kevinveenbirkenbach/split-secret
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/splitted-secret.git synced 2024-11-24 19:21:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: kevinveenbirkenbach:a00550e0b60f5d8283d09e359c6a5e339994f0d4
Branches Tags
kevinveenbirkenbach:main
..
compare: kevinveenbirkenbach:e5806992ced7a44d0300d0b6e6fef76256ed8da7
Branches Tags
kevinveenbirkenbach:main

No commits in common. "a00550e0b60f5d8283d09e359c6a5e339994f0d4" and "e5806992ced7a44d0300d0b6e6fef76256ed8da7" have entirely different histories.
a00550e0b6 ... e5806992ce

7 changed files with 115 additions and 264 deletions
Show Stats Expand all files Collapse all files

13
Readme.md
View File

@ -22,10 +22,8 @@ python scripts/main.py --mode decrypt --master-password "ewrwerwerew" &&
python scripts/main.py --mode decrypt --user "1"
python scripts/main.py --mode cleanup --file-types decrypted && python scripts/main.py --mode decrypt --user "1" --user-password "O3ITMWXZED9FKYQ0PB2WNVRWSCSCYVXCD00PJ6GQ4MFPIUWBVDCYSSSX9ZDBW5QU" << END_OF_INPUTS
2
YGC6FLI5FIFL4WV4JPZZI7RVOZTWLROCLY4HVGDMWWSTAIQJTLUQK1VBBY0E24PN
END_OF_INPUTS
python scripts/main.py --mode cleanup --user "1" && python scripts/main.py --mode decrypt --user "1" --user-password "O3ITMWXZED9FKYQ0PB2WNVRWSCSCYVXCD00PJ6GQ4MFPIUWBVDCYSSSX9ZDBW5QU"
```
# Requirements to know
- Amount of People
@ -35,7 +33,7 @@ END_OF_INPUTS
- Plattform independend
- easy to use
# required software
# setup
```bash
pip install numpy
gpg
@ -43,11 +41,6 @@ END_OF_INPUTS
pip
```
## todo
- implement tails setup script
- implement relativ call
- implement tmp mount for decrypted files
## Further Information
- https://www.tutorialspoint.com/python/python_command_line_arguments.htm
- https://docs.python.org/3/library/argparse.html#module-argparse

17
scripts/classes/AbstractSplittedSecret.py
View File

@ -1,26 +1,11 @@
from .Cli import Cli
class AbstractSplittedSecret(Cli):
USER_PASSWORD_LENGTHS = 64
OVERALL_PASSWORD_LENGTHS = 128
# At the moment the programm can used deal with one digit numbers.
MAXIMUM_SECRET_HOLDERS = 9
MINIMUM_SECRET_HOLDERS = 2
TYPE_ENCRYPTED="encrypted"
TYPE_DECRYPTED="decrypted"
def __init__(self):
super(Cli, self).__init__()
self.data_folder = "data/"
def getCoSecretHoldersRange():
return range(AbstractSplittedSecret.MINIMUM_SECRET_HOLDERS,AbstractSplittedSecret.MAXIMUM_SECRET_HOLDERS)
def getSecretHoldersRange():
return range(1,AbstractSplittedSecret.MAXIMUM_SECRET_HOLDERS)
def getFolderPath(self,folder_type):
return self.data_folder + folder_type + "/"
@ -31,7 +16,7 @@ class AbstractSplittedSecret(Cli):
return self.getFolderPath(folder_type) + "user_files/"
def getFileExtension(self,file_type):
if file_type == AbstractSplittedSecret.TYPE_ENCRYPTED:
if file_type == "encrypted":
return '.gpg'
return ''

15
scripts/classes/Cleanup.py
View File

@ -1,5 +1,6 @@
from .AbstractSplittedSecret import AbstractSplittedSecret
class Cleanup(AbstractSplittedSecret):
def __init__(self):
super(Cleanup, self).__init__()
@ -16,17 +17,21 @@ class Cleanup(AbstractSplittedSecret):
except:
pass
def cleanupFiles(self,file_type):
def deleteAllFiles(self,file_type):
for folder_path in self.getAllFilePaths(file_type):
self.deleteAllFilesInFolder(folder_path)
def deleteAllEncryptedFiles(self):
for folder_path in self.encrypted_files_folders:
self.deleteAllFilesInFolder(folder_path)
def cleanupForUser(self,user):
try:
self.executeCommand('find "' + self.getFolderPath(AbstractSplittedSecret.TYPE_ENCRYPTED) + '" -not -name "*' + str(user) +'*" -type f -print | xargs rm -v')
self.executeCommand('find "' + self.getFolderPath("encrypted") + '" -not -name "*' + str(user) +'*" -type f -print | xargs rm -v')
except:
pass
self.cleanupFiles(AbstractSplittedSecret.TYPE_DECRYPTED)
self.deleteAllFiles("decrypted")
def deleteAll(self):
self.cleanupFiles(AbstractSplittedSecret.TYPE_ENCRYPTED)
self.cleanupFiles(AbstractSplittedSecret.TYPE_DECRYPTED)
self.deleteAllFiles("encrypted")
self.deleteAllFiles("decrypted")

3
scripts/classes/Cli.py
View File

@ -19,7 +19,8 @@ class Cli(object):
for line in stdout:
self.output.append(line.decode("utf-8"))
if process.wait() > bool(0):
raise Exception("Error for: \nCommand:<<" + str(command) + ">>\nOutput:<<" + str(out) + ">>\nExitcode:<<" + str(err) + ">>")
print(command, out, err)
raise Exception("Exitcode is greater then 0")
return self.output
def getOutputString(self):

100
scripts/classes/Decryption.py
View File

@ -1,6 +1,5 @@
from .AbstractSplittedSecret import AbstractSplittedSecret
import json
from pathlib import Path
class Decryption(AbstractSplittedSecret):
def __init__(self):
@ -8,87 +7,12 @@ class Decryption(AbstractSplittedSecret):
self.user_password=''
super(Decryption, self).__init__()
def initializeUser(self,user_id):
def setUserId(self,user_id):
self.user_id=str(user_id)
self.user_file_decrypted_path = self.getUserFilePath(self.user_id,AbstractSplittedSecret.TYPE_DECRYPTED)
def initializeUserDataDecryption(self):
self.decryptUserFile()
self.user_data = self.loadJsonFile(self.user_file_decrypted_path)
self.initializeNeededDecryptersAmount()
self.initializeValidDecrypterIds()
def initializeGroupDataEncryption(self):
self.group_name = self.getDecryptersGroupName()
self.encrypted_group_file_path = self.getGroupFilePath(self.group_name, AbstractSplittedSecret.TYPE_DECRYPTED)
self.decryptGroupFile()
self.master_password = self.loadTxtFile(self.encrypted_group_file_path)
def initializeNeededDecryptersAmount(self):
self.needed_decrypters_amount = len(str(list(self.user_data['groups'].keys())[0]))
def initializeValidDecrypterIds(self):
self.valid_decrypter_ids = []
self.valid_decrypter_ids.append(int(self.user_id))
for contact_id in self.user_data['contacts']:
self.valid_decrypter_ids.append(int(contact_id))
self.user_file_decrypted_path = self.getUserFilePath(self.user_id,"decrypted")
def setUserPassword(self,user_password):
self.user_password = str(user_password)
def resetDecrypterIds(self):
self.decrypter_ids = []
self.addDecrypterId(self.user_id)
def resetPasswordShare(self):
self.password_parts = {}
self.addPasswordShare(self.user_id,self.getPasswordShare())
def addPasswordShare(self,user_id,password_share):
self.password_parts[str(user_id)] = password_share
def getGroupPassword(self):
shared_password = ''
for password_share_index in sorted(self.password_parts):
shared_password += str(self.password_parts[password_share_index])
return shared_password
def getMasterPassword(self):
return self.master_password
def addDecrypterId(self,decrypter_id):
decrypter_id = int(decrypter_id)
if decrypter_id not in self.valid_decrypter_ids:
raise Exception("The encrypter id is not valid. Valid encrypter ids are: " + str(self.valid_decrypter_ids))
if len(self.decrypter_ids) >= self.needed_decrypters_amount:
raise Exception("There are already sufficients decrypters (" + str(len(self.decrypter_ids)) + ") defined!")
if decrypter_id in self.decrypter_ids:
raise Exception("The decrypter is already in the list.")
self.decrypter_ids.append(decrypter_id)
def getUserId(self):
return self.user_id
def getCoDecrypterIds(self):
co_decrypter_ids = self.decrypter_ids[:]
co_decrypter_ids.remove(int(self.user_id))
return co_decrypter_ids
def getDecrypterIds(self):
return self.decrypter_ids
def getDecryptersGroupName(self):
self.decrypter_ids.sort()
return ''.join(str(x) for x in self.decrypter_ids)
def getPasswordShare(self):
return self.user_data['groups'][str(self.getDecryptersGroupName())]
def getNeededDecryptersAmount(self):
return self.needed_decrypters_amount
def loadTxtFile(self,file_path):
return Path(file_path).read_text()
def loadJsonFile(self,file_path):
file = open(file_path)
@ -96,18 +20,22 @@ class Decryption(AbstractSplittedSecret):
file.close()
return data
def setNeededEncryptersAmount(self):
self.needed_encrypters_amount = len(str(list(self.user_data['groups'].keys())[0]))-1
def decryptFile(self,password,input_file_path,output_file_path):
self.executeCommand('gpg --batch --passphrase "'+ password + '" -o "' + output_file_path +'" "'+ input_file_path+'"')
def decryptUserFile(self):
input_file_path = self.getUserFilePath(self.user_id,AbstractSplittedSecret.TYPE_ENCRYPTED)
input_file_path = self.getUserFilePath(self.user_id,"encrypted")
self.decryptFile(self.user_password, input_file_path, self.user_file_decrypted_path)
def decryptGroupFile(self):
input_file_path = self.getGroupFilePath(self.group_name, AbstractSplittedSecret.TYPE_ENCRYPTED)
self.decryptFile(self.getGroupPassword(), input_file_path, self.encrypted_group_file_path)
def decryptAccumulatedFile(self):
input_file_path = self.getAccumulatedFilePath(AbstractSplittedSecret.TYPE_ENCRYPTED)
output_file_path = self.getAccumulatedFilePath(AbstractSplittedSecret.TYPE_DECRYPTED)
self.decryptFile(self.user_password, input_file_path, output_file_path)
input_file_path = self.getAccumulatedFilePath("encrypted")
output_file_path = self.getAccumulatedFilePath("decrypted")
self.decryptFile(self.user_password, input_file_path, output_file_path)
def initializeData(self):
self.decryptUserFile()
self.user_data = self.loadJsonFile(self.user_file_decrypted_path)
self.setNeededEncryptersAmount()

24
scripts/classes/Encryption.py
View File

@ -22,7 +22,7 @@ class Encryption(AbstractSplittedSecret):
self.user_mapped_data = {}
user_count = 1
while user_count <= self.amount_of_secret_holders:
self.user_mapped_data[str(user_count)] = {"groups":{},"user_password":self.createPassword(self.USER_PASSWORD_LENGTHS),"about":{}}
self.user_mapped_data[str(user_count)] = {"groups":{},"user_password":self.createPassword(64),"about":{}}
user_count += 1;
def initializeGroupData(self):
@ -51,11 +51,11 @@ class Encryption(AbstractSplittedSecret):
characters = string.ascii_letters + string.digits
return (''.join(random.choice(characters) for i in range(length)).upper())
def isGroupValid(self,password_group_name):
def isGroupValid(self,password_group_index_str):
secret_stakeholders_range=range(1,(self.amount_of_secret_holders+1))
valid_numbers = re.compile("([" + ','.join([str(x) for x in secret_stakeholders_range]) + "]{" + str(self.group_members_amount) + "})")
unvalid_sequenz = re.compile("(.)\\1+")
return re.search(valid_numbers, password_group_name) and not re.search(unvalid_sequenz, password_group_name)
return re.search(valid_numbers, password_group_index_str) and not re.search(unvalid_sequenz, password_group_index_str)
def compileContacts(self):
contacts = {}
@ -71,21 +71,21 @@ class Encryption(AbstractSplittedSecret):
self.compileContacts()
index = self.getStartnumber()
while index < self.getEndnumber():
password_group_name = ''.join(sorted(str(index)))
if self.isGroupValid(password_group_name):
password_group_index_int = int(password_group_name)
password_group_index_str = ''.join(sorted(str(index)))
if self.isGroupValid(password_group_index_str):
password_group_index_int = int(password_group_index_str)
if not password_group_index_int in self.group_mapped_data:
self.group_mapped_data[password_group_index_int] = {}
self.group_mapped_data[password_group_index_int]['members'] = {}
self.group_mapped_data[password_group_index_int]['password'] = ''
password = ''
for secret_holder_index in password_group_name:
for secret_holder_index in password_group_index_str:
self.group_mapped_data[password_group_index_int]['members'][secret_holder_index]={}
particial_password_length= int(self.OVERALL_PASSWORD_LENGTHS*self.quota_factor);
particial_password_length= int(128*self.quota_factor);
password_part = self.createPassword(particial_password_length)
self.group_mapped_data[password_group_index_int]['members'][secret_holder_index] = password_part
password += password_part
self.user_mapped_data[secret_holder_index]['groups'][password_group_name] = password_part
self.user_mapped_data[secret_holder_index]['groups'][password_group_index_str] = password_part
self.group_mapped_data[password_group_index_int]['password'] += password
index += 1
@ -94,7 +94,7 @@ class Encryption(AbstractSplittedSecret):
def encryptGroupFiles(self):
for password_group_index_int in self.group_mapped_data:
encrypted_group_password_file_path = self.getGroupFilePath(password_group_index_int,AbstractSplittedSecret.TYPE_ENCRYPTED)
encrypted_group_password_file_path = self.getGroupFilePath(password_group_index_int,"encrypted")
self.encryptStringToFile(self.master_password,encrypted_group_password_file_path,self.group_mapped_data[password_group_index_int]['password'])
def encryptToJsonFile(self,data,file_path,password):
@ -102,13 +102,13 @@ class Encryption(AbstractSplittedSecret):
def encryptUserData(self):
for user_id in self.user_mapped_data:
file_path=self.getUserFilePath(user_id,AbstractSplittedSecret.TYPE_ENCRYPTED)
file_path=self.getUserFilePath(user_id,"encrypted")
data=self.user_mapped_data[user_id]
password=self.user_mapped_data[user_id]['user_password']
self.encryptToJsonFile(data,file_path,password)
def encryptAccumulatedData(self):
file_path=self.getAccumulatedFilePath(AbstractSplittedSecret.TYPE_ENCRYPTED)
file_path=self.getAccumulatedFilePath("encrypted")
data={"user_mapped": self.user_mapped_data, "group_mapped": self.group_mapped_data}
self.encryptToJsonFile(data,file_path,self.master_password)

207
scripts/main.py
View File

@ -3,144 +3,83 @@ from classes.Encryption import Encryption
from classes.Cleanup import Cleanup
from classes.Decryption import Decryption
from getpass import getpass
from classes.AbstractSplittedSecret import AbstractSplittedSecret
import traceback
cleanup = Cleanup()
def clean_exit():
print("Cleaning up.")
try:
cleanup.cleanupFiles(AbstractSplittedSecret.TYPE_DECRYPTED)
except:
pass
print("Leaving program.")
exit()
def dirty_exit():
print("ATTENTION: SECURITY RISK !!!\nPROGRAM DIDN'T CLEAN UP DECRYPTED DATA. \nDECRYPTED DATA EXISTS AND CAN BE READ BY EVERYBODY!")
print("TO REMOVE DECRYPTED DATA EXECUTE:\nmain.py --mode cleanup --file-types " + AbstractSplittedSecret.TYPE_DECRYPTED)
print("Leaving program.")
exit()
try:
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument('--mode',type=str, dest='mode',required=True,choices=['cleanup','encrypt','decrypt'])
parser.add_argument('--file-types',type=str, dest='file_types',required=False,choices=[AbstractSplittedSecret.TYPE_DECRYPTED, AbstractSplittedSecret.TYPE_ENCRYPTED])
parser.add_argument('--amount',type=int, dest='amount_of_secret_holders',required=False,choices=AbstractSplittedSecret.getCoSecretHoldersRange())
parser.add_argument('--quota', type=int, dest='decryption_quota', choices=range(1,101),required=False)
parser.add_argument('--master-password',type=str, dest='master_password',required=False)
parser.add_argument('--user-password',type=str, dest='user_password',required=False)
parser.add_argument('--user',type=int, dest='user',choices=AbstractSplittedSecret.getSecretHoldersRange(),required=False)
parser.add_argument('--add-user-information',type=bool, dest='add_user_information', default=False, required=False, action=argparse.BooleanOptionalAction)
args = parser.parse_args()
print("Application started.")
print("Selected Mode: " + args.mode)
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument('--mode',type=str, dest='mode',required=True,choices=['cleanup','encrypt','decrypt'])
parser.add_argument('--amount',type=int, dest='amount_of_secret_holders',required=False,choices=range(1,9))
parser.add_argument('--quota', type=int, dest='decryption_quota', choices=range(1,101),required=False)
parser.add_argument('--master-password',type=str, dest='master_password',required=False)
parser.add_argument('--user-password',type=str, dest='user_password',required=False)
parser.add_argument('--user',type=int, dest='user',choices=range(1,9),required=False)
parser.add_argument('--add-user-information',type=bool, dest='add_user_information', default=False, required=False, action=argparse.BooleanOptionalAction)
args = parser.parse_args()
mode = args.mode
print("Splitted Secret Interface started.")
print("Selected Mode: " + mode)
if mode == 'cleanup':
cleanup = Cleanup()
if args.user is None:
print("Delete all files.")
cleanup.deleteAll()
exit()
print("Delete files for user <<" + str(args.user) + ">>");
cleanup.cleanupForUser(args.user)
exit()
if args.mode == 'cleanup':
print("Cleaning up.")
if args.file_types is None:
if args.user is None:
print("Deleting all encrypted and decrypted files.")
cleanup.deleteAll()
clean_exit()
print("Deleting all files which aren't related to user: " + str(args.user));
cleanup.cleanupForUser(args.user)
clean_exit()
print("Deleting all " + args.file_types + " files.")
cleanup.cleanupFiles(args.file_types)
clean_exit()
if args.mode == 'decrypt':
decrypt = Decryption()
if args.master_password is None:
if args.user is None:
print("Type in the user id:")
decrypt.initializeUser(input())
else:
decrypt.initializeUser(args.user)
if args.user_password is None:
while True:
print("Enter the user password:")
decrypt.setUserPassword(getpass())
print("Decrypting User File...")
try:
decrypt.initializeUserDataDecryption();
break;
except Exception as error:
print("An error occured. Propably you typed in a wrong password :( The error is: " + str(error))
else:
decrypt.setUserPassword(args.user_password)
if mode == 'decrypt':
decrypt = Decryption()
if args.master_password is None:
if args.user is None:
print("Please type in the user number:")
decrypt.setUserId(input())
else:
decrypt.setUserId(args.user)
if args.user_password is None:
while True:
print("Please enter the user password:")
decrypt.setUserPassword(getpass())
print("Decrypting User File...")
try:
decrypt.initializeUserDataDecryption();
except Exception as error:
print("An error occured. Propably you passed a wrong password :( The error is: " + str(error))
clean_exit()
print("\nContact the following persons and request their password share: \n")
for contact_id in decrypt.user_data['contacts']:
print("user_id: " + contact_id)
for label in decrypt.user_data['contacts'][contact_id]:
print(label + ": " + decrypt.user_data['contacts'][contact_id][label])
while True:
print("\nReset password shares.\n")
decrypt.resetDecrypterIds()
try:
password_shares_count = 1
while password_shares_count < decrypt.getNeededDecryptersAmount():
print(str(password_shares_count) + " password shares had been added.")
print("Password shares for the the users " + str(decrypt.getDecrypterIds()) + " been added. ")
print("You need to add " + str((decrypt.getNeededDecryptersAmount()-password_shares_count)) +" more password shares.")
print("\nType in the user id of another decrypter:")
decrypt.addDecrypterId(int(input()))
password_shares_count += 1
break
except Exception as error:
print("The following error occured <<" + str(error) + ">> :( \n Try again :)")
print("\nYour data is:\n")
print("FOR PASSWORD GROUP: " + decrypt.getDecryptersGroupName())
print("FOR USER ID: " + decrypt.getUserId())
print("PASSWORD SHARE IS: " + decrypt.getPasswordShare() + "\n")
while True:
try:
decrypt.resetPasswordShare()
co_decrypter_ids = decrypt.getCoDecrypterIds()
for co_decrypter_id in decrypt.getCoDecrypterIds():
print("Type in the password share for: \n")
print("FOR PASSWORD GROUP: " + decrypt.getDecryptersGroupName())
print("FOR USER: " + str(co_decrypter_id))
print("PASSWORD SHARE IS: ")
decrypt.addPasswordShare(co_decrypter_id, input())
print("\nTHE GROUP PASSWORD IS: " + decrypt.getGroupPassword())
print("\nDecrypting group password file.\n")
decrypt.initializeGroupDataEncryption()
print("THE MASTER PASSWORD IS: " + decrypt.getMasterPassword())
decrypt.initializeData();
break;
except:
print("An unexpected error occured: \n" + traceback.format_exc())
dirty_exit()
print("Decrypting accumulated file...")
decrypt.setUserPassword(args.master_password)
decrypt.decryptAccumulatedFile()
clean_exit()
if args.mode == 'encrypt':
if args.master_password is None:
print("Enter the master password:")
master_password = getpass()
print("Wrong password :(")
else:
master_password = args.master_password
encrypt = Encryption(args.amount_of_secret_holders, args.decryption_quota, master_password)
if args.add_user_information is not None:
for user_id in encrypt.user_mapped_data:
for label in ['name','phone','email','address']:
print("Enter attribut <<" + label + ">> for user <<" + user_id+ ">>:" )
encrypt.addInformationToUser(user_id, label, str(input()))
encrypt.compileData()
encrypt.encrypt()
clean_exit()
except KeyboardInterrupt:
print("Program interrupted by user.")
clean_exit()
decrypt.setUserPassword(args.user_password)
print("Decrypting User File...")
try:
decrypt.initializeData();
except:
print("Wrong password :(")
exit()
print("File decrypted :) \n")
print("Please contact the following persons and tell them that you need help to encrypt the data: \n")
for contact_id in decrypt.user_data['contacts']:
print("user_id: " + contact_id)
for label in decrypt.user_data['contacts'][contact_id]:
print(label + ": " + decrypt.user_data['contacts'][contact_id][label])
print("You need at least <<" + str(decrypt.needed_encrypters_amount) +">> other person to decrypt the secret.")
exit()
print("Decrypting accumulated file...")
decrypt.setUserPassword(args.master_password)
decrypt.decryptAccumulatedFile()
exit()
if mode == 'encrypt':
if args.master_password is None:
print("Please enter the master password:")
master_password = getpass()
else:
master_password = args.master_password
encrypt = Encryption(args.amount_of_secret_holders, args.decryption_quota, master_password)
if args.add_user_information is not None:
for user_id in encrypt.user_mapped_data:
for label in ['name','phone','email','address']:
print("Please enter attribut <<" + label + ">> for user <<" + user_id+ ">>:" )
encrypt.addInformationToUser(user_id, label, str(input()))
encrypt.compileData()
encrypt.encrypt()
exit()