def _project_key(project_name):
password_encryption_key = os.environ[
DataEncryptionHandler.
CRYPTO_PASS] if DataEncryptionHandler.CRYPTO_PASS in os.environ else None
if password_encryption_key is None:
raise TVBException("Password encryption key is not defined.")
project_keys_folder = os.path.join(TvbProfile.current.TVB_STORAGE,
DataEncryptionHandler.KEYS_FOLDER)
DataEncryptionHandler.file_helper.check_created(project_keys_folder)
encrypted_project_key = DataEncryptionHandler.project_key_path(
project_name)
if os.path.exists(encrypted_project_key):
with open(encrypted_project_key, "rb") as fIn:
inputFileSize = stat(encrypted_project_key).st_size
pass_stream = BytesIO()
pyAesCrypt.decryptStream(fIn, pass_stream,
password_encryption_key, 64 * 1024,
inputFileSize)
project_key = pass_stream.getvalue().decode()
pass_stream.close()
return project_key
project_key = EncryptionHandler.generate_random_password(64)
with open(encrypted_project_key, "wb") as fOut:
pass_stream = BytesIO(str.encode(project_key))
pyAesCrypt.encryptStream(pass_stream, fOut,
password_encryption_key, 64 * 1024)
pass_stream.close()
return project_key
def generate_random_password(pass_size):
return EncryptionHandler.generate_random_password(pass_size)
def test_encrypt_decrypt(self, dir_name, file_name):
import_export_encryption_handler = StorageInterface.get_import_export_encryption_handler(
)
# Generate a private key and public key
private_key = rsa.generate_private_key(public_exponent=65537,
key_size=2048,
backend=default_backend())
public_key = private_key.public_key()
# Convert private key to bytes and save it so ABCUploader can use it
pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption())
private_key_path = os.path.join(
TvbProfile.current.TVB_TEMP_FOLDER,
import_export_encryption_handler.PRIVATE_KEY_NAME)
with open(private_key_path, 'wb') as f:
f.write(pem)
path_to_file = os.path.join(os.path.dirname(tvb_data.__file__),
dir_name, file_name)
# Create model for ABCUploader
connectivity_model = ZIPConnectivityImporterModel()
# Generate password
pass_size = TvbProfile.current.hpc.CRYPT_PASS_SIZE
password = EncryptionHandler.generate_random_password(pass_size)
# Encrypt files using an AES symmetric key
encrypted_file_path = import_export_encryption_handler.get_path_to_encrypt(
path_to_file)
buffer_size = TvbProfile.current.hpc.CRYPT_BUFFER_SIZE
pyAesCrypt.encryptFile(path_to_file, encrypted_file_path, password,
buffer_size)
# Asynchronously encrypt the password used at the previous step for the symmetric encryption
password = str.encode(password)
encrypted_password = import_export_encryption_handler.encrypt_password(
public_key, password)
# Save encrypted password
import_export_encryption_handler.save_encrypted_password(
encrypted_password, TvbProfile.current.TVB_TEMP_FOLDER)
path_to_encrypted_password = os.path.join(
TvbProfile.current.TVB_TEMP_FOLDER,
import_export_encryption_handler.ENCRYPTED_PASSWORD_NAME)
# Prepare model for decrypting
connectivity_model.uploaded = encrypted_file_path
connectivity_model.encrypted_aes_key = path_to_encrypted_password
TvbProfile.current.UPLOAD_KEY_PATH = os.path.join(
TvbProfile.current.TVB_TEMP_FOLDER,
import_export_encryption_handler.PRIVATE_KEY_NAME)
# Decrypting
decrypted_download_path = import_export_encryption_handler.decrypt_content(
connectivity_model.encrypted_aes_key,
[connectivity_model.uploaded],
TvbProfile.current.UPLOAD_KEY_PATH)[0]
connectivity_model.uploaded = decrypted_download_path
storage_interface = StorageInterface()
decrypted_file_path = connectivity_model.uploaded.replace(
import_export_encryption_handler.ENCRYPTED_DATA_SUFFIX,
import_export_encryption_handler.DECRYPTED_DATA_SUFFIX)
TestExporters.compare_files(path_to_file, decrypted_file_path)
# Clean-up
storage_interface.remove_files([
encrypted_file_path, decrypted_file_path, private_key_path,
path_to_encrypted_password
])