Esempio n. 1
0
def rekey(options):
    """
    Interactive target to change the passphrase for the database.
    """
    info("This is an EXTREMELY DANGEROUS activity.")
    info("Backup your database first.")
    
    curr_passphrase = raw_input("Current passphrase: ")
    
    crypto_util.configure_crypto_state(curr_passphrase)
    
    new_passphrase = raw_input("New passphrase: ")
    confirm = raw_input("MD5 of passphrase is %s (type \"YES\" to confirm): " % hashlib.md5(new_passphrase).hexdigest())
    if confirm != 'YES':
        raise ValueError("You must enter 'YES' to proceed.")
    
    if crypto_util.has_encrypted_data():
        confirm = raw_input("There is existing encrypted data in the database.  Type 'REKEY' to proceed with re-encryption: ")
        if confirm != 'REKEY':
            raise ValueError("You must enter 'REKEY' to proceed.")
    
    # Use the same salt as previous key
    new_key = crypto_util.derive_configured_key(new_passphrase)
    
    crypto_util.replace_key(new_key=new_key, force=True)
    
    info("Re-encryption completed successfully.")
    
    if config.get('debug'):
        print "The new key is: %s%s" % (binascii.hexlify(new_key.encryption_key), binascii.hexlify(new_key.signing_key))
Esempio n. 2
0
 def initialize(self, **kwargs):
     form = PassphraseSubmitForm(request_params())
     if form.validate():
         crypto_util.configure_crypto_state(form.passphrase.data)
         raise cherrypy.HTTPRedirect("/")
     else:
         return render("startup.html", {'form': form})
Esempio n. 3
0
def setup_crypto_state():
    """
    Initialize the crypto engine for already-crypto-configured database.
    """
    if config['debug'] and config['debug.secret_key']:
        crypto_util.load_secret_key_file(config['debug.secret_key'])
    else:
        passphrase = raw_input("Database Master Passphrase: ")
        crypto_util.configure_crypto_state(passphrase)