def unwrapkey(self, password, wrapped ):
"""decrypt the key encrypted by the password-derived key
"""
salt = wrapped[:SALT_SIZE]
payload = wrapped[SALT_SIZE:]
kek = derive_key(password,salt,self.box.KEY_SIZE)
sbox = self.box(kek)
return sbox.decrypt(payload)
def wrapkey(self, password, key ):
"""encrypt a key using a password-derived key
"""
salt = self.random(SALT_SIZE)
kek = derive_key(password,salt,self.box.KEY_SIZE)
sbox = self.box(kek)
nonce = self.random(sbox.NONCE_SIZE)
payload = sbox.encrypt(key,nonce)
return salt+payload
def check_badalgorithm(pw):
try:
k = derive_key(pw, SALT, 16)
assert False, "{} should not be valid".format(pw)
except RuntimeError:
pass
def test_bcrypt():
k = derive_key("@aaa", SALT, 16)
def test_scrypt():
k = derive_key("`aaa", SALT, 16)
def test_pbkdf2():
k = derive_key(" aaa", SALT, 16)
def check_badalgorithm(pw):
try:
k = derive_key(pw, SALT, 16)
assert False, "{} should not be valid".format(pw)
except RuntimeError:
pass
def test_scrypt():
k = derive_key("`aaa", SALT, 16)
def test_bcrypt():
k = derive_key("@aaa", SALT, 16)
def test_pbkdf2():
k = derive_key(" aaa", SALT, 16)