SAVE_VERSION
self.fernet = None
if connstring:
username, password, type, host, port, database = self.translate_connstring(
connstring)
elif load_xml:
self.filename = os.path.join(
self.profile_dir,
load_xml if load_xml.endswith("xml") else "%s.xml" % load_xml)
self.load_projectxml()
return
if database is None:
raise ValueError(
"Database is mandatory. Or use load_xml / connstring params")
if type is None:
raise ValueError(
"Type is mandatory. Or use load_xml / connstring params")
self.database = database
self.host = host
self.port = port
self.type = type
self.username = username
self.password = password
self.description = description if description else "unnamed"
if filename is None:
file_basename = self.description.lower().replace(" ", "_")
self.filename = os.path.join(self.profile_dir,
"%s.xml" % file_basename)
else:
self.filename = os.path.join(self.profile_dir, filename)
def get_uri(self, show_password: bool = False) -> str:
"""Get connection as an URI."""
host_port = ""
if self.host:
host_port += self.host
if self.port:
host_port += ":%d" % self.port
user_pass = ""
if self.username:
user_pass += self.username
if self.password:
if show_password:
user_pass += ":%s" % self.password
else:
pass_bytes: bytes = hashlib.sha256(
self.password.encode()).digest()
user_pass += ":*" + base64.b64encode(pass_bytes).decode()[:4]
if user_pass:
user_pass = "******" % user_pass
uri = host_port + user_pass
if self.database:
if uri:
uri += "/"
uri += self.database
return "[%s]://%s" % (self.type, uri)
def __repr__(self) -> str:
"""Display the information in text mode."""
if self.project_password:
# 4 chars in base-64 is 3 bytes. 256**3 should be enough to know if you have the wrong
# password.
pass_bytes: bytes = hashlib.sha256(
self.project_password.encode()).digest()
passwd = "-" + base64.b64encode(pass_bytes).decode()[:4]
else:
passwd = ""
return "<ProjectConfig%s name=%r uri=%r>" % (
passwd,
self.description,
self.get_uri(show_password=False),
)
def __eq__(self, other: Any) -> bool:
"""Test for equality."""
if not isinstance(other, ProjectConfig):
return False
if other.type != self.type:
return False
if other.get_uri(show_password=True) != self.get_uri(
show_password=True):
return False
if other.description != self.description:
return False
if other.project_password != self.project_password:
return False
return True
def load_projectxml(self) -> bool:
"""Collect the connection information from an xml file."""
file_name = self.filename
if not os.path.isfile(file_name):
raise ValueError("El proyecto %r no existe." % file_name)
tree = ET.parse(file_name)
root = tree.getroot()
version = VersionNumber(root.get("Version"), default="1.0")
self.version = version
self.description = ""
for xmldescription in root.findall("name"):
self.description = xmldescription.text or ""
profile_pwd = ""
for profile in root.findall("profile-data"):
profile_pwd = getattr(profile.find("password"), "text", "")
if profile_pwd:
break
self.password_required = True
self.checkProfilePasswordForVersion(self.project_password, profile_pwd,
version)
if self.project_password and self.version > VERSION_1_1:
key_salt = hashlib.sha256(profile_pwd.encode()).digest()
key = hashlib.pbkdf2_hmac("sha256", self.project_password.encode(),
key_salt, 10000)
key64 = base64.urlsafe_b64encode(key)
self.fernet = Fernet(key64)
else:
self.fernet = None
from pineboolib.application.database.pnsqldrivers import PNSqlDrivers
sql_drivers_manager = PNSqlDrivers()
self.database = self.retrieveCipherSubElement(root, "database-name")
for db in root.findall("database-server"):
self.host = self.retrieveCipherSubElement(db, "host")
port_text = self.retrieveCipherSubElement(db, "port")
self.port = int(port_text) if port_text else None
self.type = self.retrieveCipherSubElement(db, "type")
# FIXME: Move this to project, or to the connection handler.
if self.type not in sql_drivers_manager.aliasList():
LOGGER.warning(
"Esta versión de pineboo no soporta el driver '%s'" %
self.type)
for credentials in root.findall("database-credentials"):
self.username = self.retrieveCipherSubElement(
credentials, "username")
self.password = self.retrieveCipherSubElement(
credentials, "password")
if self.password and self.fernet is None:
self.password = base64.b64decode(self.password).decode()
self.password_required = False
return True
@classmethod
def encodeProfilePasswordForVersion(cls, password: str,
save_version: VersionNumber) -> str:
"""
Hash a password for a profile/projectconfig using the protocol for specified version.
"""
if password == "":
return ""
if save_version < VERSION_1_1:
return password
if save_version < VERSION_1_2:
return hashlib.sha256(password.encode()).hexdigest()
# Minimum salt size recommended is 8 bytes
# multiple of 3 bytes as it is shorter in base64
salt = os.urandom(9)
hmac = hashlib.pbkdf2_hmac("sha256", password.encode(), salt, 10000)
dict_passwd = {
# Algorithm:
# .. pbkdf2: short algorithm name
# .. sha256: hash function used
# .. 4: number of zeroes used on iterations
"algorithm": "pbkdf2-sha256-4",
"salt": base64.b64encode(salt).decode(),
"hash": base64.b64encode(hmac).decode(),
}
hashed_password = "******" % dict_passwd
return hashed_password
@classmethod
def checkProfilePasswordForVersion(cls, user_pwd: str, profile_pwd: str,
version: VersionNumber) -> None:
"""
Check a saved password against a user-supplied one.
user_pwd: User-supplied password in clear text.
profile_pwd: Raw data saved as password in projectconfig file.
version: Version number used for checks.
This function returns None and raises PasswordMismatchError if the password is wrong.
We can only check if it is good. It's not a good idea to check if two encoded passwords
are the same, because most secure methods will store different encoded versions every
time we try to encode again.
"""
if not profile_pwd:
return
if version < VERSION_1_1:
if user_pwd == profile_pwd:
return
raise PasswordMismatchError("La contraseña es errónea")
if version < VERSION_1_2:
user_hash = hashlib.sha256(user_pwd.encode()).hexdigest()
if profile_pwd == user_hash:
return
raise PasswordMismatchError("La contraseña es errónea")
algo, *algo_extra = profile_pwd.split(":")
if algo != "pbkdf2-sha256-4":
raise Exception("Unsupported password algorithm %r" % algo)
salt64, hash64 = algo_extra
salt = base64.b64decode(salt64.encode())
user_hash2 = hashlib.pbkdf2_hmac("sha256", user_pwd.encode(), salt,
10000)
user_hash64 = base64.b64encode(user_hash2).decode()
if user_hash64 == hash64:
return
raise PasswordMismatchError("La contraseña es errónea")
def createCipherSubElement(self, parent: ET.Element, tagname: str,
text: str) -> ET.Element:
"""Create a XML SubElement ciphered if self.fernet is present."""
child = ET.SubElement(parent, tagname)
if self.fernet is None:
child.text = text
return child
# NOTE: This method returns ciphertext even for empty strings! This is intended.
# ... this is to avoid anyone knowing if a field is empty or not.
if len(text) < 64:
# Right Pad with new line at least up to 64 bytes. Avoid giving out field size.
text = text.ljust(64, "\n")
encoded_bytes = self.fernet.encrypt(text.encode())
encoded_text = base64.b64encode(encoded_bytes).decode()
child.set("cipher-method", "cryptography.Fernet")
child.set("cipher-text", encoded_text)
return child
def retrieveCipherSubElement(self, parent: ET.Element,
tagname: str) -> str:
"""Get a XML SubElement ciphered if self.fernet is present."""
child = parent.find(tagname)
if child is None:
raise ValueError("Tag %r not present" % tagname)
cipher_method = child.get("cipher-method")
if cipher_method is None:
return child.text or ""
if self.fernet is None:
raise Exception(
"Tried to load ciphered tag %r with no loaded cipher" %
tagname)
cipher_text = child.get("cipher-text")
if cipher_method != "cryptography.Fernet":
raise ValueError("Cipher method %r not supported." % cipher_method)
if not cipher_text:
raise ValueError("Missing ciphertext for %r" % tagname)
cipher_bytes = base64.b64decode(cipher_text.encode())
text = self.fernet.decrypt(cipher_bytes).decode()
text = text.rstrip("\n")
return text
def save_projectxml(self, overwrite_existing: bool = True) -> None:
"""
Save the connection.
"""
profile = ET.Element("Profile")
profile.set("Version", str(self.SAVE_VERSION))
description = self.description
filename = self.filename
if not os.path.exists(self.profile_dir):
os.mkdir(self.profile_dir)
if not overwrite_existing and os.path.exists(filename):
raise ProfileAlreadyExistsError
passwDB = self.password or ""
profile_user = ET.SubElement(profile, "profile-data")
profile_password = ET.SubElement(profile_user, "password")
profile_password.text = self.encodeProfilePasswordForVersion(
self.project_password, self.SAVE_VERSION)
if self.project_password and self.SAVE_VERSION > VERSION_1_1:
key_salt = hashlib.sha256(profile_password.text.encode()).digest()
key = hashlib.pbkdf2_hmac("sha256", self.project_password.encode(),
key_salt, 10000)
key64 = base64.urlsafe_b64encode(key)
self.fernet = Fernet(key64)
else:
# Mask the password if no cipher is used!
passwDB = base64.b64encode(passwDB.encode()).decode()
self.fernet = None
name = ET.SubElement(profile, "name")
name.text = description
dbs = ET.SubElement(profile, "database-server")
self.createCipherSubElement(dbs, "type", text=self.type)
self.createCipherSubElement(dbs, "host", text=self.host or "")
self.createCipherSubElement(dbs,
"port",
text=str(self.port) if self.port else "")
dbc = ET.SubElement(profile, "database-credentials")
self.createCipherSubElement(dbc, "username", text=self.username or "")
self.createCipherSubElement(dbc, "password", text=passwDB)
self.createCipherSubElement(profile,
"database-name",
text=self.database)
pretty_print_xml(profile)
tree = ET.ElementTree(profile)
tree.write(filename, xml_declaration=True, encoding="utf-8")
self.version = self.SAVE_VERSION
@classmethod
def translate_connstring(
cls, connstring: str) -> Tuple[str, str, str, str, int, str]:
"""
Translate a DSN connection string into user, pass, etc.
Accept a "connstring" parameter that has the form user @ host / dbname
and returns all parameters separately. It takes into account the
default values and the different abbreviations that exist.
"""
user = "******"
passwd = ""
host = "127.0.0.1"
port = "5432"
driver_alias = "PostgreSQL (PSYCOPG2)"
user_pass = None
host_port = None
if "/" not in connstring:
dbname = connstring
if not re.match(r"\w+", dbname):
raise ValueError("base de datos no valida")
return user, passwd, driver_alias, host, int(port), dbname
uphpstring = connstring[:connstring.rindex("/")]
dbname = connstring[connstring.rindex("/") + 1:]
up, hp = uphpstring.split("@")
conn_list = [None, None, up, hp]
_user_pass, _host_port = conn_list[-2], conn_list[-1]
if _user_pass:
user_pass = _user_pass.split(":") + ["", "", ""]
user, passwd, driver_alias = (
user_pass[0],
user_pass[1] or passwd,
user_pass[2] or driver_alias,
)
if user_pass[3]:
raise ValueError(
"La cadena de usuario debe tener el formato user:pass:driver."
)
if _host_port:
host_port = _host_port.split(":") + [""]
host, port = host_port[0], host_port[1] or port
if host_port[2]:
raise ValueError("La cadena de host debe ser host:port.")
if not re.match(r"\w+", user):
raise ValueError("Usuario no valido")
if not re.match(r"\w+", dbname):
raise ValueError("base de datos no valida")
if not re.match(r"\d+", port):
raise ValueError("puerto no valido")
LOGGER.debug(
"user:%s, passwd:%s, driver_alias:%s, host:%s, port:%s, dbname:%s",
user,
"*" * len(passwd),
driver_alias,
host,
port,
dbname,
)
return user, passwd, driver_alias, host, int(port), dbname
global fenetre_actu
fenetre_actu.pack_forget()
self.pack(fill=BOTH)
fenetre_actu = self
try:
file_key = open('key.key', 'rb')
key = file_key.read()
file_key.close()
file_password = open('password.txt', 'rb')
password_encrypted = file_password.read()
file_password.close()
assert password_encrypted != ""
f = Fernet(key)
password = f.decrypt(password_encrypted)
password = password.decode()
except:
key = Fernet.generate_key()
f = Fernet(key)
password = input('Quel est le mot de passe')
password_encrypted = password.encode()
password_encrypted = f.encrypt(password_encrypted)
file_key = open('key.key', 'wb')
file_key.write(key)
file_key.close()
file_password = open('password.txt', 'wb')
file_password.write(password_encrypted)
file_password.close()
web = ChromeMbn('f.henrotterobe', password)
# we will be encryting the below string.
message = str(input(" Write Here your message \n"))
# generate a key for encryptio and decryption
# You can use fernet to generate
# the key or use random key generator
# here I'm using fernet to generate key
key = Fernet.generate_key()
# Instance the Fernet class with the key
fernet = Fernet(key)
# then use the Fernet class instance
# to encrypt the string string must must
# be encoded to byte string before encryption
encMessage = fernet.encrypt(message.encode())
print("original string: ", message)
print("encrypted string: ", encMessage)
# decrypt the encrypted string with the
# Fernet instance of the key,
# that was used for encrypting the string
# encoded byte string is returned by decrypt method,
# so decode it to string with decode methos
decMessage = fernet.decrypt(encMessage).decode()
print("decrypted string: ", decMessage)
