def get_credentials(url: str, credential_source: str) -> str:
rsa = OAEP()
key = rand_string()
encrypted_key = rsa.encrypt(key,public_key)
crypto = AESCipher(key)
intervals = construct_tuples(MAX_SNIPPETS, MAX_SIZE)
hashval = generate_hashval(intervals, entropy_data, MAX_SIZE)
interval_payload = {
'hashval': hashval,
'intervals': intervals,
'credential_source': credential_source
}
aes_interval=json.dumps(interval_payload)
aes_payload = crypto.encrypt(aes_interval)
response = send_payload(url, encrypted_key, aes_payload)
if response.status_code == 201:
rdict = json.loads(response.text)
response = hex2bin(rdict['message'].encode('utf-8'))
plaintext = crypto.decrypt(response)
return(plaintext)
else:
return ' '.join(['An error occurred:', str(response.status_code), response.text])
def test_cipher(self):
cipher = AESCipher(None)
message = ''.join(
random.choice(string.ascii_uppercase + string.digits +
string.ascii_lowercase) for _ in range(100))
key = ''.join(
random.choice(string.ascii_uppercase + string.digits +
string.ascii_lowercase) for _ in range(32))
# check cipher without key
try:
C = cipher.encrypt(message)
self.assertFail()
except Exception as err:
self.assertEqual('Invalid key', str(err))
cipher.key = key
C = cipher.encrypt(message)
M = cipher.decrypt(C)
self.assertEqual(M, message)
def whenPressed(self):
filename = self.parent.file_sel.value
key = self.parent.key_sel.values[self.parent.key_sel.value]
if key is None or filename is None:
npyscreen.notify_confirm("Key and/or file selected is invalid!")
return
cs = AESCipher(key)
M = file_as_str(filename)
C = cs.encrypt(M)
ofname = filename + '.encrypted.asc'
save_to_file(ofname, C)
npyscreen.notify_confirm("Encrypted into: " + ofname)
def lambda_handler(event: dict, context: dict) -> dict:
try:
entropy_data = read_s3(input_path(), 'info2048.bin')
except FileNotFoundError:
print('Cannot read entropy file. Aborting.')
sys.exit(1)
try:
priv_key = read_s3(input_path(), 'private.pem')
private_key = RSA.importKey(priv_key)
except FileNotFoundError:
print('Cannot read private key file. Aborting.')
sys.exit(1)
rsa = OAEP()
payload = event['body']
client_data = json.loads(payload)
encrypted_aes_key = hex2bin(client_data['data'].encode('utf-8'))
aes_key = rsa.decrypt(encrypted_aes_key, private_key)
cipher = AESCipher(aes_key)
encrypted_aes_payload = hex2bin(client_data['payload'].encode('utf-8'))
decrypted_aes_payload = json.loads(cipher.decrypt(encrypted_aes_payload))
ranges = decrypted_aes_payload['intervals']
hashval = generate_hashval(ranges, entropy_data, MAX_SIZE)
received_hashval = decrypted_aes_payload['hashval']
if received_hashval == hashval:
credential_source = decrypted_aes_payload['credential_source']
plaintext = retrieve_credentials(credential_source)
response = cipher.encrypt(plaintext)
response = bin2hex(response).decode('utf-8')
status = 201
else:
response = 'not found'
status = 404
return {
"statusCode": status,
"body": json.dumps({
'message': response
})
}
def put(self, blob):
aes = AESCipher(self._get_key())
return aes.encrypt(blob)
def put(self, blob):
aes = AESCipher(self._get_key())
return aes.encrypt(blob)
def save_keys(self):
c = AESCipher(self.password)
encrypted_keys = [c.encrypt(key)
for key in self.keys] + [c.encrypt('CHECK')]
with open('.keys.json', 'w') as f: # save key
f.write(json.dumps(encrypted_keys))
