mirror of
https://github.com/kevinveenbirkenbach/splitted-secret.git
synced 2024-11-25 03:31:03 +01:00
Compare commits
4 Commits
4caec4e1dc
...
42a5b93d67
Author | SHA1 | Date | |
---|---|---|---|
42a5b93d67 | |||
591af85d82 | |||
080b8d66e4 | |||
260d7dfbb7 |
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
||||
__pycache__
|
||||
testcases.txt
|
117
Readme.md
117
Readme.md
@ -1,66 +1,77 @@
|
||||
# Splitted Secret
|
||||
The purpose of this software is to splitt a secret over multiple people. Just if a defined amount of this people meet together they can encrypt the secret and have access to it.
|
||||
|
||||
# testing
|
||||
## requirements
|
||||
|
||||
### system
|
||||
This software is developed for and on an [Arch Linux](https://archlinux.org/) system.
|
||||
|
||||
### setup
|
||||
|
||||
Before executing the script it may be necessary to install the following software packages:
|
||||
|
||||
```bash
|
||||
python scripts/main.py --mode cleanup &&
|
||||
echo "werewrw" > data/decrypted/main_data/test123.txt
|
||||
echo "werewrw" > data/decrypted/main_data/test124.txt
|
||||
mkdir data/decrypted/main_data/folder
|
||||
echo "werewrw" > data/decrypted/main_data/folder/test124.txt
|
||||
|
||||
python scripts/main.py --amount 3 --quota 50 --mode encrypt --add-user-information --master-password "ewrwerwerew" << END_OF_INPUTS
|
||||
alpha bravo
|
||||
123123812908
|
||||
asfdasd@asdskjd.de
|
||||
street in straat
|
||||
charlie delta
|
||||
1888888
|
||||
sadasfdasd@asdskjd.de
|
||||
street in strutt
|
||||
echo2 foxtrott
|
||||
99999999
|
||||
asfdasd@sdskjd.de
|
||||
street in strasdlasöd
|
||||
END_OF_INPUTS
|
||||
python scripts/main.py --mode decrypt --master-password "ewrwerwerew"
|
||||
|
||||
|
||||
python scripts/main.py --mode cleanup --file-types decrypted &&
|
||||
python scripts/main.py --mode decrypt --user "1" --user-password "Y4GYTEW80SCQQDTIKOJ6YNCIP6MBBEM68SCKBAA1VWAQFRSPNGHEBKHSFZQENDRB" << END_OF_INPUTS
|
||||
2
|
||||
VGCQPW2LIKJ7SDFFLUZXBXGFPZ6L8RGPTS7TLCNN9GLR82RPHRSN34YZUXF0L27V
|
||||
END_OF_INPUTS
|
||||
pacman -S gpg tar python pip python-pip
|
||||
pip install numpy
|
||||
```
|
||||
# Requirements to know
|
||||
- Amount of People
|
||||
- How much people need to reunite for decrypting
|
||||
## commands
|
||||
|
||||
# Requirements to implement
|
||||
- Plattform independend
|
||||
- easy to use
|
||||
## cleanup data
|
||||
|
||||
### delete all data
|
||||
|
||||
To delete all data execute:
|
||||
|
||||
# required software
|
||||
```bash
|
||||
pip install numpy
|
||||
gpg
|
||||
ecryptfs-utils
|
||||
ecryptfs-simple
|
||||
python
|
||||
pip
|
||||
python scripts/main.py --mode cleanup
|
||||
```
|
||||
|
||||
### delete decrypted data
|
||||
To delete all encrypted data execute:
|
||||
|
||||
```bash
|
||||
python scripts/main.py --mode cleanup --file-types decrypted
|
||||
```
|
||||
|
||||
### delete all encrypted data
|
||||
To delete all encrypted data execute:
|
||||
|
||||
```bash
|
||||
python scripts/main.py --mode cleanup --file-types encrypted
|
||||
```
|
||||
|
||||
## decrypt
|
||||
|
||||
### decrypt automatic
|
||||
To decrypt the data execute:
|
||||
|
||||
```bash
|
||||
python scripts/main.py --mode decrypt
|
||||
```
|
||||
|
||||
### decrypt defined user
|
||||
To decrypt the data for a defined user execute:
|
||||
|
||||
```bash
|
||||
python scripts/main.py --mode decrypt --user "<<user_id>>"
|
||||
```
|
||||
|
||||
## encrypt
|
||||
|
||||
### encrypt main data
|
||||
|
||||
```bash
|
||||
python scripts/main.py --secret-holders-amount "<<amount>>" --quota "<<quota>>" --mode encrypt --master-password "<<master_password>>" --input-directory "<<input_directory>>"
|
||||
```
|
||||
|
||||
### encrypt master password
|
||||
|
||||
To encrypt the master-password file and to create the neccessary encrypted meta data execute:
|
||||
|
||||
```bash
|
||||
python scripts/main.py --secret-holders-amount "<<amount>>" --quota "<<quota>>" --mode encrypt --add-user-information --master-password "<<master_password>>" --create-meta-data
|
||||
```
|
||||
|
||||
## todo
|
||||
- implement tails setup script
|
||||
- add data-input attribut
|
||||
- add data-output attribut
|
||||
- write scenario test
|
||||
|
||||
## Further Information
|
||||
- https://www.tutorialspoint.com/python/python_command_line_arguments.htm
|
||||
- https://docs.python.org/3/library/argparse.html#module-argparse
|
||||
- https://wiki.ubuntuusers.de/GoCryptFS/
|
||||
- https://pynative.com/python-generate-random-string/
|
||||
- https://www.studimup.de/abitur/stochastik/anzahl-der-m%C3%B6glichketen-berechnen-kombinatorik/
|
||||
- https://numpy.org/doc/stable/reference/generated/numpy.base_repr.html?highlight=base_repr#numpy.base_repr
|
||||
- https://linuxconfig.org/how-to-create-compressed-encrypted-archives-with-tar-and-gpg
|
1
data/encrypted/user_files/.gitignore
vendored
1
data/encrypted/user_files/.gitignore
vendored
@ -1 +0,0 @@
|
||||
*.gpg
|
@ -8,7 +8,7 @@ class Cleanup():
|
||||
def getAllFilePaths(self,file_type):
|
||||
all_file_paths = [
|
||||
self.paths.getGroupFilesFolderPath(file_type),
|
||||
self.paths.getUserFilesFolderPath(file_type),
|
||||
self.paths.getUserFilesPath(file_type),
|
||||
self.paths.getAccumulatedFilePath(file_type)
|
||||
]
|
||||
if file_type == Paths.TYPE_DECRYPTED:
|
||||
@ -19,7 +19,7 @@ class Cleanup():
|
||||
try:
|
||||
self.cli.executeCommand('rm -r ' + folder_path + '*')
|
||||
except Exception as error:
|
||||
print(error)
|
||||
pass
|
||||
|
||||
def cleanupFiles(self,file_type):
|
||||
for folder_path in self.getAllFilePaths(file_type):
|
||||
@ -29,7 +29,7 @@ class Cleanup():
|
||||
try:
|
||||
self.cli.executeCommand('find "' + self.paths.getDataFolderPath(Paths.TYPE_ENCRYPTED) + '" -not -name "*' + str(user) +'*" -type f -print | xargs rm -v')
|
||||
except Exception as error:
|
||||
print(error)
|
||||
pass
|
||||
self.cleanupFiles(Paths.TYPE_DECRYPTED)
|
||||
|
||||
def deleteAll(self):
|
||||
|
@ -1,6 +1,10 @@
|
||||
import json
|
||||
import os
|
||||
from pathlib import Path
|
||||
|
||||
class AutomaticIdentificationImpossibleException(Exception):
|
||||
pass
|
||||
|
||||
class Decryption():
|
||||
|
||||
def __init__(self,cli,paths):
|
||||
@ -9,6 +13,18 @@ class Decryption():
|
||||
self.cli = cli
|
||||
self.paths = paths
|
||||
|
||||
def identifyUser(self):
|
||||
file_type = self.paths.TYPE_ENCRYPTED
|
||||
file_names = next(os.walk(self.paths.getUserFilesPath(file_type)), (None, None, []))[2]
|
||||
users = []
|
||||
user_file_suffix = self.paths.getUserFileSuffix(file_type)
|
||||
for file in file_names:
|
||||
if user_file_suffix in file:
|
||||
users.append(file.replace(user_file_suffix, ''))
|
||||
if len(users) < 2:
|
||||
return users[0]
|
||||
raise AutomaticIdentificationImpossibleException()
|
||||
|
||||
def initializeUser(self,user_id):
|
||||
self.user_id=str(user_id)
|
||||
self.user_file_decrypted_path = self.paths.getUserFilePath(self.user_id,self.paths.TYPE_DECRYPTED)
|
||||
|
@ -40,10 +40,10 @@ class Encryption():
|
||||
self.user_mapped_data[user_id]['about'][label] = content;
|
||||
|
||||
def getCoSecretHoldersRange():
|
||||
return range(Encryption.MINIMUM_SECRET_HOLDERS,Encryption.MAXIMUM_SECRET_HOLDERS)
|
||||
return range(Encryption.MINIMUM_SECRET_HOLDERS,(Encryption.MAXIMUM_SECRET_HOLDERS+1))
|
||||
|
||||
def getSecretHoldersRange():
|
||||
return range(1,Encryption.MAXIMUM_SECRET_HOLDERS)
|
||||
return range(1,(Encryption.MAXIMUM_SECRET_HOLDERS+1))
|
||||
|
||||
def getStartnumber(self):
|
||||
index = 0
|
||||
@ -84,7 +84,7 @@ class Encryption():
|
||||
def compileData(self):
|
||||
self.compileContacts()
|
||||
index = self.getStartnumber()
|
||||
while index < self.getEndnumber():
|
||||
while index <= self.getEndnumber():
|
||||
password_group_name = ''.join(sorted(str(index)))
|
||||
if self.isGroupValid(password_group_name):
|
||||
password_group_index_int = int(password_group_name)
|
||||
@ -126,11 +126,10 @@ class Encryption():
|
||||
data={"user_mapped": self.user_mapped_data, "group_mapped": self.group_mapped_data}
|
||||
self.encryptToJsonFile(data,file_path,self.master_password)
|
||||
|
||||
def encryptMainData(self):
|
||||
self.cli.executeCommand('tar -C"' + self.paths.getDecryptedMainDataStandartFolder() + '" -cvzf - ./ | gpg -c --batch --passphrase "' + self.master_password +'" > "' + self.paths.getEncryptedMainDataFile() + '"')
|
||||
def encryptMainData(self,input_directory):
|
||||
self.cli.executeCommand('tar -C"' + input_directory + '" -cvzf - ./ | gpg -c --batch --passphrase "' + self.master_password +'" > "' + self.paths.getEncryptedMainDataFile() + '"')
|
||||
|
||||
def encryptAll(self):
|
||||
def encryptMetaData(self):
|
||||
self.encryptUserFile()
|
||||
self.encryptAccumulatedFile()
|
||||
self.encryptGroupFiles()
|
||||
self.encryptMainData()
|
||||
|
@ -16,7 +16,7 @@ class Paths():
|
||||
def getGroupFilesFolderPath(self,folder_type):
|
||||
return self.getDataFolderPath(folder_type) + "group_files/"
|
||||
|
||||
def getUserFilesFolderPath(self,folder_type):
|
||||
def getUserFilesPath(self,folder_type):
|
||||
return self.getDataFolderPath(folder_type) + "user_files/"
|
||||
|
||||
def getEncryptedMainDataFile(self):
|
||||
@ -30,8 +30,11 @@ class Paths():
|
||||
return '.gpg'
|
||||
return ''
|
||||
|
||||
def getUserFileSuffix(self,file_type):
|
||||
return '.json' + self.getFileExtension(file_type)
|
||||
|
||||
def getUserFilePath(self,user_id,file_type):
|
||||
return self.getUserFilesFolderPath(file_type)+user_id+'.json' + self.getFileExtension(file_type);
|
||||
return self.getUserFilesPath(file_type) + user_id + self.getUserFileSuffix(file_type);
|
||||
|
||||
def getGroupFilePath(self,group_id,file_type):
|
||||
return self.getGroupFilesFolderPath(file_type) + str(group_id) + '.txt' + self.getFileExtension(file_type);
|
||||
|
@ -1,7 +1,7 @@
|
||||
import argparse
|
||||
from classes.Encryption import Encryption
|
||||
from classes.Cleanup import Cleanup
|
||||
from classes.Decryption import Decryption
|
||||
from classes.Decryption import Decryption, AutomaticIdentificationImpossibleException
|
||||
from getpass import getpass
|
||||
import traceback
|
||||
from classes.Cli import Cli
|
||||
@ -33,15 +33,18 @@ try:
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument('--mode',type=str, dest='mode',required=True,choices=['cleanup','encrypt','decrypt'])
|
||||
parser.add_argument('--file-types',type=str, dest='file_types',required=False,choices=[Paths.TYPE_DECRYPTED, Paths.TYPE_ENCRYPTED])
|
||||
parser.add_argument('--amount',type=int, dest='amount_of_secret_holders',required=False,choices=Encryption.getCoSecretHoldersRange())
|
||||
parser.add_argument('--secret-holders-amount',type=int, dest='amount_of_secret_holders',required=False,choices=Encryption.getCoSecretHoldersRange(),help="Needed for creating of encryption meta data.")
|
||||
parser.add_argument('--quota', type=int, dest='decryption_quota', choices=range(1,101),required=False)
|
||||
parser.add_argument('--master-password',type=str, dest='master_password',required=False)
|
||||
parser.add_argument('--user-password',type=str, dest='user_password',required=False)
|
||||
parser.add_argument('--user',type=int, dest='user',choices=Encryption.getSecretHoldersRange(),required=False)
|
||||
parser.add_argument('--add-user-information',type=bool, dest='add_user_information', default=False, required=False, action=argparse.BooleanOptionalAction)
|
||||
parser.add_argument('--add-user-information',type=bool, dest='add_user_information', default=False, required=False, action=argparse.BooleanOptionalAction, help="Add additional information to users.")
|
||||
parser.add_argument('--input-directory',type=str,dest='input_directory',required=False, help="The directory from which the data should be encrypted.")
|
||||
parser.add_argument('--create-meta-data',type=bool, dest='create_meta_data', default=False, required=False, action=argparse.BooleanOptionalAction, help="When mode is encrypt and this flag is set, the encrypted meta data is created.")
|
||||
args = parser.parse_args()
|
||||
|
||||
print("Application started.")
|
||||
print("To leave the appplication use the key kombination: <<Ctr>> + <<Alt>> + <<C>>")
|
||||
print("Selected Mode: " + args.mode)
|
||||
|
||||
if args.mode == 'cleanup':
|
||||
@ -62,8 +65,15 @@ try:
|
||||
decrypt = Decryption(cli,paths)
|
||||
if args.master_password is None:
|
||||
if args.user is None:
|
||||
print("Type in the user id:")
|
||||
decrypt.initializeUser(input())
|
||||
try:
|
||||
print("Attempt to identify user.")
|
||||
user_id = decrypt.identifyUser()
|
||||
print("The user id is: " + user_id)
|
||||
except:
|
||||
print("A automatic user id identification wasn't possible.")
|
||||
print("Type in the user id:")
|
||||
user_id = input()
|
||||
decrypt.initializeUser(user_id)
|
||||
else:
|
||||
decrypt.initializeUser(args.user)
|
||||
if args.user_password is None:
|
||||
@ -141,13 +151,18 @@ try:
|
||||
else:
|
||||
master_password = args.master_password
|
||||
encrypt = Encryption(cli,paths,args.amount_of_secret_holders, args.decryption_quota, master_password)
|
||||
if args.add_user_information is not None:
|
||||
if args.add_user_information is True:
|
||||
for user_id in encrypt.user_mapped_data:
|
||||
for label in ['name','phone','email','address']:
|
||||
for label in ['name','phone','email','address','notes']:
|
||||
print("Enter attribut <<" + label + ">> for user <<" + user_id+ ">>:" )
|
||||
encrypt.addInformationToUser(user_id, label, str(input()))
|
||||
encrypt.compileData()
|
||||
encrypt.encryptAll()
|
||||
if args.create_meta_data is True:
|
||||
print("Create and encrypt meta data.")
|
||||
encrypt.encryptMetaData()
|
||||
if args.input_directory is not None:
|
||||
print("Encrypt main data.")
|
||||
encrypt.encryptMainData(args.input_directory)
|
||||
dirty_exit()
|
||||
except KeyboardInterrupt:
|
||||
print("Program interrupted by user.")
|
||||
|
Loading…
Reference in New Issue
Block a user