def keyring(deployment, keyring_file='~/.nrg-keyring.enc', passphrase=None): ''' Get keyring for deployment :param deployment: Deployment name :type deployment: str :param keyring_file: Keyring file :type keyring_file: str :param passphrase: Passphrase to decrypt keyring :type passphrase: str :returns: Deployment keyring :rtype: dict ''' if deployment == None: return keyring_from_env() if passphrase == None: if 'NRG_KEYRING_PASS' in os.environ: passphrase = os.environ['NRG_KEYRING_PASS'] else: passphrase = gp.getpass('enter keyring passphrase: ') keyring_file = os.path.expanduser(keyring_file) with open(keyring_file, 'rb') as fo: key = crypt.key_from_file(fo, passphrase) content = b'' for chunk in crypt.decrypt(fo, key): content += chunk try: js = json.loads(content) except ValueError as e: raise KeyringError('could not decrypt file {0} (wrong passphrase perhaps?)'.format(keyring_file)) return js[deployment]
def load(f, archive_base=None): '''load configuration file and keyring''' logger.debug('loading configuration') with open(os.path.expanduser(f), 'rb') as fp: Lochness = _read_config_file(fp) if archive_base: Lochness['phoenix_root'] = archive_base if 'phoenix_root' not in Lochness: raise ConfigError( 'need either --archive-base or \'phoenix_root\' in config file') Lochness['phoenix_root'] = os.path.expanduser(Lochness['phoenix_root']) Lochness['keyring_file'] = os.path.expanduser(Lochness['keyring_file']) with open(Lochness['keyring_file'], 'rb') as fp: logger.info('reading keyring file {0}'.format( Lochness['keyring_file'])) if 'NRG_KEYRING_PASS' in os.environ: load.passphrase = os.environ['NRG_KEYRING_PASS'] if not load.passphrase: load.passphrase = gp.getpass('enter passphrase: ') key = crypt.key_from_file(fp, load.passphrase) content = b'' for chunk in crypt.decrypt(fp, key): content += chunk try: Lochness['keyring'] = yaml.load(content, Loader=yaml.FullLoader) except yaml.reader.ReaderError: raise KeyringError( 'could not decrypt keyring {0} (wrong passphrase?)'.format( Lochness['keyring_file'])) return Lochness
def load_encrypted_keyring(enc_keyring_loc: str) -> dict: with open(enc_keyring_loc, 'rb') as fp: passphrase = gp.getpass('enter passphrase: ') key = crypt.key_from_file(fp, passphrase) content = b'' for chunk in crypt.decrypt(fp, key): content += chunk keyring_dict = yaml.load(content, Loader=yaml.FullLoader) return keyring_dict
def main(): parser = ap.ArgumentParser('File encryption/decryption utility') group1 = parser.add_mutually_exclusive_group(required=True) group1.add_argument('--decrypt', action='store_true', help='Decrypt file') group1.add_argument('--encrypt', action='store_true', help='Encrypt file') parser.add_argument('-o', '--output-file', help='Output file') parser.add_argument('--debug', action='store_true', help='Enable debug messages') parser.add_argument('file', help='File to encrypt or decrypt') args = parser.parse_args() # read passphrase (ask twice for --encrypt) if 'ENCRYPT_PASS' in os.environ: passphrase = os.environ['ENCRYPT_PASS'] else: passphrase = gp.getpass('enter passphrase: ') if args.encrypt: reentered = gp.getpass('re-enter passphrase: ') if passphrase != reentered: logger.critical('passphrases do not match') sys.exit(1) # get file handle raw = get(args.file) # get key using file header, or build a new one if args.decrypt: key = crypt.key_from_file(raw, passphrase) else: key = crypt.kdf(passphrase) # lock or unlock the file if args.decrypt: if not args.output_file: stdout = os.fdopen(sys.stdout.fileno(), 'wb') for chunk in crypt.decrypt(raw, key): stdout.write(chunk) else: if overwrite(args.output_file): logger.info('saving {}'.format(args.output_file)) crypt.decrypt(raw, key, filename=args.output_file) elif args.encrypt: if not args.output_file: stdout = os.fdopen(sys.stdout.fileno(), 'wb') for chunk in crypt.encrypt(raw, key): stdout.write(chunk) else: if overwrite(args.output_file): logger.info('saving {}'.format(args.output_file)) crypt.encrypt(raw, key, filename=args.output_file)
def config_load_test(f: 'location', archive_base=None): '''load configuration file and keyring''' config.logger.debug('loading configuration') with open(os.path.expanduser(f), 'rb') as fp: Lochness = config._read_config_file(fp) if archive_base: Lochness['phoenix_root'] = archive_base if 'phoenix_root' not in Lochness: raise config.ConfigError('need either --archive-base or ' '\'phoenix_root\' in config file') if 'BIDS' not in Lochness: Lochness['BIDS'] = False Lochness['phoenix_root'] = os.path.expanduser(Lochness['phoenix_root']) Lochness['keyring_file'] = os.path.expanduser(Lochness['keyring_file']) # box file pattern strings from the config to string template # regardless of the selected study in the args if 'box' in Lochness: for _, study_dict in Lochness['box'].items(): for _, modality_values in study_dict['file_patterns'].items(): for modality_dict in modality_values: modality_dict['pattern'] = \ config.string.Template(modality_dict['pattern']) with open(Lochness['keyring_file'], 'rb') as fp: config.logger.info(f'reading keyring file {Lochness["keyring_file"]}') passphrase = '' key = crypt.key_from_file(fp, passphrase) content = b'' for chunk in crypt.decrypt(fp, key): content += chunk try: Lochness['keyring'] = config.yaml.load( content, Loader=config.yaml.FullLoader) except config.yaml.reader.ReaderError: raise config.KeyringError('could not decrypt keyring {0} (wrong passphrase?)'.format(Lochness['keyring_file'])) return Lochness
def load(f: 'location', archive_base=None): '''load configuration file and keyring''' logger.debug('loading configuration') with open(os.path.expanduser(f), 'rb') as fp: Lochness = _read_config_file(fp) if archive_base: Lochness['phoenix_root'] = archive_base if 'phoenix_root' not in Lochness: raise ConfigError('need either --archive-base or ' '\'phoenix_root\' in config file') Lochness['phoenix_root'] = os.path.expanduser(Lochness['phoenix_root']) Lochness['keyring_file'] = os.path.expanduser(Lochness['keyring_file']) # box file pattern strings from the config to string template # regardless of the selected study in the args if 'box' in Lochness: for _, study_dict in Lochness['box'].items(): for _, modality_values in study_dict['file_patterns'].items(): for modality_dict in modality_values: modality_dict['pattern'] = \ string.Template(modality_dict['pattern']) with open(Lochness['keyring_file'], 'rb') as fp: logger.info('reading keyring file {0}'.format( Lochness['keyring_file'])) if 'NRG_KEYRING_PASS' in os.environ: load.passphrase = os.environ['NRG_KEYRING_PASS'] if not load.passphrase: load.passphrase = gp.getpass('enter passphrase: ') key = crypt.key_from_file(fp, load.passphrase) content = b'' for chunk in crypt.decrypt(fp, key): content += chunk try: Lochness['keyring'] = yaml.load(content, Loader=yaml.FullLoader) except yaml.reader.ReaderError: raise KeyringError( 'could not decrypt keyring {0} (wrong passphrase?)'.format( Lochness['keyring_file'])) return Lochness
def test_write_file(): original = b'''Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.''' passphrase = 'foo bar biz bat' key = crypt.kdf(passphrase) with tf.NamedTemporaryFile(dir=DIR, prefix='enc', delete=False) as enc_tmp: crypt.encrypt_to_file(enc_tmp.name, io.BytesIO(original), key) key = None with tf.NamedTemporaryFile(dir=DIR, prefix='dec', delete=False) as dec_tmp: with open(enc_tmp.name, 'rb') as fo: key = crypt.key_from_file(fo, passphrase) crypt.decrypt_to_file(dec_tmp.name, fo, key) os.remove(enc_tmp.name) with open(dec_tmp.name, 'rb') as fo: decrypted = fo.read() os.remove(dec_tmp.name) assert decrypted == original