Implemented escaping for passwords on bash level

This commit is contained in:
Kevin Veen-Birkenbach 2022-12-13 15:55:01 +01:00
parent 5ad38ab566
commit 11848ba222
5 changed files with 110 additions and 87 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
__pycache__ __pycache__
testcases.txt INSTRUCTIONS.md

View File

@ -46,9 +46,17 @@ python scripts/main.py --mode cleanup --file-types encrypted
To decrypt the data execute: To decrypt the data execute:
```bash ```bash
python scripts/main.py --mode decrypt python scripts/main.py --mode decrypt-data
``` ```
### decrypt automatic
To decrypt the accumulated datafile execute:
```bash
python scripts/main.py --mode decrypt --decrypt-accumulated-file
```
### decrypt defined user ### decrypt defined user
To decrypt the data for a defined user execute: To decrypt the data for a defined user execute:
@ -56,16 +64,17 @@ To decrypt the data for a defined user execute:
python scripts/main.py --mode decrypt --user "<<user_id>>" python scripts/main.py --mode decrypt --user "<<user_id>>"
``` ```
### addtional instructions
In the [INSTRUCTIONS.md](./Instruction.md) file the master encrypter can leave additional instructions.
## encrypt ## encrypt
### encrypt main data ### encrypt main data
```bash ```bash
python scripts/main.py --secret-holders-amount "<<amount>>" --quota "<<quota>>" --mode encrypt --master-password "<<master_password>>" --input-directory "<<input_directory>>" python scripts/main.py --secret-holders-amount "<<amount>>" --quota "<<quota>>" --mode encrypt --master-password "<<master_password>>" --input-directory "<<input_directory>>"
``` ```
### encrypt master password ### encrypt master password
To encrypt the master-password file and to create the neccessary encrypted meta data execute: To encrypt the master-password file and to create the neccessary encrypted meta data execute:
```bash ```bash

View File

@ -1,6 +1,7 @@
import json import json
import os import os
from pathlib import Path from pathlib import Path
import shlex
class AutomaticIdentificationImpossibleException(Exception): class AutomaticIdentificationImpossibleException(Exception):
pass pass
@ -35,12 +36,18 @@ class Decryption():
self.initializeNeededDecryptersAmount() self.initializeNeededDecryptersAmount()
self.initializeValidDecrypterIds() self.initializeValidDecrypterIds()
def getEscapedMasterPassword(self):
return shlex.quote(self.master_password)
def initializeGroupDataEncryption(self): def initializeGroupDataEncryption(self):
self.group_name = self.getDecryptersGroupName() self.group_name = self.getDecryptersGroupName()
self.encrypted_group_file_path = self.paths.getGroupFilePath(self.group_name, self.paths.TYPE_DECRYPTED) self.encrypted_group_file_path = self.paths.getGroupFilePath(self.group_name, self.paths.TYPE_DECRYPTED)
self.decryptGroupFile() self.decryptGroupFile()
self.master_password = self.loadTxtFile(self.encrypted_group_file_path).strip() self.master_password = self.loadTxtFile(self.encrypted_group_file_path).strip()
def getMasterPassword(self):
return self.master_password
def initializeNeededDecryptersAmount(self): def initializeNeededDecryptersAmount(self):
self.needed_decrypters_amount = len(str(list(self.user_data['groups'].keys())[0])) self.needed_decrypters_amount = len(str(list(self.user_data['groups'].keys())[0]))
@ -70,9 +77,6 @@ class Decryption():
shared_password += str(self.password_parts[password_share_index]) shared_password += str(self.password_parts[password_share_index])
return shared_password return shared_password
def getMasterPassword(self):
return self.master_password
def addDecrypterId(self,decrypter_id): def addDecrypterId(self,decrypter_id):
decrypter_id = int(decrypter_id) decrypter_id = int(decrypter_id)
if decrypter_id not in self.valid_decrypter_ids: if decrypter_id not in self.valid_decrypter_ids:
@ -114,7 +118,7 @@ class Decryption():
return data return data
def decryptFile(self,password,input_file_path,output_file_path): def decryptFile(self,password,input_file_path,output_file_path):
self.cli.executeCommand('gpg --batch --passphrase "'+ password + '" -o "' + output_file_path +'" "'+ input_file_path+'"') self.cli.executeCommand('gpg --batch --passphrase '+ shlex.quote(password) + ' -o "' + output_file_path +'" "'+ input_file_path+'"')
def decryptUserFile(self): def decryptUserFile(self):
input_file_path = self.paths.getUserFilePath(self.user_id,self.paths.TYPE_ENCRYPTED) input_file_path = self.paths.getUserFilePath(self.user_id,self.paths.TYPE_ENCRYPTED)
@ -130,4 +134,4 @@ class Decryption():
self.decryptFile(self.user_password, input_file_path, output_file_path) self.decryptFile(self.user_password, input_file_path, output_file_path)
def decryptMainData(self): def decryptMainData(self):
self.cli.executeCommand('gpg --batch --passphrase "' + self.getMasterPassword() + '" -d "' + self.paths.getEncryptedMainDataFile() + '" | tar --one-top-level="' + self.paths.getDecryptedMainDataStandartFolder() + '" -xvzf -') self.cli.executeCommand('gpg --batch --passphrase ' + shlex.quote(self.getMasterPassword()) + ' -d "' + self.paths.getEncryptedMainDataFile() + '" | tar --one-top-level="' + self.paths.getDecryptedMainDataStandartFolder() + '" -xvzf -')

View File

@ -5,6 +5,7 @@ import numpy
import re import re
import json import json
from .Paths import Paths from .Paths import Paths
import shlex
class Encryption(): class Encryption():
@ -104,7 +105,7 @@ class Encryption():
index += 1 index += 1
def encryptStringToFile(self,text,output_file,password): def encryptStringToFile(self,text,output_file,password):
self.cli.executeCommand('echo \'' + text + '\' | gpg --symmetric --armor --batch --passphrase "' + password + '" -o "' + output_file + '"') self.cli.executeCommand('echo ' + shlex.quote(text) + ' | gpg --symmetric --armor --batch --passphrase ' + shlex.quote(password) + ' -o "' + output_file + '"')
def encryptGroupFiles(self): def encryptGroupFiles(self):
for password_group_index_int in self.group_mapped_data: for password_group_index_int in self.group_mapped_data:
@ -125,7 +126,7 @@ class Encryption():
See: https://stackoverflow.com/questions/30650841/why-am-i-getting-errno-7-argument-list-too-long-and-oserror-errno-24-too-ma See: https://stackoverflow.com/questions/30650841/why-am-i-getting-errno-7-argument-list-too-long-and-oserror-errno-24-too-ma
''' '''
def encryptFileToFile(self,input_file,output_file,password): def encryptFileToFile(self,input_file,output_file,password):
self.cli.executeCommand('cat \'' + input_file + '\' | gpg --symmetric --armor --batch --passphrase "' + password + '" -o "' + output_file + '"') self.cli.executeCommand('cat \'' + input_file + '\' | gpg --symmetric --armor --batch --passphrase ' + shlex.quote(password) + ' -o "' + output_file + '"')
def deleteDecryptedAccumulatedFile(self): def deleteDecryptedAccumulatedFile(self):
self.cli.executeCommand('rm ' + self.paths.getAccumulatedFilePath(Paths.TYPE_DECRYPTED)) self.cli.executeCommand('rm ' + self.paths.getAccumulatedFilePath(Paths.TYPE_DECRYPTED))
@ -144,7 +145,7 @@ class Encryption():
self.deleteDecryptedAccumulatedFile() self.deleteDecryptedAccumulatedFile()
def encryptMainData(self,input_directory): def encryptMainData(self,input_directory):
self.cli.executeCommand('tar -C"' + input_directory + '" -cvzf - ./ | gpg -c --batch --passphrase "' + self.master_password +'" > "' + self.paths.getEncryptedMainDataFile() + '"') self.cli.executeCommand('tar -C"' + input_directory + '" -cvzf - ./ | gpg -c --batch --passphrase ' + shlex.quote(self.master_password) + ' > "' + self.paths.getEncryptedMainDataFile() + '"')
def encryptMetaData(self): def encryptMetaData(self):
self.encryptUserFile() self.encryptUserFile()

View File

@ -36,6 +36,7 @@ try:
parser.add_argument('--secret-holders-amount',type=int, dest='amount_of_secret_holders',required=False,choices=Encryption.getCoSecretHoldersRange(),help="Needed for creating of encryption meta data.") parser.add_argument('--secret-holders-amount',type=int, dest='amount_of_secret_holders',required=False,choices=Encryption.getCoSecretHoldersRange(),help="Needed for creating of encryption meta data.")
parser.add_argument('--quota', type=int, dest='decryption_quota', choices=range(1,101),required=False) parser.add_argument('--quota', type=int, dest='decryption_quota', choices=range(1,101),required=False)
parser.add_argument('--master-password',type=str, dest='master_password',required=False) parser.add_argument('--master-password',type=str, dest='master_password',required=False)
parser.add_argument('--decrypt-accumulated-file',type=bool, dest='decrypt_accumulated_file', default=False , action=argparse.BooleanOptionalAction ,required=False, help="Decrypts the accumulated file.")
parser.add_argument('--user-password',type=str, dest='user_password',required=False) parser.add_argument('--user-password',type=str, dest='user_password',required=False)
parser.add_argument('--user',type=int, dest='user',choices=Encryption.getSecretHoldersRange(),required=False) parser.add_argument('--user',type=int, dest='user',choices=Encryption.getSecretHoldersRange(),required=False)
parser.add_argument('--add-user-information',type=bool, dest='add_user_information', default=False, required=False, action=argparse.BooleanOptionalAction, help="Add additional information to users.") parser.add_argument('--add-user-information',type=bool, dest='add_user_information', default=False, required=False, action=argparse.BooleanOptionalAction, help="Add additional information to users.")
@ -45,6 +46,8 @@ try:
print("Application started.") print("Application started.")
print("To leave the appplication use the key kombination: <<Ctr>> + <<Alt>> + <<C>>") print("To leave the appplication use the key kombination: <<Ctr>> + <<Alt>> + <<C>>")
print("Cleaning up all decrypted files.")
cleanup.cleanupFiles(Paths.TYPE_DECRYPTED)
print("Selected Mode: " + args.mode) print("Selected Mode: " + args.mode)
if args.mode == 'cleanup': if args.mode == 'cleanup':
@ -63,7 +66,17 @@ try:
if args.mode == 'decrypt': if args.mode == 'decrypt':
decrypt = Decryption(cli,paths) decrypt = Decryption(cli,paths)
if args.decrypt_accumulated_file is True:
if args.master_password is None: if args.master_password is None:
print("Enter the master password:")
master_password = getpass()
else:
master_password = args.master_password
decrypt = Decryption(cli,paths)
print("Decrypting accumulated data.")
decrypt.setUserPassword(master_password)
decrypt.decryptAccumulatedFile()
dirty_exit()
if args.user is None: if args.user is None:
try: try:
print("Attempt to identify user.") print("Attempt to identify user.")
@ -139,10 +152,6 @@ try:
decrypt.decryptMainData() decrypt.decryptMainData()
print("The data was decrypted to: " + paths.getDecryptedMainDataStandartFolder()) print("The data was decrypted to: " + paths.getDecryptedMainDataStandartFolder())
dirty_exit() dirty_exit()
print("Decrypting accumulated data.")
decrypt.setUserPassword(args.master_password)
decrypt.decryptAccumulatedFile()
dirty_exit()
if args.mode == 'encrypt': if args.mode == 'encrypt':
if args.master_password is None: if args.master_password is None: