def decrypt(self, save_content=False):
if self.encryption_key is None:
raise LocalConfigFileError('Cannot decrypt content, missing encryption key.')
if self.config.get('content') is None:
raise LocalConfigFileError('Cannot decrypt content, content is empty.')
if self.is_encryptable == False:
raise LocalConfigFileError('Cannot decrypt, improper configuration.')
if self.config.get('is_encrypted') == False:
return self.config.get('content')
f = Fernet(self.encryption_key)
if self.config.get('is_binary') == True:
decr_content = f.decrypt(self.config.get('content'))
elif self.config.get('is_binary') == False:
decr_content = f.decrypt(self.config.get('content').encode('utf-8')).decode('utf-8')
else:
raise LocalConfigFileError('Could not tell if file is binary or text. Aborting.')
if save_content == True:
try:
self.config['content'] = decr_content
self.config['content_length'] = len(decr_content)
self.config['is_encrypted'] = False
except:
raise
return decr_content
def decrypt_creds(dbname, dbuser, dbpass, dbport):
"""
Decrypt DB creds.
Default Creds in vars.py are decrypted and returned.
:return db_name, db_user, db_pass, db_port:
"""
if (os.path.exists(keyfile)):
authkey = open(keyfile, 'rb').read()
# print(authkey)
else:
print ("Key File '{}' does not exist".format(keyfile))
exit(1)
from cryptography.fernet import Fernet
f = Fernet(authkey)
byte_dbname = str.encode(dbname)
byte_dbuser = str.encode(dbuser)
byte_dbpass = str.encode(dbpass)
byte_dbport = str.encode(dbport)
db_name = (f.decrypt(byte_dbname)).decode()
db_user = (f.decrypt(byte_dbuser)).decode()
db_pass = (f.decrypt(byte_dbpass)).decode()
db_port = (f.decrypt(byte_dbport)).decode()
print("DBNAME = {} DBUSER = {} DBPASS = {} DBPORT = {}"
.format(db_name, db_user, db_pass, db_port))
return (db_name, db_user, db_pass, db_port)
def get_creds(dbname, dbuser, dbpass, dbport):
"""
Decrypt creds.
Creds are provided as arguments to this routine,
decrypted and returned.
:param dbname:
:param dbuser:
:param dbpass:
:param dbport:
:return db_name, db_user, db_pass, db_port:
"""
if (os.path.exists(keyfile)):
authkey = open(keyfile, 'rb').read()
# print(authkey)
else:
print("Key File '{}' does not exist".format(keyfile))
exit(1)
from cryptography.fernet import Fernet
f = Fernet(authkey)
byte_dbname = str.encode(dbname)
byte_dbuser = str.encode(dbuser)
byte_dbpass = str.encode(dbpass)
byte_dbport = str.encode(dbport)
db_name = (f.decrypt(byte_dbname)).decode()
db_user = (f.decrypt(byte_dbuser)).decode()
db_pass = (f.decrypt(byte_dbpass)).decode()
db_port = (f.decrypt(byte_dbport)).decode()
# print("DBNAME = {} DBUSER = {} DBPASS = {} DBPORT = {}"\
# .format(db_name, db_user, db_pass, db_port))
return (db_name, db_user, db_pass, db_port)
def decrypt(ciphertext, key):
f = Fernet(key)
try:
txt = f.decrypt(ciphertext).decode()
except:
txt = f.decrypt(bytes(ciphertext, 'utf-8')).decode()
return txt
def test_generate_key(self):
stdout = io.StringIO()
try:
keygen.main(stdout=stdout, argv=[])
except SystemExit as exc:
self.assertEqual(exc.code, 0)
key = stdout.getvalue()
f = Fernet(key)
# Make sure this doesn't raise an error about a bad key.
f.decrypt(f.encrypt('whatever'.encode('utf-8')))
def decrypt(data, hello_token, salt, password):
kdf = PBKDF2HMAC(algorithm=hashes.SHA256(), length=32, salt=salt, iterations=100000, backend=backend)
key = base64.urlsafe_b64encode(kdf.derive(password))
f = Fernet(key)
hello = f.decrypt(hello_token)
if hello != b"hello":
raise Exception("incorrect password")
ddata = f.decrypt(data)
return ddata
def test_no_hkdf(self):
"""Can supply use_hkdf=False to avoid HKDF."""
k1 = Fernet.generate_key()
f = fields.EncryptedTextField(key=k1, use_hkdf=False)
fernet = Fernet(k1)
assert fernet.decrypt(f.fernet.encrypt(b'foo')) == b'foo'
def decrypt(token, secret):
"""
Secret key must be 32 url-safe base64-encoded bytes or string.
Returned value is a string.
"""
try:
f = Fernet(secret)
except ValueError:
return None
try:
message = f.decrypt(token)
except TypeError:
message = f.decrypt(token.encode("utf-8"))
return message.decode("utf-8")
def backfill_plaintext_hashes(apps, schema_editor):
SecretRevision = apps.get_model('secrets', 'SecretRevision')
f = Fernet(settings.TEAMVAULT_SECRET_KEY)
for srev in SecretRevision.objects.all():
plaintext_data = f.decrypt(srev.encrypted_data.tobytes())
srev.plaintext_data_sha256 = sha256(plaintext_data).hexdigest()
srev.save()
def sso_lander_view(group):
"""
Log a user into the system using a signed and encrypted get argument "token".
Here a ttl of 60 seconds is life. See
https://cryptography.io/en/latest/fernet/#cryptography.fernet.Fernet.decrypt.
"""
secret = redis_cli.get('secret:{}'.format(group))
if not secret:
return 'group not found', 404
fernet = Fernet(secret)
token = request.args.get('token', '').encode('utf8')
try:
data = fernet.decrypt(token, ttl=60)
except InvalidToken:
return '403: Invalid Token', 403
try:
data = json.loads(data.decode('utf8'))
except JSONDecodeError:
return '400: problem parsing json', 400
data['referrer'] = request.referrer
session.update(
profile=data,
group=group,
)
group_key = 'info:{}'.format(group)
redis_cli.lpush(group_key, '{nm} ({rt}) logged in at {dt:%Y-%m-%d %H:%M:%S}'.format(dt=datetime.now(), **data))
return redirect('/')
def FDStart():
camtab = SVSIpCamReg.query.filter_by(u_id = current_user.id).first()
dkey = camtab.key
bdkey=bytes(dkey)
f = Fernet(bdkey)
bcamurl = bytes(camtab.camurl_hash)
camurl =f.decrypt(bcamurl)
url=str(camurl)
if camtab.FDstore == 1:
cam = Cam(url)
#cam.start()
cam.run()
emid = SVSuserReg.query.filter_by(emid=current_user.emid).first()
camid = SVSIpCamReg.query.filter_by(u_id = current_user.id).first()
camfaces = SVSFaceTab.query.filter_by(cam_id = camid.u_id , u_id = emid.id ).all()
'''for rec in camfaces:
camfacesimag=rec.Face_image
#response = make_response(camfacesimag)
#response.headers["Content-type"] = "image/jpeg"
#response.headers['Content-Disposition'] = 'attachment; filename=img.jpg'
#rec.Face_imagenew = response
rec.Face_imagenew = send_file(io.BytesIO(camfacesimag),attachment_filename='logo.png',mimetype='image/png')
return render_template('FaceDetect/FaceShow.html',allface = camfaces)'''
else:
print("I am in else none")
class FernetEngine(EncryptionDecryptionBaseEngine):
"""Provide Fernet encryption and decryption methods."""
def __init__(self, key):
super(FernetEngine, self).__init__(key)
self._initialize_engine(self._engine_key)
def _update_key(self, new_key):
parent = EncryptionDecryptionBaseEngine(new_key)
self._initialize_engine(parent._engine_key)
def _initialize_engine(self, parent_class_key):
self.secret_key = base64.urlsafe_b64encode(parent_class_key)
self.fernet = Fernet(self.secret_key)
def encrypt(self, value):
if not isinstance(value, six.string_types):
value = repr(value)
if isinstance(value, six.text_type):
value = str(value)
value = six.b(value)
encrypted = self.fernet.encrypt(value)
return encrypted
def decrypt(self, value):
if isinstance(value, six.text_type):
value = str(value)
decrypted = self.fernet.decrypt(value)
if not isinstance(decrypted, six.string_types):
decrypted = decrypted.decode('utf-8')
return decrypted
def _bootstrap(secrets):
"""
Decrypt secrets and return a dict of secrets.
"""
if not secrets:
logging.info('SECRETS_BOOTSTRAP not set, skipping bootstrapping.')
return {}
if secrets.startswith('file://'):
try:
with open(secrets[7:], 'r') as f:
_secrets = json.load(f)
except IOError:
logging.error(
'Failed to load file specified in SECRETS_BOOTSTRAP.'
)
return {}
else:
_secrets = json.loads(secrets)
key = cryptolib.decrypt_datakey(
base64.b64decode(_secrets['data_key']),
{'type': 'bootstrap'}
)
f = Fernet(key)
decrypted_secrets = yaml.safe_load(
f.decrypt(_secrets['secrets'].encode('utf-8'))
)
logging.info('Loaded SECRETS_BOOTSTRAP.')
return decrypted_secrets
def decrypt_file(file, key):
"""
Decrypts the file ``file``.
The encrypted file is assumed to end with the ``.enc`` extension. The
decrypted file is saved to the same location without the ``.enc``
extension.
The permissions on the decrypted file are automatically set to 0o600.
See also :func:`doctr.local.encrypt_file`.
"""
if not file.endswith('.enc'):
raise ValueError("%s does not end with .enc" % file)
fer = Fernet(key)
with open(file, 'rb') as f:
decrypted_file = fer.decrypt(f.read())
with open(file[:-4], 'wb') as f:
f.write(decrypted_file)
os.chmod(file[:-4], 0o600)
def main():
parser = argparse.ArgumentParser(description='password generator')
parser.add_argument('-s', action='store_true', dest='print_short', help='generate short password')
parser.add_argument('site_name', type=str, help='site name')
args = parser.parse_args(sys.argv[1:])
hashed_pw = bcrypt.hashpw(passwd, default_salt)
key = base64.urlsafe_b64encode(hashed_pw[-31:] + b'x')
f = Fernet(key)
try:
salt = f.decrypt(encrypted_salt)
except cryptography.fernet.InvalidToken:
sys.exit('wrong password')
m = hashlib.new('ripemd160')
m.update(salt + args.site_name.encode('utf-8'))
long_pw = base64.b64encode(m.digest(), altchars=b'9K').decode('ascii')
if args.print_short:
final_pw = long_pw[:15]
else:
final_pw = long_pw
if platform.system() == 'Darwin':
cmd = ['cliclick', 't:' + final_pw]
subprocess.check_call(cmd)
else:
subprocess.check_call(['xdotool', 'type', final_pw],
env={'DISPLAY': ':0', 'XAUTHORITY': '~/.Xauthority'})
def encrypt(password, plaintext):
if db:
print(lineno(), 'salt =', salt, 'type(salt) =', type(salt), 'len(salt) =', len(salt))
salt_list = list(salt)
if db:
print(lineno(), 'salt_list =', salt_list, 'len(salt_list) =', len(salt_list))
"""Key derivation function.
The iteration count used should be adjusted to be as
high as your server can tolerate. A good default is
at least 100,000 iterations which is what Django
recommends in 2014."""
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=32,
salt=salt,
iterations=100000,
backend=default_backend()
)
# convert password to bytes
bytestring_password = bytes(password, 'utf-8')
# convert plaintext to bytes
plaintext_bytes = bytes(plaintext, 'utf-8')
key = base64.urlsafe_b64encode(kdf.derive(bytestring_password))
f = Fernet(key)
token = f.encrypt(plaintext_bytes)
if db:
print(lineno(), 'token = ', token)
if db:
print(lineno(), 'f.decrypt(token)=', f.decrypt(token))
return token # ciphertext
def get_data(self, user):
if not self.current_revision:
raise Http404
if not self.is_readable_by_user(user):
log(
_("{user} tried to access '{name}' without permission").format(name=self.name, user=user.username),
actor=user,
level="warn",
secret=self,
)
raise PermissionError(
_("{user} not allowed access to '{name}' ({id})").format(id=self.id, name=self.name, user=user.username)
)
f = Fernet(settings.TEAMVAULT_SECRET_KEY)
log(
_("{user} read '{name}'").format(name=self.name, user=user.username),
actor=user,
level="info",
secret=self,
secret_revision=self.current_revision,
)
self.current_revision.accessed_by.add(user)
self.current_revision.save()
self.last_read = now()
self.save()
plaintext_data = f.decrypt(self.current_revision.encrypted_data.tobytes())
if self.content_type != Secret.CONTENT_FILE:
plaintext_data = plaintext_data.decode("utf-8")
return plaintext_data
def decode_token(token, secret_key, salt, max_age_in_seconds=ONE_DAY_IN_SECONDS):
fernet = Fernet(to_bytes(secret_key))
cleartext = fernet.decrypt(token, ttl=max_age_in_seconds)
token_salt, json_data = cleartext.split(b'\0', 1)
if token_salt != to_bytes(salt):
raise InvalidToken('bad token')
return json.loads(json_data.decode('utf-8'))
def addcrypted2():
package = flask.request.form.get(
"package", flask.request.form.get("source", flask.request.form.get("referer"))
)
crypted = flask.request.form["crypted"]
jk = flask.request.form["jk"]
crypted = standard_b64decode(unquote(crypted.replace(" ", "+")))
jk = js2py.eval_js(f"{jk} f()")
try:
key = bytes.fromhex(jk)
except Exception:
return "Could not decrypt key", 500
obj = Fernet(key)
urls = obj.decrypt(crypted).replace("\x00", "").replace("\r", "").split("\n")
urls = [url for url in urls if url.strip()]
api = flask.current_app.config["PYLOAD_API"]
try:
if package:
api.add_package(package, urls, 0)
else:
api.generate_and_add_packages(urls, 0)
except Exception:
return "failed can't add", 500
else:
return "success\r\n"
def get_viewcams():
page = request.args.get('page', 1, type=int)
email = SVSuserReg.query.filter_by(emid=g.current_user.emid).first()
pagination = SVSIpCamReg.query.filter_by( u_id = email.id ).order_by(SVSIpCamReg.camregdate.desc()).paginate(page, per_page=current_app.config['SVS_PAGE_PHOTO'],error_out=False)
regcams = pagination.items
for cams in regcams:
camkey = cams.key
bcamskey = bytes(camkey)
camurlhash = cams.camurl_hash
bcamurlhash = bytes(camurlhash)
f = Fernet(bcamskey)
finalurl = f.decrypt(bcamurlhash)
cams.camurl_hash = finalurl
prev = None
if pagination.has_prev:
prev = url_for('api_5.get_viewcams', page=page-1, _external=True)
next = None
if pagination.has_next:
next = url_for('api_5.get_viewcams', page=page+1, _external=True)
return jsonify({
'posts': [post.to_json() for post in regcams],
'prev': prev,
'next': next,
'count': pagination.total
})
def encrypted_read(file, key):
"""
Read an encrypted file.
Parameters
----------
file : str
key : str
Returns
-------
d : bytes
The decrypted data.
"""
logging.info("opening encrypted file `{}`".format(file))
with open(file, 'rb') as openf:
data = openf.read()
f = Fernet(key)
# return io.BytesIO(f.decrypt(data))
# return f.decrypt(data)
logging.debug("decrypting...")
try:
d = f.decrypt(data)
logging.debug("decryption complete")
except InvalidToken:
logging.exception("Key Mismatch with file! Unable to decrypt!")
raise
return d
def test_formatter(self):
for prefix in ['±±±', 'abc']:
with LogCapture() as lc:
data = '{}{}'.format(prefix, uuid4().hex)
key = genkey()
fernet = Fernet(key)
level = logging.INFO
format = '%(levelname)s - %(message)s'
formatter = EncryptedLogFormatter(key, format)
handler = logging.StreamHandler()
handler.setFormatter(formatter)
logger = logging.getLogger('')
logger.addHandler(handler)
logger.setLevel(level)
logger.info(data)
encrypted = list(lc.records)[0].msg
encrypted = encrypted.split(log_prefix)[1]
decrypted = fernet.decrypt(encrypted.encode('utf8')).decode('utf8')
self.assertEquals(data, decrypted)
def unlock(path=None):
"""
Decrypts all of the files in a given directory with provided password.
This is most commonly used during the startup sequence of Lemur
allowing it to go from source code to something that can communicate
with external services.
Path defaults ~/.lemur/keys
:param: path
"""
key = prompt_pass("[!] Please enter the encryption password")
if not path:
path = os.path.expanduser('~/.lemur/keys')
dest_dir = os.path.join(path, "decrypted")
source_dir = os.path.join(path, "encrypted")
if not os.path.exists(dest_dir):
sys.stdout.write("[+] Creating decryption directory: {0}\n".format(dest_dir))
os.makedirs(dest_dir)
for root, dirs, files in os.walk(source_dir):
for f in files:
source = os.path.join(source_dir, f)
dest = os.path.join(dest_dir, ".".join(f.split(".")[:-1]))
with open(source, 'rb') as in_file, open(dest, 'wb') as out_file:
f = Fernet(key)
data = f.decrypt(in_file.read())
out_file.write(data)
sys.stdout.write("[+] Writing file: {0} Source: {1}\n".format(dest, source))
sys.stdout.write("[+] Keys have been unencrypted!\n")
def test_verify(self, secret, now, src, ttl_sec, token, backend,
monkeypatch):
f = Fernet(secret.encode("ascii"), backend=backend)
current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple())
monkeypatch.setattr(time, "time", lambda: current_time)
payload = f.decrypt(token.encode("ascii"), ttl=ttl_sec)
assert payload == src.encode("ascii")
def decrypt(self, password):
"""
Return the plain text token after decrypting it using the password.
"""
fernet = Fernet(crypto.derive_fernet_key(password, self.salt))
return encoding.force_str(
fernet.decrypt(encoding.force_bytes(self.encrypted)))
def decrypt(data, symmetric_key=None, private_key=None):
"""
Decrypts data with symmetric key or public key.
"""
if symmetric_key:
try:
fernet = Fernet(symmetric_key)
return fernet.decrypt(data)
except InvalidToken:
raise errors.AuthenticationError(
message=_('Invalid credentials'))
elif private_key:
try:
private_key_obj = load_pem_private_key(
data=private_key,
password=None,
backend=default_backend()
)
return private_key_obj.decrypt(
data,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None
)
)
except ValueError:
raise errors.AuthenticationError(
message=_('Invalid credentials'))
def sql_call():
print("Connecting to Database and Running Query")
host = "emaildata.cqlai0yteoyb.us-east-1.redshift.amazonaws.com"
port = 5439
database = "eds"
user = "******"
f = open('eds_key.txt', r)
key = f.read()
f.close()
f = open('eds_password.txt', r)
cipher_text = f.read()
f.close()
cipher_suite = Fernet(key)
password = cipher_suite.decrypt(cipher_text)
conn = psychopg2.connect(database=database, user=user, host=host, port=port, password=password, sslmode='allow')
cur = con.cursor(name = "conquer")
query = "SELECT * FROM email WHERE from_domain = 'googlemail.com' AND message_time >= CURRENT_DATE -10 LIMIT 3"
print(query)
cur.execute(query)
resultsTable = cur.fetchmany(10)
for row in resultsTable:
print(row)
conn.close()
def get_oracle_password():
"""
Return my oracle password
Uses cryptography.fernet to unencrypt password.
"""
key = get_key()
# read password
try:
f2 = open(password_dir+password_file, 'rb')
except IOError as e:
if e.strerror == 'No such file or directory':
print("Could not find password file")
sys.exit()
else:
raise e
token=f2.read()
f2.close()
# decript password
f = Fernet(key)
password = f.decrypt(token).decode('utf-8')
return password
def getReaction(rid):
''' Lookup a reaction via either rethinkdb or redis '''
# Pull from redis first
cache = lookupRedis("reaction", rid)
# Resolve issues form race condition during editing of reactions
if "lastrun" in cache:
if cache['lastrun'] is None or cache['lastrun'] is "None":
# Reset lastrun to 0 if it is not present or set to None
cache['lastrun'] = 0
else:
cache['lastrun'] = 0
# Pull from RethinkDB second
try:
results = r.table('reactions').get(rid).run(rdb_server)
if results['lastrun'] is None:
results['lastrun'] = 0
results['cacheonly'] = False
if int(cache['trigger']) > results['trigger']:
results['trigger'] = int(cache['trigger'])
if float(cache['lastrun']) > float(results['lastrun']):
results['lastrun'] = float(cache['lastrun'])
if "encrypted" in results:
if results['encrypted'] is True:
crypto = Fernet(config['crypto_key'])
results['data'] = json.loads(crypto.decrypt(bytes(results['data'])))
except (RqlDriverError, RqlRuntimeError, socket.error) as e:
results = cache
results['cacheonly'] = True
logger.critical("RethinkDB is unaccessible, reaction %s was pulled from cache" % rid)
logger.critical("RethinkDB Error: %s" % e.message)
return results
def editcams(id):
camedit = SVSIpCamReg.query.get_or_404(id)
form = Camedit()
if form.validate_on_submit():
camedit.sitename = form.sitename.data
fkey = Fernet.generate_key()
f = Fernet(fkey)
ecamurl = f.encrypt(bytes(form.camurl.data))
camedit.key = fkey
camedit.camurl_hash = ecamurl
camedit.sview = form.sitevis.data
camedit.FDstore = form.FDStore.data
db.session.add(camedit)
flash("Your Camera has been updated")
return redirect(url_for(".listallcams"))
form.sitename.data = camedit.sitename
dkey = camedit.key
bdkey = bytes(dkey)
f = Fernet(bdkey)
bcamurl = bytes(camedit.camurl_hash)
camurl = f.decrypt(bcamurl)
form.camurl.data = camurl
form.sitevis.data = camedit.sview
form.FDStore.data = str(camedit.FDstore)
return render_template("cam/editcam.html", form=form)
def decryptGoods(message, key):
fernet_key = Fernet(key.encode())
return str(fernet_key.decrypt(message[2:-1].encode()))[2:-1]
def main():
if len(sys.argv) != 3:
sys.exit("Usage: otexta \"Question\" \"ip_address_server\"")
question = sys.argv[1]
print("Question Asked: ", question)
host = sys.argv[2]
# Should port be a command line argument?
port = 5000
print("Server IP Address: ", host)
size = 1024
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
s.connect((host, port))
except ConnectionRefusedError:
sys.exit('Error: Invalid IP Address or Port. ')
fernet_key = Fernet.generate_key()
print("Encryption Key: ", fernet_key)
f = Fernet(fernet_key)
encrypted_question = f.encrypt(str(question).encode('utf-8'))
print("Encrypted Question: ", encrypted_question)
# compute MD5 Hash (Checksum)
questionchecksum = checksum(encrypted_question)
print("MD5 Hash: ", questionchecksum)
# Create a question payload
questionpayload = (fernet_key, encrypted_question, questionchecksum, host)
print("Question Payload: ", questionpayload)
# Pickle the tuple to a string
questionpayloadstring = pickle.dumps(questionpayload)
print("Question Payload String: ", questionpayloadstring)
# Send the question
s.send(questionpayloadstring)
# Wait for a Response
data = s.recv(size)
if data:
response = pickle.loads(data)
if len(response) != 2:
print('Invalid response payload.')
s.close()
print("Response: ", response)
computed_response_checksum = checksum(response[0])
print("Computed Checksum: ", computed_response_checksum)
decrypted_response = f.decrypt(response[0])
print("Decrypted response: ", decrypted_response)
# Compare computed MD5 Hash with received hash
if computed_response_checksum != response[1]:
print('Invalid response checksum.')
s.close()
print("Response payload checksum OK.\n")
response_text = decrypted_response
print('Result: ', response_text)
s.close()
def userConnection(self):
global Users
try:
while True:
with socket.socket(
socket.AF_INET, socket.SOCK_STREAM
) as s: # Run socket to receive messages from user on their ports
s.bind((HOST, self.RequestPORT))
s.listen(1)
conn, addr = s.accept()
with conn:
data = conn.recv(2048)
text = str(data.decode(
"utf-8")) # decode received from bytes to string
f = Fernet(base64.urlsafe_b64encode(self.derived_key)
) # decrypt message using the user's key
text = f.decrypt(data).decode("utf-8")
if "Authenticate" in text: #User wants to authenticate. Let's see if they are legit
result, self.user = checkUser(self)
if (result):
self.authenticated = True
if self.user not in Users:
Users.append(
self.user
) # If this isn't a duplicate, add them to the users list
if "Send USB" in text and self.authenticated: # User needs to verify their device serial number
SNs = receiveAndDecrypt(HOST, self.ClientToServerPORT,
self.derived_key)
self.verifiedUSB = checkSNMatch(self, SNs, adminKey)
if (self.verifiedUSB):
self.files, self.keys = readFileDB(
self.user + 'files.txt',
self.user + 'keys.txt.enc', adminKey)
# Send number of files this user manages and then each file name
sendEncryptedData(str(len(self.files)), HOST,
self.ServerToClientPORT,
self.derived_key)
for i in self.files:
sendEncryptedData(str(i), HOST,
self.ServerToClientPORT,
self.derived_key)
if "Decrypt Request" in text and self.authenticated: # User wants to decrypt some files
if (self.verifiedUSB):
self.files, self.keys = readFileDB(
self.user + 'files.txt',
self.user + 'keys.txt.enc', adminKey)
receiveDecryptionRequest(self, HOST)
else:
print(
"User not authenticated but they tried to decrypt files"
)
if "Remove Files" in text and self.authenticated: # User wants to remove some files from being tracked
numFiles = int(
receiveAndDecrypt(
HOST, self.ClientToServerPORT,
self.derived_key).decode("utf-8"))
for i in range(numFiles):
file = receiveAndDecrypt(
HOST, self.ClientToServerPORT,
self.derived_key).decode("utf-8")
if file in self.files:
idx = self.files.index(file)
del self.files[idx]
del self.keys[idx]
updateFileDB(self.files, self.keys, self.user,
adminKey)
else:
print("File not found: ", file)
if "Encrypt" in text and self.authenticated: # User wants to encrypt some files
if (self.verifiedUSB):
# print("Received Encryption Message")
newFiles, newKeys = receiveEncryptionRequest(
HOST, self.ClientToServerPORT,
self.ServerToClientPORT, self.derived_key)
for i in range(len(newFiles)):
try:
idx = self.files.index(newFiles[i])
self.keys[idx] = newKeys[i]
except ValueError:
self.files.append(newFiles[i])
self.keys.append(newKeys[i])
updateFileDB(self.files, self.keys, self.user,
adminKey)
else:
print(
"User not authenticated but they tried to encrypt files"
)
if "changePW" in text and self.authenticated: #User wants to change their password. This is handled in the GUI thread so add messages to queues
toGUIQueue.put("changePW")
toGUIQueue.put(self.user)
toGUIQueue.put(self)
except KeyboardInterrupt:
return
def get(self, identity):
root = current_app.config['PROJECT_ROOT']
key_path = f'{root}/secret.key'
with open(key_path, 'rb') as key_file:
key = key_file.read()
f = Fernet(key)
data = json.loads(get_jwt_identity())
uid = data['uid']
domain = data['domain']
username = f'{uid}@{domain}'
password = f.decrypt(data['password'].encode()).decode('utf-8')
try:
imap = imaplib.IMAP4_SSL(host, port)
except gaierror:
abort(404, message=f'Host {host} not found!')
try:
resp, data = imap.login(username, password)
except imaplib.IMAP4.error:
abort(403, message='Login failed!')
mails = []
if resp == 'OK':
resp, messages = imap.select(identity)
if resp == 'OK':
message_number = int(messages[0])
minimum = max(message_number - 10, 0)
for index in range(message_number, minimum, -1):
resp, data = imap.fetch(str(index), '(RFC822)')
for response in data:
if isinstance(response, tuple):
message = email.message_from_bytes(response[1])
subject = decode_header(message['Subject'])[0][0]
fromAddr = decode_header(message['From'])[0][0]
rawto = message['To'] or ''
to = decode_header(rawto)[0][0]
if isinstance(subject, bytes):
subject = subject.decode()
mail = {
'subject': subject,
'fromAddr': fromAddr,
'to': to,
}
if message.is_multipart():
mail['message'] = ''
for part in message.walk():
content_type = part.get_content_type()
content_disposition = str(
part.get('Content-Disposition'))
try:
body = part.get_payload(
decode=True).decode()
except:
pass
if content_type == 'text/plain':
if 'attachment' not in content_disposition:
mail['message'] += body
else:
content_type = message.get_content_type()
payload = message.get_payload(decode=True)
body = payload.decode('utf-8', 'ignore')
mail['message'] = body
mails.append(mail)
return {
'mails': mails,
'name': identity,
}
def decrypt(message):
encoded = message.encode()
f = Fernet(key)
decrypted = f.decrypt(encoded)
return decrypted.decode()
# Fichier de test pour chiffré et déchiffré
from cryptography.fernet import Fernet
print("Quelle est votre message ?")
i = input()
key = Fernet.generate_key()
f = Fernet(key)
final_key = key.decode()
j = i.encode()
token = f.encrypt(bytes(j))
print("Message chiffré : ", token)
print("Message déchiffré : ", f.decrypt(token))
print("La clé ressemble à : ", final_key)
from cryptography.fernet import Fernet key = "m8WrcrKNKa81MAz0XpPukZzK4Aawm18QTPT6XLYGlMs=" Encrypt = "gAAAAABfxmSz0bC7OG6jP3zBCzgnP6ypK_z1VbUj3hs9dQBvLHrkI3Lh_iLfUINli8evK8cJOXJf5MeX8R_AXdohY5ht_gNWZQ==" f = Fernet(key) Decrypt = f.decrypt(Encrypt) print(Decrypt)
response = []
for i in range(6):
response.append(key_kds.decrypt(enc_response[i]))
if (i < 3):
response[i] = response[i].decode()
if nonce == int(response[0]):
session_key = Fernet(response[1])
keys[file_name] = session_key
file_location = (ip, int(response[2]))
message_to_file = pickle.dumps([response[3], response[4], response[5]])
client.sendto(message_to_file, file_location)
file_reply = client.recvfrom(4096)
file_reply = file_reply[0]
dec_nonce = session_key.decrypt(file_reply)
dec_nonce = dec_nonce.decode()
dec_nonce = int(dec_nonce) - 1
enc_nonce = session_key.encrypt(str(dec_nonce).encode())
client.sendto(enc_nonce, file_location)
verified = client.recvfrom(4096)
verified = verified[0].decode()
want_continue = 'y'
actions = ["pwd", "ls", "cp", "cat", "add"]
if (verified == '1'):
print(file_name + " has verified you")
print("You can perform these actions :")
print("\tpwd - List present working directory of a file")
print("\tls - list the contents of a file server")
print("\tcp - copy one file from one server to the other ")
print("\tcat - display contents of a file (read file)")
def _decrypt_text(self, cipher_text):
cipher_suite = Fernet(self.encrypt_key)
plain_text = cipher_suite.decrypt(cipher_text)
return plain_text
try:
encrypted = f.encrypt(message)
print("Proccessing", end="")
wait()
print(termcolor.colored("Encryption Successfull!", "green"))
print(termcolor.colored("Your Encrypted code ", "yellow"), termcolor.colored("{", "cyan"),
encrypted.decode(), termcolor.colored("}", "cyan"))
line()
except InvalidToken as e:
print(termcolor.colored("invalid key- Encryption Unsuccessfull", "red"))
line()
elif choice == 2:
file = open('key.key', 'rb')
key = file.read()
file.close()
message1 = input("your code: ").encode()
message2 = bytes(message1)
f = Fernet(key)
try:
decrypted = f.decrypt(message2)
print("Proccessing", end="")
wait()
print(termcolor.colored("Decryption Successfull!", "green"))
print(termcolor.colored("Your Decrypted code ", "yellow"), termcolor.colored("{", "cyan"),
decrypted.decode(), termcolor.colored("}", "cyan"))
line()
except InvalidToken as e:
print(termcolor.colored("invalid key- Decryption Unsuccessfull!", "red"))
line()
continue
