Refactored parameters to meta

Merge branch 'main' of github.com:kevinveenbirkenbach/splitted-secret
Implemented escaping for passwords on bash level
2024-11-22 10:11:05 +01:00 · 2022-12-13 16:23:24 +01:00 · 2022-12-13 15:56:29 +01:00 · 2022-12-13 15:55:01 +01:00
5 changed files with 112 additions and 90 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
 __pycache__
-testcases.txt
+INSTRUCTIONS.md
--- a/README.md
+++ b/README.md
@ -46,9 +46,17 @@ python scripts/main.py --mode cleanup --file-types encrypted
 To decrypt the data execute:

 ```bash 
-python scripts/main.py --mode decrypt
+python scripts/main.py --mode decrypt-data
 ```

+### decrypt accumulated file
+To decrypt the accumulated datafile execute:
+
+```bash 
+python scripts/main.py --mode decrypt --meta
+```
+
+
 ### decrypt defined user
 To decrypt the data for a defined user execute:

@ -56,18 +64,19 @@ To decrypt the data for a defined user execute:
 python scripts/main.py --mode decrypt --user "<<user_id>>"
 ```

+### addtional instructions
+In the [INSTRUCTIONS.md](./Instruction.md) file the master encrypter can leave additional instructions.
+
 ## encrypt

 ### encrypt main data
-
 ```bash 
 python scripts/main.py --secret-holders-amount "<<amount>>" --quota "<<quota>>" --mode encrypt --master-password "<<master_password>>" --input-directory "<<input_directory>>"
 ```

 ### encrypt master password
-
 To encrypt the master-password file and to create the neccessary encrypted meta data execute: 

 ```bash 
-python scripts/main.py --secret-holders-amount "<<amount>>" --quota "<<quota>>" --mode encrypt --add-user-information --master-password "<<master_password>>" --create-meta-data
+python scripts/main.py --secret-holders-amount "<<amount>>" --quota "<<quota>>" --mode encrypt --add-user-information --master-password "<<master_password>>" --meta
 ```
--- a/scripts/classes/Decryption.py
+++ b/scripts/classes/Decryption.py
@ -1,6 +1,7 @@
 import json
 import os
 from pathlib import Path
+import shlex

 class AutomaticIdentificationImpossibleException(Exception):
    pass
@ -35,12 +36,18 @@ class Decryption():
        self.initializeNeededDecryptersAmount()
        self.initializeValidDecrypterIds()
    
+    def getEscapedMasterPassword(self):
+        return shlex.quote(self.master_password)
+    
    def initializeGroupDataEncryption(self):
        self.group_name = self.getDecryptersGroupName()
        self.encrypted_group_file_path = self.paths.getGroupFilePath(self.group_name, self.paths.TYPE_DECRYPTED)
        self.decryptGroupFile()
        self.master_password = self.loadTxtFile(self.encrypted_group_file_path).strip()

+    def getMasterPassword(self):
+        return self.master_password
+
    def initializeNeededDecryptersAmount(self):
        self.needed_decrypters_amount = len(str(list(self.user_data['groups'].keys())[0]))
    
@ -70,9 +77,6 @@ class Decryption():
            shared_password += str(self.password_parts[password_share_index])
        return shared_password
    
-    def getMasterPassword(self):
-        return self.master_password
-    
    def addDecrypterId(self,decrypter_id):
        decrypter_id = int(decrypter_id)
        if decrypter_id not in self.valid_decrypter_ids:
@ -114,7 +118,7 @@ class Decryption():
        return data
    
    def decryptFile(self,password,input_file_path,output_file_path):
-        self.cli.executeCommand('gpg --batch --passphrase "'+ password + '" -o "' + output_file_path +'" "'+ input_file_path+'"')
+        self.cli.executeCommand('gpg --batch --passphrase '+ shlex.quote(password)  + ' -o "' + output_file_path +'" "'+ input_file_path+'"')
    
    def decryptUserFile(self):
        input_file_path = self.paths.getUserFilePath(self.user_id,self.paths.TYPE_ENCRYPTED)
@ -130,4 +134,4 @@ class Decryption():
        self.decryptFile(self.user_password, input_file_path, output_file_path)
    
    def decryptMainData(self):
-        self.cli.executeCommand('gpg --batch --passphrase "' + self.getMasterPassword() + '" -d "' + self.paths.getEncryptedMainDataFile() + '" | tar --one-top-level="' + self.paths.getDecryptedMainDataStandartFolder() + '" -xvzf -')
+        self.cli.executeCommand('gpg --batch --passphrase ' + shlex.quote(self.getMasterPassword()) + ' -d "' + self.paths.getEncryptedMainDataFile() + '" | tar --one-top-level="' + self.paths.getDecryptedMainDataStandartFolder() + '" -xvzf -')
--- a/scripts/classes/Encryption.py
+++ b/scripts/classes/Encryption.py
@ -5,6 +5,7 @@ import numpy
 import re
 import json
 from .Paths import Paths
+import shlex

 class Encryption():
    
@ -104,7 +105,7 @@ class Encryption():
            index += 1
            
    def encryptStringToFile(self,text,output_file,password):
-        self.cli.executeCommand('echo \'' + text + '\' | gpg --symmetric --armor --batch --passphrase "' + password + '" -o "' + output_file + '"')
+        self.cli.executeCommand('echo ' + shlex.quote(text) + ' | gpg --symmetric --armor --batch --passphrase ' + shlex.quote(password) + ' -o "' + output_file + '"')
    
    def encryptGroupFiles(self):
        for password_group_index_int in self.group_mapped_data:
@ -125,7 +126,7 @@ class Encryption():
    See: https://stackoverflow.com/questions/30650841/why-am-i-getting-errno-7-argument-list-too-long-and-oserror-errno-24-too-ma
    '''
    def encryptFileToFile(self,input_file,output_file,password):
-        self.cli.executeCommand('cat \'' + input_file + '\' | gpg --symmetric --armor --batch --passphrase "' + password + '" -o "' + output_file + '"')
+        self.cli.executeCommand('cat \'' + input_file + '\' | gpg --symmetric --armor --batch --passphrase ' + shlex.quote(password) + ' -o "' + output_file + '"')
    
    def deleteDecryptedAccumulatedFile(self):
        self.cli.executeCommand('rm ' + self.paths.getAccumulatedFilePath(Paths.TYPE_DECRYPTED))
@ -144,7 +145,7 @@ class Encryption():
        self.deleteDecryptedAccumulatedFile()
        
    def encryptMainData(self,input_directory):
-        self.cli.executeCommand('tar -C"' + input_directory + '" -cvzf - ./ | gpg -c --batch --passphrase "' + self.master_password +'" > "' + self.paths.getEncryptedMainDataFile() + '"')
+        self.cli.executeCommand('tar -C"' + input_directory + '" -cvzf - ./ | gpg -c --batch --passphrase ' + shlex.quote(self.master_password) + ' > "' + self.paths.getEncryptedMainDataFile() + '"')
    
    def encryptMetaData(self):
        self.encryptUserFile()
--- a/scripts/main.py
+++ b/scripts/main.py
@ -40,11 +40,13 @@ try:
        parser.add_argument('--user',type=int, dest='user',choices=Encryption.getSecretHoldersRange(),required=False)
        parser.add_argument('--add-user-information',type=bool, dest='add_user_information', default=False, required=False, action=argparse.BooleanOptionalAction, help="Add additional information to users.")
        parser.add_argument('--input-directory',type=str,dest='input_directory',required=False, help="The directory from which the data should be encrypted.")
-        parser.add_argument('--create-meta-data',type=bool, dest='create_meta_data', default=False, required=False, action=argparse.BooleanOptionalAction, help="When mode is encrypt and this flag is set, the encrypted meta data is created.")
+        parser.add_argument('--meta-data',type=bool, dest='meta_data', default=False, required=False, action=argparse.BooleanOptionalAction, help="When mode is encrypt and this flag is set, the encrypted meta data is created. When mode is decrypt and this flag is set the accumulated file will be decrypted.")
        args = parser.parse_args()

        print("Application started.")
        print("To leave the appplication use the key kombination: <<Ctr>> + <<Alt>> + <<C>>")
+        print("Cleaning up all decrypted files.")
+        cleanup.cleanupFiles(Paths.TYPE_DECRYPTED)
        print("Selected Mode: " + args.mode)
        
        if args.mode == 'cleanup':   
@ -63,7 +65,17 @@ try:
            
        if args.mode == 'decrypt':
            decrypt = Decryption(cli,paths)
+            if args.meta_data is True:
                if args.master_password is None:
+                    print("Enter the master password:")
+                    master_password = getpass()
+                else:
+                    master_password = args.master_password
+                decrypt = Decryption(cli,paths)
+                print("Decrypting accumulated data.")
+                decrypt.setUserPassword(master_password)
+                decrypt.decryptAccumulatedFile()
+                dirty_exit()
            if args.user is None:
                try:
                    print("Attempt to identify user.") 
@ -139,10 +151,6 @@ try:
            decrypt.decryptMainData()
            print("The data was decrypted to: " + paths.getDecryptedMainDataStandartFolder())
            dirty_exit()
-            print("Decrypting accumulated data.")
-            decrypt.setUserPassword(args.master_password)
-            decrypt.decryptAccumulatedFile()
-            dirty_exit()
        
        if args.mode == 'encrypt':
            if args.master_password is None:
@ -157,7 +165,7 @@ try:
                        print("Enter attribut <<" + label + ">> for user <<" + user_id+ ">>:" )
                        encrypt.addInformationToUser(user_id, label, str(input()))
            encrypt.compileData()
-            if args.create_meta_data is True:
+            if args.meta_data is True:
                print("Create and encrypt meta data.")
                encrypt.encryptMetaData()
            if args.input_directory is not None:
Author	SHA1	Message	Date
Kevin Veen-Birkenbach	a0c17c9fd6	Refactored parameters to meta	2022-12-13 16:23:24 +01:00
Kevin Veen-Birkenbach	b3bd3a0095	Merge branch 'main' of github.com:kevinveenbirkenbach/splitted-secret	2022-12-13 15:56:29 +01:00
Kevin Veen-Birkenbach	11848ba222	Implemented escaping for passwords on bash level	2022-12-13 15:55:01 +01:00