def read_private(warn=False): global global_password if global_password is None: setpassword( getpass.getpass( "Please enter the password to decrypt your keystore: ")) if os.path.exists('private.yml'): with open('private.yml', 'r') as f: toread = yaml.load(f, Loader=SafeLoader) key = crypto.kdf(global_password, toread['salt']) try: plain = crypto.decrypt(toread['priv'], key) except ValueError: raise Exception("Invalid password for keystore") return yaml.load(plain, Loader=SafeLoader), toread['salt'] if warn: # file doesn't exist, just invent a salt logger.warning("Private certificate data %s does not exist yet." % os.path.abspath("private.yml")) logger.warning( "Keylime will attempt to load private certificate data again when it is needed." ) return { 'revoked_keys': [] }, base64.b64encode(crypto.generate_random_key()).decode()
def write_private(inp): priv = inp[0] salt = inp[1] priv_encoded = yaml.dump(priv, Dumper=SafeDumper) key = crypto.kdf(global_password, salt) ciphertext = crypto.encrypt(priv_encoded, key) towrite = {'salt': salt, 'priv': ciphertext} with os.fdopen(os.open('private.yml', os.O_WRONLY | os.O_CREAT, 0o600), 'w', encoding="utf-8") as f: yaml.dump(towrite, f, Dumper=SafeDumper)
def read_private(): global global_password if global_password is None: setpassword(getpass.getpass("Please enter the password to decrypt your keystore: ")) if os.path.exists('private.yml'): with open('private.yml','r') as f: toread = yaml.load(f, Loader=SafeLoader) key = crypto.kdf(global_password,toread['salt']) try: plain = crypto.decrypt(toread['priv'],key) except ValueError: raise Exception("Invalid password for keystore") return yaml.load(plain, Loader=SafeLoader),toread['salt'] else: #file doesn't exist, just invent a salt return {'revoked_keys':[]},base64.b64encode(crypto.generate_random_key()).decode()
def test_hmac(self): message = "a secret message!" aeskey = kdf(message, "salty-McSaltface") digest = do_hmac(aeskey, message) aeskey2 = kdf(message, "salty-McSaltface") self.assertEqual(do_hmac(aeskey2, message), digest)