def test_derive_key(self): """ Test the key deriviation routines. """ salt = os.urandom(8) key = util.derive_key("password", salt) self.assertEquals(32, len(key.encryption_key)) self.assertEquals(32, len(key.signing_key)) with self.assertRaises(ValueError): util.derive_key("password", salt[:4]) key2 = util.derive_key("password", os.urandom(8)) self.assertNotEqual(key, key2)
def init_crypto(options): """ Interactive target to initialize the database with a new crypto passphrase. """ print "Initializing crypto for an empty database." if crypto_util.has_encrypted_data(): raise BuildFailure("Database has existing encrypted contents; use the 'rekey' target instead.") passphrase = raw_input("Passphrase: ") print "The database will be initialized with the passphrase between the arrows: --->%s<---" % passphrase print "The MD5 of the passphrase you entered is: %s" % hashlib.md5(passphrase).hexdigest() confirm = raw_input("Type 'YES' to confirm passphrase and MD5 are correct: ") if confirm != 'YES': raise ValueError("You must enter 'YES' to proceed.") salt = get_random_bytes(16) key = crypto_util.derive_key(passphrase=passphrase, salt=salt) crypto_util.initialize_key_metadata(key=key, salt=salt, force_overwrite=False) print "Database key metadata has been initialized. Your application is ready for use." if config.get('debug'): print "The new key is: %s%s" % (binascii.hexlify(key.encryption_key), binascii.hexlify(key.signing_key)) print "*************************************************************" print "IMPORTANT" print "Make sure your database master passphrase is stored somewhere" print "outside of Ensconce." print "" print "There is no recovery mechanism for this passphrase (or for " print "your database, should you lose it.)" print "*************************************************************"