From 1017fa2257a469f437f41ba2f454454d5f331bd3 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Fri, 9 Dec 2022 17:32:02 +0100 Subject: [PATCH] Implemented encryption on user level --- .gitignore | 2 +- scripts/classes/AbstractSplittedSecret.py | 2 + scripts/classes/Cleanup.py | 27 +++++++++--- scripts/classes/Generate.py | 53 ++++++++++++++--------- 4 files changed, 56 insertions(+), 28 deletions(-) diff --git a/.gitignore b/.gitignore index 0f96dab..23732ca 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ data/decrypted/splitted_password_files/* data/decrypted/password_files/* data/encrypted/splitted_password_files/* -data/decrypted/password_files/* +data/encrypted/password_files/* __pycache__ \ No newline at end of file diff --git a/scripts/classes/AbstractSplittedSecret.py b/scripts/classes/AbstractSplittedSecret.py index 2dbc1b0..fd3cfd0 100644 --- a/scripts/classes/AbstractSplittedSecret.py +++ b/scripts/classes/AbstractSplittedSecret.py @@ -4,4 +4,6 @@ class AbstractSplittedSecret(Cli): def __init__(self): super(Cli, self).__init__() self.encrypted_splitted_password_files_folder = "data/encrypted/splitted_password_files/" + self.encrypted_password_files_folder = "data/encrypted/password_files/" + self.encrypted_password_files_folder = "data/encrypted/password_files/" self.decrypted_password_files_folder="data/decrypted/password_files/" \ No newline at end of file diff --git a/scripts/classes/Cleanup.py b/scripts/classes/Cleanup.py index 1a9bb54..f54b095 100644 --- a/scripts/classes/Cleanup.py +++ b/scripts/classes/Cleanup.py @@ -2,12 +2,25 @@ from .AbstractSplittedSecret import AbstractSplittedSecret class Cleanup(AbstractSplittedSecret): def __init__(self): super(Cleanup, self).__init__() + self.encrypted_files_folders = [self.decrypted_password_files_folder,self.decrypted_password_files_folder] + self.decrypted_files_folders = [self.encrypted_splitted_password_files_folder,self.encrypted_password_files_folder] + + def deleteAllFilesInFolder(self,folder_path): + try: + self.executeCommand('rm -v ' + folder_path + '*') + print(self.getCommandString()) + print(self.getOutputString()) + except: + pass + + def deleteAllDecryptedFiles(self): + for folder_path in self.decrypted_files_folders: + self.deleteAllFilesInFolder(folder_path) + def deleteAllEncryptedFiles(self): - self.executeCommand('rm -v ' + self.decrypted_password_files_folder + '*') - print(self.getCommandString()) - print(self.getOutputString()) - self.executeCommand('rm -v ' + self.encrypted_splitted_password_files_folder + '*') - print(self.getCommandString()) - print(self.getOutputString()) + for folder_path in self.encrypted_files_folders: + self.deleteAllFilesInFolder(folder_path) + def deleteAll(self): - self.deleteAllEncryptedFiles() \ No newline at end of file + self.deleteAllEncryptedFiles() + self.deleteAllDecryptedFiles() \ No newline at end of file diff --git a/scripts/classes/Generate.py b/scripts/classes/Generate.py index e389b1b..06bd96c 100644 --- a/scripts/classes/Generate.py +++ b/scripts/classes/Generate.py @@ -40,9 +40,9 @@ class Generate(AbstractSplittedSecret): master_password_file.write(password) master_password_file.close() - def createPassword(self): + def createPassword(self,length): characters = string.ascii_letters + string.digits - return ''.join(random.choice(characters) for i in range(int(64*self.quota_factor))).upper() + return (''.join(random.choice(characters) for i in range(length)).upper()) def isGroupValid(self,password_group_index_str): secret_stakeholders_range=range(1,(self.amount_of_secret_holders+1)) @@ -54,7 +54,7 @@ class Generate(AbstractSplittedSecret): self.user_mapped_data = {} user_count = 1 while user_count <= self.amount_of_secret_holders: - self.user_mapped_data[str(user_count)] = {} + self.user_mapped_data[str(user_count)] = {"groups":{},"user_password":self.createPassword(64)} user_count += 1; def createGroupMappedDataFrame(self): @@ -75,39 +75,52 @@ class Generate(AbstractSplittedSecret): password = '' for secret_holder_index in password_group_index_str: self.group_mapped_data[password_group_index_int]['members'][secret_holder_index]={} - password_part = self.createPassword() + particial_password_length= int(128*self.quota_factor); + password_part = self.createPassword(particial_password_length) self.group_mapped_data[password_group_index_int]['members'][secret_holder_index] = password_part password += password_part - self.user_mapped_data[secret_holder_index][password_group_index_str] = password_part + self.user_mapped_data[secret_holder_index]['groups'][password_group_index_str] = password_part self.group_mapped_data[password_group_index_int]['password'] += password index += 1 + def encryptStringToFile(self,text,output_file,password): + self.executeCommand('echo \'' + text + '\' | gpg --symmetric --armor --batch --passphrase "' + password + '" -o "' + output_file + '.gpg"') + print(self.getCommandString()) + def generateEncryptedGroupFiles(self): for password_group_index_int in self.group_mapped_data: - encrypted_splitted_password_file = AbstractSplittedSecret().encrypted_splitted_password_files_folder + str(password_group_index_int) + ".txt.gpg" - self.executeCommand('echo "' + self.master_password + '" | gpg --symmetric --armor --batch --passphrase "' + self.group_mapped_data[password_group_index_int]['password'] + '" -o "' + encrypted_splitted_password_file + '"') - print(self.getCommandString()) + encrypted_splitted_password_file = AbstractSplittedSecret().encrypted_splitted_password_files_folder + str(password_group_index_int) + ".txt" + self.encryptStringToFile(self.master_password,encrypted_splitted_password_file,self.group_mapped_data[password_group_index_int]['password']) - def saveJsonFile(self,file_path,data): - with open(file_path, 'w', encoding='utf-8') as file: - json.dump(data, file, ensure_ascii=False, indent=4) - - def saveUserMappedData(self): + def encryptToJsonFile(self,data,file_path,password): + self.encryptStringToFile(json.dumps(data,ensure_ascii=False), file_path, password) + + def encryptUserMappedData(self): for user_id in self.user_mapped_data: - file_path=self.decrypted_password_files_folder+user_id+'.json' - self.saveJsonFile(file_path, self.user_mapped_data[user_id]) + file_path=self.encrypted_password_files_folder+user_id+'.json' + self.encryptToJsonFile(self.user_mapped_data[user_id]['groups'],file_path,self.user_mapped_data[user_id]['user_password']) - def saveGroupMappedData(self): - file_path=self.decrypted_password_files_folder+'group_mapped.json' - self.saveJsonFile(file_path, self.group_mapped_data) + def encryptAccumulatedMappedData(self): + file_path=self.encrypted_password_files_folder+'accumulated.json' + data={"user_mapped": self.user_mapped_data, "group_mapped": self.group_mapped_data} + self.encryptToJsonFile(data,file_path,self.master_password) def saveMappedData(self): - self.saveUserMappedData() - self.saveGroupMappedData(); + self.encryptUserMappedData() + self.encryptAccumulatedMappedData() + + def encryptMappedUserData(self): + self.user_passwords = {} + for user_id in self.user_mapped_data: + self.user_passwords[user_id] = self.createPassword(64) + + def encryptMappedData(self): + self.encryptMappedUserData() def generate(self): self.generateMappedData() self.saveMappedData() + self.encryptMappedData() self.generateEncryptedGroupFiles() def getUserMappedData(self):