def main():
master_key = open('{{jenkins_home}}/secrets/master.key').read()
hudson_secret_key = open(
'{{jenkins_home}}/secrets/hudson.util.Secret').read()
hashed_master_key = hashlib.sha256(master_key).digest()[:16]
cipher = Cipher('aes_128_ecb', hashed_master_key, '', 0)
v = cipher.update(hudson_secret_key)
x = v + cipher.final()
assert MAGIC in x
k = x[:-16]
k = k[:16]
token = os.urandom(16).encode('hex')
plaintext = token + MAGIC
cipher = Cipher('aes_128_ecb', k, '', 1)
v = cipher.update(plaintext)
password = base64.b64encode(v + cipher.final())
print password
with open('/etc/jenkins_jobs/jenkins_jobs.ini', 'wb+') as f:
f.write('\n'.join([
'[jenkins]', 'user=jenkins',
'password=%s' % hashlib.md5(token).hexdigest(),
'url=http://localhost:8080'
]))
def encrypt_3des(key, text, usebase64=False):
cipher = Cipher(alg='des_ede3_ecb', key=key, op=1, iv='\0'*16)
s = cipher.update(text)
if usebase64:
return base64.b64encode( s + cipher.final() )
else:
return s + cipher.final()
def decrypt(self, encryptedObject):
"""Given an encrypted object, decrypt it and return the plaintext value.
If necessary, will retrieve the private key and bulk encryption key
from the storage context associated with self."""
# Coerce JSON if necessary
if type(encryptedObject) == str or type(encryptedObject) == unicode:
encryptedObject = json.loads(encryptedObject)
# An encrypted object has two relevant fields
encryptionLabel = encryptedObject['encryption']
ciphertext = base64.decodestring(encryptedObject['ciphertext'])
# Go get the keying infromation if need it
if self.privateKey == None:
self.fetchPrivateKey()
if not encryptionLabel in self.bulkKeys:
self.fetchBulkKey(encryptionLabel)
# In case you were wondering, this is the same as this operation at the openssl command line:
# openssl enc -d -in data -aes-256-cbc -K `cat unwrapped_symkey.16` -iv `cat iv.16`
# Do the decrypt
logging.debug("Decrypting data record using bulk key %s" %
encryptionLabel)
cipher = Cipher(alg='aes_256_cbc',
key=self.bulkKeys[encryptionLabel],
iv=self.bulkKeyIVs[encryptionLabel],
op=0) # 0 is DEC
v = cipher.update(ciphertext)
v = v + cipher.final()
del cipher
logging.debug("Successfully decrypted data record")
return v
def _new_cipher(key):
skey = key[0:
crypto_algo["key_size"]] # Use first n bytes as crypto key
iv = key[-crypto_algo["iv_size"]:] # Use last m bytes as IV
return Cipher(algorithms.TripleDES(skey),
modes.CBC(iv),
backend=default_backend())
def get_cipher(key, method, op, iv):
if method == 'rc4-md5':
return create_rc4_md5(method, key, iv, op)
elif method in ('salsa20', 'chacha20'):
return Salsa20Crypto(method, key, iv, op)
else:
return Cipher(method.replace('-', '_'), key, iv, op)
def decrypt_text(encrypted_text, key):
# Porting from pyDes-based encryption (see http://git.io/htpk)
# to use M2Crypto instead (see https://gist.github.com/mrluanma/917014)
cipher = Cipher(alg="des_ede3_ecb", key=b"{}".format(key), op=0, iv="\0" * 16)
decrypted_text = cipher.update(base64.b64decode(b"{}".format(encrypted_text)))
decrypted_text += cipher.final()
return decrypted_text
def encrypt_sn(sn):
m = Cipher(alg="aes_128_cbc", key=config['passout'], iv='\x00' * 16, op=1)
m.set_padding(padding=7)
v = m.update(sn)
v = v + m.final()
del m
return v
def Encrypt(data):
print "Enc len=", len(data)
cipher = Cipher(alg='aes_128_ecb', key=PRIVATE_KEY, iv=iv, op=ENCRYPT_OP)
buf = cipher.update(data)
buf = buf + cipher.final()
del cipher
return buf
"""
def Decrypt(data):
data = util.h2b(data)
cipher = Cipher(alg='aes_128_ecb', key=PRIVATE_KEY, iv=iv, op=DECRYPT_OP)
buf = cipher.update(data)
buf = buf + cipher.final()
del cipher
return buf
def decryptPasswd(buf, passKey, iv='\x00' * 16):
cipher = Cipher(alg='aes_128_cbc', key=passKey, iv=iv,
op=0) # 0 is decrypt
cipher.set_padding(padding=7)
v = cipher.update(buf)
v = v + cipher.final()
del cipher
return v
def build_cipher(key, op):
return Cipher(alg='aes_128_cbc',
key=key,
iv='\0' * 16,
op=op,
key_as_bytes=1,
d='sha1',
salt='saltsalt',
i=5)
def AESDecrypt(cls, data): '使用aes_128_ecb算法对数据解密' # 将密文从16进制转为字节流 data = util.h2b(data) cipher = Cipher(alg = 'aes_128_ecb', key = cls.privateKey, iv = cls.iv, op = DEC) txt = cipher.update(data) txt = txt + cipher.final() del cipher return txt
def simple_encrypto(s):
''' 加密字符串 '''
s = s.encode('utf8')
cipher = Cipher(alg='des_cbc', key=CRYPTO_KEY, iv=CRYPTO_IV, op=1)
cipher.set_padding(padding=m2.no_padding)
out = cipher.update(s)
out += cipher.final()
del cipher
return base64.encodestring(out)
def simple_decrypto(s):
''' des_cbc对称解密 '''
buf = base64.decodestring(s.decode('utf8'))
cipher = Cipher(alg='des_cbc', key=CRYPTO_KEY, iv=CRYPTO_IV, op=0)
cipher.set_padding(padding=m2.no_padding)
out = cipher.update(buf)
out += cipher.final()
del cipher
return out
def Encrypt(data):
cipher = Cipher(alg = 'aes_128_ecb', key = PRIVATE_KEY, iv = iv, op = ENCRYPT_OP)
buf = cipher.update(data)
buf = buf + cipher.final()
del cipher
# 将明文从字节流转为16进制
output = ''
for i in buf:
output += '%02X' % (ord(i))
return output
def encrypto(s):
''' 压缩加密字符串 '''
if isinstance(s, unicode):
s = s.encode('utf8')
s = zlib.compress(s)
cipher = Cipher(alg='des_cbc', key=CRYPTO_KEY, iv=CRYPTO_IV, op=1)
cipher.set_padding(padding=m2.no_padding)
out = cipher.update(s)
out += cipher.final()
del cipher
return base64.encodestring(out)
def AESEncrypt(cls, data): '使用aes_128_ecb算法对数据加密' cipher = Cipher(alg = 'aes_128_ecb', key = cls.privateKey, iv = cls.iv, op = ENC) txt = cipher.update(data) txt = txt + cipher.final() del cipher # 将明文从字节流转为16进制 output = '' for i in txt: output += '%02X' % (ord(i)) return output
def Decrypt(data):
#data = util.h2b(data)
data1 = binascii.a2b_hex(data)
#for i in len(data)/2:
# data1 += binascii.a2b_hex()
cipher = Cipher(alg='aes_128_ecb', key=PRIVATE_KEY, iv=iv, op=DECRYPT_OP)
buf = cipher.update(data1)
buf = buf + cipher.final()
del cipher
return buf
def Decrypt(data):
# 将密文从16进制转为字节流
data = util.h2b(data)
cipher = Cipher(alg = 'aes_128_ecb', key = PRIVATE_KEY, iv = iv, op = DECRYPT_OP)
buf = cipher.update(data)
buf = buf + cipher.final()
del cipher
return buf
# print Decrypt('6C0D072989D9F7271EF1BD5AA1C830F2')
def _decrypt(self, payload, key):
''' Decrypt payload fetched from server. '''
ciphertext = payload['ciphertext'].decode('base64')
iv = payload['IV'].decode('base64')
# Perform the actual decryption.
cipher = Cipher(alg='aes_256_cbc', key=key, iv=iv, op=0)
v = cipher.update(ciphertext)
v = v + cipher.final()
del cipher
return json.loads(v)
def aes_api_data_encrypt(data):
"""
加密api数据
:param data: 字符串数据等
:return: base64数据
"""
key = '!@#$%^&*()_+|%^&'
iv = '!@#$%^&*()_+|%^&'
pad_data = pkcs7_pad(data, 16)
encryptor = Cipher(alg="aes_128_cbc", key=key, iv=iv, op=OP_ENCRYPT, padding=0)
str = encryptor.update(pad_data)
str = str + encryptor.final()
base64str = base64.b64encode(str)
return base64str
def decrypt_aes(key, text, iv='\0'*16, usebase64=False):
""" aes比3des: 加解密速度快, 资源消耗低, 安全级别高
param:
key: 密钥, 16个字符
note: 当key或iv不足16个字符的时候, 后面补字符'0'; 当超过16个字符的时候, 截断为前面16个字符
note: 标准Base64编码会出现字符+和/,在URL中不能作为参数,而urlsafe的base64编码,其实是把字符+和/分别变成-和_
"""
key = _autofill(key) # 当使用 aes_256时候, key需要32个字符; 而使用aes_128时, key需要16个字符
iv = _autofill(iv)
if usebase64:
text = base64.urlsafe_b64decode( text )
cipher = Cipher(alg='aes_128_cbc', key=key, op=0, iv=iv) # aes_256_cbc, aes_256_ecb
s = cipher.update(text)
return s + cipher.final()
def aes_html_data_decrypt(data):
"""
解密Html传过来的数据
:param data: 数据Base64编码
:return: 解密后的字符串,如果为无效的字符串解密,则返回空串
"""
key = '!@#$%^&*()_+|%^&'
iv = '!@#$%^&*()_+|%^&'
decryptor = Cipher(alg="aes_128_cbc", key=key, iv=iv, op=OP_DECRYPT, padding=0)
encrypted_data = base64.b64decode(data)
decrypted_data = decryptor.update(encrypted_data)
decrypted_data += decryptor.final()
return unpad(decrypted_data)
def aes_decrypt(mess, aes_key, size=256):
if size == 128:
algo = 'aes_128_cbc'
elif size == 256:
algo = 'aes_256_cbc'
else:
algo = 'aes_128_cbc'
mess = b64decode(mess)
cipher = Cipher(alg=algo, key=aes_key, iv=IV, op=0)
o = cipher.update(mess)
o = o + cipher.final()
del cipher
return o
def get_cipher(self, password, method, op, iv=None):
password = password.encode('utf-8')
method = method.lower()
m = self.get_cipher_len(method)
if m:
key, iv_ = EVP_BytesToKey(password, m[0], m[1])
if iv is None:
iv = iv_[:m[1]]
if op == 1:
self.cipher_iv = iv[:m[
1]] # this iv is for cipher, not decipher
return Cipher(method.replace('-', '_'), key, iv, op)
logging.error('method %s not supported' % method)
sys.exit(1)
def str_decrypt(crypted, key, iv=IV, algorithm=ALGORITHM):
""" Decrypt a string with a key. For a higher-level decryption
interface, see :func:`ssl_decrypt`.
:param crypted: The raw binary encrypted data
:type crypted: string
:param key: The encryption key to decrypt with
:type key: string
:param iv: The initialization vector
:type iv: string
:param algorithm: The cipher algorithm to use
:type algorithm: string
:returns: string - The decrypted data
"""
cipher = Cipher(alg=algorithm, key=key, iv=iv, op=DECRYPT)
return _cipher_filter(cipher, crypted)
def get_cipher(self, password, method, op, iv):
password = password.encode('utf-8')
method = method.lower()
m = self.get_cipher_len(method)
if m:
key, _ = EVP_BytesToKey(password, m[0], 0)
iv = iv[:m[1]]
if op == 1:
self.cipher_iv = iv # this iv is for cipher, not decipher
if method == 'rc4-md5':
return create_rc4_md5(method, key, iv, op)
elif method in ('salsa20', 'chacha20'):
return Salsa20Crypto(method, key, iv, op)
else:
return Cipher(method.replace('-', '_'), key, iv, op)
raise ValueError('method %s not supported' % method)
def __init__(self, encrypted_header=None):
if encrypted_header:
self.__enc_data = encrypted_header
header = self.K_CIPHER.private_decrypt(encrypted_header,
RSA.pkcs1_padding)
secret = header[:32]
iv = header[32:]
op = DEC
else:
secret = self._get_random(32)
iv = self._get_random(16)
self.__enc_data = self.K_CIPHER.public_encrypt(
secret + iv, RSA.pkcs1_padding)
op = ENC
self.__cipher = Cipher(alg='aes_128_cbc', key=secret, iv=iv, op=op)
self.__cipher.set_padding(1)
def str_encrypt(plaintext, key, iv=IV, algorithm=ALGORITHM, salt=None):
""" Encrypt a string with a key. For a higher-level encryption
interface, see :func:`ssl_encrypt`.
:param plaintext: The plaintext data to encrypt
:type plaintext: string
:param key: The key to encrypt the data with
:type key: string
:param iv: The initialization vector
:type iv: string
:param algorithm: The cipher algorithm to use
:type algorithm: string
:param salt: The salt to use
:type salt: string
:returns: string - The decrypted data
"""
cipher = Cipher(alg=algorithm, key=key, iv=iv, op=ENCRYPT, salt=salt)
return _cipher_filter(cipher, plaintext)
def encrypt_mode_cbc(data, key, iv):
"""
aes加密得到十进制串
:param data:
:param key:
:param iv:
:return:
"""
cipher = Cipher(alg='aes_128_cbc', key=key, iv=iv, op=1)
buf = cipher.update(data)
buf += cipher.final()
del cipher
# 将明文从字节流转为十进制
des_list = [int('%02X' % (ord(i)), 16) for i in buf]
# 原码转补码
in_list = [~h ^ 255 if h > 128 else h for h in des_list]
return in_list
