def encrypt(contents): k = crypto.generate_random_key(32) v = crypto.generate_random_key(32) u = crypto.strbitxor(k, v) ciphertext = crypto.encrypt(contents, k) try: recovered = crypto.decrypt(ciphertext, k).decode('utf-8') except UnicodeDecodeError: recovered = crypto.decrypt(ciphertext, k) if recovered != contents: raise Exception("Test decryption failed") return {'u': u, 'v': v, 'k': k, 'ciphertext': ciphertext}
def encrypt(contents): k = crypto.generate_random_key(32) v = crypto.generate_random_key(32) u = crypto.strbitxor(k, v) ciphertext = crypto.encrypt(contents, k) try: recovered = crypto.decrypt(ciphertext, k).decode("utf-8") except UnicodeDecodeError: recovered = crypto.decrypt(ciphertext, k) if recovered != contents: raise Exception("Test decryption failed") return {"u": u, "v": v, "k": k, "ciphertext": ciphertext}
def random_password(length=20): rand = crypto.generate_random_key(length) chars = string.ascii_uppercase + string.digits + string.ascii_lowercase password = '' for i in range(length): password += chars[(rand[i]) % len(chars)] return password
def read_private(warn=False): global global_password if global_password is None: setpassword( getpass.getpass( "Please enter the password to decrypt your keystore: ")) if os.path.exists('private.yml'): with open('private.yml', 'r') as f: toread = yaml.load(f, Loader=SafeLoader) key = crypto.kdf(global_password, toread['salt']) try: plain = crypto.decrypt(toread['priv'], key) except ValueError: raise Exception("Invalid password for keystore") return yaml.load(plain, Loader=SafeLoader), toread['salt'] if warn: # file doesn't exist, just invent a salt logger.warning("Private certificate data %s does not exist yet." % os.path.abspath("private.yml")) logger.warning( "Keylime will attempt to load private certificate data again when it is needed." ) return { 'revoked_keys': [] }, base64.b64encode(crypto.generate_random_key()).decode()
def read_private(): global global_password if global_password is None: setpassword(getpass.getpass("Please enter the password to decrypt your keystore: ")) if os.path.exists('private.yml'): with open('private.yml','r') as f: toread = yaml.load(f, Loader=SafeLoader) key = crypto.kdf(global_password,toread['salt']) try: plain = crypto.decrypt(toread['priv'],key) except ValueError: raise Exception("Invalid password for keystore") return yaml.load(plain, Loader=SafeLoader),toread['salt'] else: #file doesn't exist, just invent a salt return {'revoked_keys':[]},base64.b64encode(crypto.generate_random_key()).decode()
def test_xor(self): k = get_random_bytes(32) s1 = generate_random_key(32) s2 = strbitxor(s1, k) self.assertEqual(strbitxor(s1, s2), k)