def derivate_secret_key_from_password(password: str, salt: bytes = None) -> Tuple[SecretKey, bytes]:
salt = salt or random(argon2i.SALTBYTES)
rawkey = argon2i.kdf(
SecretBox.KEY_SIZE,
password.encode("utf8"),
salt,
opslimit=CRYPTO_OPSLIMIT,
memlimit=CRYPTO_MEMLIMIT,
)
return SecretKey(rawkey), salt
def __init__(self, password, config):
# we need to store salt
salt = config.get('settings', 'salt')
if salt:
salt = b64decode(salt)
else:
salt = random(16)
key = kdf(SecretBox.KEY_SIZE, bytes(password, 'utf-8'), salt)
self.sbox = SecretBox(key)
key = random(SecretBox.KEY_SIZE)
password = random(len(password))
config.set('settings', 'salt', b64encode(salt).decode('utf-8'))