def test_wrong_hidden_secret(): secret = b'secret' password = b'password' hidden = privy.hide(secret, b'wrong') with pytest.raises(ValueError): privy.peek(hidden, password)
def test_expires(): secret = b'secret' password = b'password' hidden = privy.hide(secret, password) time.sleep(2) with pytest.raises(ValueError): privy.peek(hidden, password, expires=1)
def LoadWallet(name, passphrase): ''' Retrieve the Stellar account secret key from the provided wallet file using the provided passphrase. Args: name: The name of the wallet file. passphrase: The passphrase used to encrypt the secret key. Returns: The secret key of the Stellar account as byte array. ''' if not os.path.isfile(name) and os.access(name, os.R_OK): print("\nError: cannot open file {}!".format(name)) return None seed = None try: encrypted = open(name).readline() seed = privy.peek(encrypted, passphrase) except (ValueError): print( '\nError: Unable to decrypt the seed using the provided password!') return seed
def test_security(): secret = b'secret' password = b'password' hidden = privy.hide(secret, password, security=3) assert privy.peek(hidden, password) == secret
def test_peek_non_unicode_hidden(): secret = b'secret' password = b'password' hidden = privy.hide(secret, password).encode('utf-8') assert privy.peek(hidden, password) == secret
def test_default(): secret = b'secret' password = b'password' hidden = privy.hide(secret, password) assert privy.peek(hidden, password) == secret
def test_unicode_password(): secret = b'secret' password = u'password' hidden = privy.hide(secret, password) assert privy.peek(hidden, password) == secret
def test_no_server(): secret = b'secret' password = b'password' hidden = privy.hide(secret, password, server=False) assert privy.peek(hidden, password) == secret
def test_salt(): secret = b'secret' password = b'password' hidden = privy.hide(secret, password, salt=b'bad_form') assert privy.peek(hidden, password) == secret
def decrypt(data, key): """Decrypt data with key using privy. Args: data (:obj:`str`): Data to decrypt with key. key (:obj:`str`): Key data was encrypted with. Raises: :exc:`pytan3.utils.exceptions.ModuleError`: On ValueError from privy when decryption fails. Returns: :obj:`str` """ data = six.ensure_binary(data) try: data = privy.peek(hidden=data, password=key) except ValueError: error = "Unable to decrypt {cnt} bytes of data using key {k}, invalid key!" error = error.format(cnt=len(data), k=key) raise exceptions.ModuleError(error) return six.ensure_text(data)
def decrypt(filename): f = open(filename, 'r') data = f.read() f.close() decrypteddata = privy.peek(data, "!=q9+MW]E2mErKNX") f = open(filename, 'w') f.write(decrypteddata) f.close()
def __crypt(self, item, crypt): '''change so you can also encrypt password''' if isinstance(item, str): item = item.encode() if crypt == 'encrypt': return privy.hide(item, self.password, security=5) return privy.peek(item, self.password)
def decrypt(self, secretText): return privy.peek(hidden=secretText, password=_key) # p = Privakable() # a = p.encrypt('http://dm-51.data.aliyun.com/rest/160601/ocr/ocr_idcard.json') # b = p.encrypt('24810465') # c = p.encrypt('069121ead09b645dcf8f7a0b9f355439') # print a # print b # print c
def signin(self): email = self.Email.text() password = self.Password.text() if not os.path.isfile(f"{email.split('@')[0]}.txt"): self.DialogBox.exec_() else: with open(f"{email.split('@')[0]}.txt", "r") as f: lines = f.readlines() try: stored_password = privy.peek(lines[2], password) del (stored_password) with open("signedin.txt", "w") as f: f.write(email + "\n" + base64.b64encode( password.encode("utf-8")).decode("utf-8")) os.system("python feed_gui.py") sys.exit() except ValueError: self.DialogBox2.exec_()
def __load_config(self, password): '''try to get rid of repeated code in __new and __load methods''' self.config = configparser.ConfigParser() self.config.read('config.ini') enc_password = self.config['user']['password'] self.password = privy.peek(enc_password, password) self.existing = self.config.has_section('keys') if self.existing: self.keys = { k: self.__crypt(self.config['keys'][k], 'decrypt') for k in self.config['keys'] } self.secrets = { k: self.__crypt(self.config['secrets'][k], 'decrypt') for k in self.config['secrets'] } else: self.keys = {} self.secrets = {}
def decrypt(secret, password): """ :secret 密文数据bytes数据, File类型 return 解密后的bytes数据 """ decryption = secret.name.split('.pri')[0] try: # 解析bytes为unicode plain = peek(secret.read().decode('utf8'), password) except ValueError: print("The password is wrong") sys.exit(0) try: with open(decryption, 'w+b') as decrypted: decrypted.write(plain) print("Decrypt file {} success".format(secret.name)) except Exception as e: print("Decrypt file {} failed".format(secret.name)) raise (e)
def _main(argv=None): if sys.version_info < (3, 5): print( "Error: Your version of Python is too old, 3.5+ is required: %d.%d.%d" % sys.version_info[:3]) return -1 try: check_runtime_requirements() except RuntimeError as e: print("Error: %s" % (e, )) return -1 # Protect access token and potentially encryption keys block_tracing() if argv is None: argv = sys.argv parser = argparse.ArgumentParser() userspacefs.add_cli_arguments(parser) parser.add_argument("-c", "--config-file", help="config file path") parser.add_argument( "-e", "--encrypted-folder", dest='encrypted_folders', type=parse_encrypted_folder_arg, default=[], action='append', help= "relative paths of encrypted folders, can be used multiple times. requires safefs" ) parser.add_argument( "--print-default-config-file", action='store_true', help="print default config file path to standard out and quit") parser.add_argument("mount_point", nargs='?') args = parser.parse_args(argv[1:]) try: version = pkg_resources.require("dbxfs")[0].version except Exception: log.warning("Failed to get version", exc_info=True) version = '' if version: try: with urllib.request.urlopen( "https://pypi.org/pypi/dbxfs/json") as f: rversion = json.load(io.TextIOWrapper(f))['info']['version'] if rversion != version: print( "\033[0;31m\033[1mWarning: dbxfs is out of date (%s vs %s), upgrade with 'pip3 install --upgrade dbxfs'\033[0;0m" % (rversion, version)) except Exception: log.warning("Failed to get most recent version", exc_info=True) config_dir = appdirs.user_config_dir(APP_NAME) if args.config_file is not None: config_file = args.config_file else: config_file = os.path.join(config_dir, "config.json") if args.print_default_config_file: print(config_file) return 0 try: os.makedirs(config_dir, exist_ok=True) except OSError as e: print("Unable to create configuration directory: %s" % (e, )) return -1 config = {} try: f = open(config_file) except IOError as e: if e.errno != errno.ENOENT: raise else: try: with f: config = json.load(f) except ValueError as e: print("Config file %r is not valid json: %s" % (config_file, e)) return -1 mount_point = args.mount_point if mount_point is None: mount_point = config.get("mount_point") if not args.smb_no_mount and mount_point is None: parser.print_usage() print("%s: error: please provide the mount_point argument" % (os.path.basename(argv[0]), )) return 1 encrypted_folders = config.get("encrypted_folders", []) + args.encrypted_folders if safefs_wrap_create_fs is None and encrypted_folders: print( "safefs not installed, can't transparently decrypt encrypted folders" ) return 1 access_token = None save_access_token = False save_config = False access_token_command = config.get("access_token_command", None) if access_token_command is not None: print("Running %r for access token" % (' '.join(access_token_command), )) try: access_token = subprocess.check_output( access_token_command).decode("utf-8") except UnicodeDecodeError: print("Access token command output is not utf-8 encoded") return -1 except TypeError: print("Bad access token command: %r, " % (access_token_command, )) return -1 # NB: access tokens never contain white-space and the access token # command often accidentally appends a newline character. access_token = access_token.strip() if access_token is None: keyring_user = config.get("keyring_user", None) if keyring_user is not None: try: access_token = keyring.get_password(APP_NAME, keyring_user) except KeyringError as e: print("Failed to get access token from keyring: %s" % (e, )) if access_token is None: access_token_privy = config.get("access_token_privy", None) if access_token_privy is not None: passwd = None while True: passwd = getpass.getpass( "Enter access token passphrase (not your Dropbox password) (Ctrl-C to quit): " ) try: access_token = privy.peek(access_token_privy, passwd).decode('utf-8') except ValueError: if not yes_no_input( "Incorrect password, create new access token?"): continue break del passwd try_directly = False while True: if access_token is None: save_access_token = True if (access_token is None and try_directly and yes_no_input( "Want to try entering the access token directly?")): print("Go to https://dropbox.com/developers/apps to " "create an app and generate a personal access token.") while True: access_token = getpass.getpass( "Enter Access token (Ctrl-C to quit): ") if not access_token: print("Access tokens cannot be empty") continue break if access_token is None: auth_flow = dropbox.DropboxOAuth2FlowNoRedirect( APP_KEY, APP_SECRET) authorize_url = auth_flow.start() print("We need an access token. Perform the following steps:") print("1. Go to " + authorize_url) print("2. Click \"Allow\" (you may have to log in first)") print("3. Copy the authorization code.") while True: auth_code = input( "Enter authorization code (Ctrl-C to quit): ") if not auth_code: print("Authorization code cannot be empty") continue break try: oauth_result = auth_flow.finish(auth_code) except Exception as e: print("Authorization code was invalid!") try_directly = True continue access_token = oauth_result.access_token # test out access token try: dropbox.Dropbox(access_token).users_get_current_account() except (dropbox.exceptions.BadInputError, dropbox.exceptions.AuthError, ValueError) as e: print("Error using access token: %s" % (e, )) access_token = None try_directly = True except OSError: if not yes_no_input("Error connecting to Dropbox, Try again?"): return 1 else: break if save_access_token and yes_no_input( "We're all connected. Do you want to save your credentials for future runs?", default_yes=True): keyring_user = ''.join( [random.choice("asdfghjklzxcvbnmqwertyuiop") for _ in range(24)]) try: keyring.set_password(APP_NAME, keyring_user, access_token) except (KeyringError, RuntimeError) as e: print( "We need a passphrase to encrypt your access token before we can save it." ) print( "Warning: Your access token passphrase must contain enough randomness to be resistent to hacking. You can read this for more info: https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/" ) while True: pass_ = getpass.getpass("Enter new access token passphrase: ") pass2_ = getpass.getpass( "Enter new access token passphrase (again): ") if pass_ != pass2_: print("Passphrases didn't match, please re-enter") else: del pass2_ break config.pop('keyring_user', None) config['access_token_privy'] = privy.hide( access_token.encode('utf-8'), pass_, server=False) del pass_ save_config = True else: config.pop('access_token_privy', None) config['keyring_user'] = keyring_user save_config = True if not config.get("asked_send_error_reports", False): if yes_no_input( "Would you like to help us improve %s by providing anonymous error reports?" % (APP_NAME, ), default_yes=True): config['send_error_reports'] = True config['asked_send_error_reports'] = True save_config = True if save_access_token and yes_no_input( "Do you want \"%s\" to be the default mount point?" % (mount_point, ), default_yes=True): config['mount_point'] = mount_point save_config = True if save_config: with open(config_file, "w") as f: json.dump(config, f) log.info("Starting %s...", APP_NAME) if config.get('send_error_reports', False): try: sentry_sdk.init( "https://[email protected]/1293235", release='%s@%s' % (APP_NAME, version), with_locals=False) except Exception: log.warning("Failed to initialize sentry", exc_info=True) cache_folder = os.path.join(appdirs.user_cache_dir(APP_NAME), "file_cache") try: os.makedirs(cache_folder, exist_ok=True) except OSError: log.warning( "Failed to create cache folder, running without file cache") cache_folder = None def create_fs(): fs = CachingFileSystem(DropboxFileSystem(access_token), cache_folder=cache_folder) # From a purity standpoint the following layer ideally would # go between the caching fs and dropbox fs, but because the # contract between those two is highly specialized, just put # it on top fs = TranslateIgnoredFilesFileSystem(fs) if sys.platform == 'darwin': fs = DisableQuickLookFileSystem(fs) return fs if safefs_wrap_create_fs is not None: create_fs = safefs_wrap_create_fs(create_fs, encrypted_folders) if not os.path.exists(mount_point): if yes_no_input( "Mount point \"%s\" doesn't exist, do you want to create it?" % (mount_point, ), default_yes=True): try: os.makedirs(mount_point, exist_ok=True) except OSError as e: print("Unable to create mount point: %s" % (e, )) return -1 return userspacefs.simple_main( mount_point, "dbxfs", create_fs, args, on_new_process=None if BLOCK_TRACING_INHERITS else block_tracing)
def main(argv=None): # Protect access token and potentially encryption keys block_tracing() if argv is None: argv = sys.argv parser = argparse.ArgumentParser() userspacefs.add_cli_arguments(parser) parser.add_argument("-c", "--config-file", help="config file path") parser.add_argument( "-e", "--encrypted-folder", dest='encrypted_folders', type=parse_encrypted_folder_arg, default=[], action='append', help= "relative paths of encrypted folders, can be used multiple times. requires safefs" ) parser.add_argument( "--print-default-config-file", action='store_true', help="print default config file path to standard out and quit") parser.add_argument("mount_point", nargs='?') args = parser.parse_args(argv[1:]) config_dir = appdirs.user_config_dir(APP_NAME) if args.config_file is not None: config_file = args.config_file else: config_file = os.path.join(config_dir, "config.json") if args.print_default_config_file: print(config_file) return 0 if not args.smb_no_mount and args.mount_point is None: parser.print_usage() print("%s: error: please provide the mount_point argument" % (os.path.basename(argv[0]), )) return 1 os.makedirs(config_dir, exist_ok=True) config = {} try: f = open(config_file) except IOError as e: if e.errno != errno.ENOENT: raise else: try: with f: config = json.load(f) except ValueError as e: print("Config file %r is not valid json: %s" % (config_file, e)) return -1 access_token = None save_access_token = False save_config = False access_token_command = config.get("access_token_command", None) if access_token_command is not None: print("Running %r for access token" % (' '.join(access_token_command), )) try: access_token = subprocess.check_output( access_token_command).decode("utf-8") except TypeError: print("Bad access token command: %r, " % (access_token_command, )) return -1 if access_token is None: keyring_user = config.get("keyring_user", None) if keyring_user is not None: try: access_token = keyring.get_password(APP_NAME, keyring_user) except KeyringError as e: print("Failed to get access token from keyring: %s" % (e, )) if access_token is None: access_token_privy = config.get("access_token_privy", None) if access_token_privy is not None: passwd = None while True: passwd = getpass.getpass( "Enter access token passphrase (not your Dropbox password) (Ctrl-C to quit): " ) try: access_token = privy.peek(access_token_privy, passwd).decode('utf-8') except ValueError: if not yes_no_input( "Incorrect password, create new access token?"): continue break del passwd try_directly = False while True: if access_token is None: save_access_token = True if (access_token is None and try_directly and yes_no_input( "Want to try entering the access token directly?")): print("Go to https://dropbox.com/developers/apps to " "create an app and generate a personal access token.") while True: access_token = getpass.getpass( "Enter Access token (Ctrl-C to quit): ") if not access_token: print("Access tokens cannot be empty") continue break if access_token is None: auth_flow = dropbox.DropboxOAuth2FlowNoRedirect( APP_KEY, APP_SECRET) authorize_url = auth_flow.start() print("We need an access token. Perform the following steps:") print("1. Go to " + authorize_url) print("2. Click \"Allow\" (you may have to log in first)") print("3. Copy the authorization code.") while True: auth_code = input( "Enter authoritization code (Ctrl-C to quit): ") if not auth_code: print("Authorization code cannot be empty") continue break try: oauth_result = auth_flow.finish(auth_code) except Exception as e: print("Authorization code was invalid!") try_directly = True continue access_token = oauth_result.access_token # test out access token try: dropbox.Dropbox(access_token).users_get_current_account() except (dropbox.exceptions.BadInputError, dropbox.exceptions.AuthError) as e: print("Error using access token: %s" % (e, )) access_token = None try_directly = True else: break if save_access_token and yes_no_input( "We're all connected. Do you want to save your credentials for future runs?", default_yes=True): keyring_user = ''.join( [random.choice("asdfghjklzxcvbnmqwertyuiop") for _ in range(24)]) try: keyring.set_password(APP_NAME, keyring_user, access_token) except (KeyringError, RuntimeError) as e: print( "We need a passphrase to encrypt your access token before we can save it." ) print( "Warning: Your access token passphrase must contain enough randomness to be resistent to hacking. You can read this for more info: https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/" ) while True: pass_ = getpass.getpass("Enter new access token passphrase: ") pass2_ = getpass.getpass( "Enter new access token passphrase (again): ") if pass_ != pass2_: print("Passphrases didn't match, please re-enter") else: del pass2_ break config.pop('keyring_user', None) config['access_token_privy'] = privy.hide( access_token.encode('utf-8'), pass_, server=False) del pass_ save_config = True else: config.pop('access_token_privy', None) config['keyring_user'] = keyring_user save_config = True if not config.get("asked_send_error_reports", False): if yes_no_input( "Would you like to help us improve %s by providing anonymous error reports?" % (APP_NAME, ), default_yes=True): config['send_error_reports'] = True config['asked_send_error_reports'] = True save_config = True if save_config: with open(config_file, "w") as f: json.dump(config, f) log.info("Starting %s...", APP_NAME) wrap_fs_errors = True if config.get('send_error_reports', False): try: version = pkg_resources.require("dbxfs")[0].version except Exception: log.warning("Failed to get version", exc_info=True) version = '' try: sentry_sdk.init( "https://[email protected]/1293235", release='%s@%s' % (APP_NAME, version), with_locals=False) wrap_fs_errors = True except Exception: log.warning("Failed to initialize sentry", exc_info=True) cache_folder = os.path.join(appdirs.user_cache_dir(APP_NAME), "file_cache") with contextlib.suppress(FileExistsError): os.makedirs(cache_folder) def create_fs(): fs = CachingFileSystem(DropboxFileSystem(access_token), cache_folder=cache_folder) if sys.platform == 'darwin': fs = DisableQuickLookFileSystem(fs) if wrap_fs_errors: fs = WrapErrorsFileSystem(fs) return fs encrypted_folders = config.get("encrypted_folders", []) + args.encrypted_folders create_fs = safefs_wrap_create_fs(create_fs, encrypted_folders) if not os.path.exists(args.mount_point): if yes_no_input( "Mount point \"%s\" doesn't exist, do you want to create it?" % (args.mount_point, ), default_yes=True): os.makedirs(args.mount_point, exist_ok=True) return userspacefs.simple_main(args.mount_point, "dbxfs", create_fs, args)
def reader(self, path, passwd): res = {} tar = tarfile.open("secret", 'r:*', fileobj=open(path, 'rb')) for member in tar.getnames(): res[member] = privy.peek(tar.extractfile(member).read(), passwd) return res