Optimized decryption

Readme.md

@@ -22,8 +22,10 @@ python scripts/main.py --mode decrypt --master-password "ewrwerwerew"  &&
 python scripts/main.py --mode decrypt --user "1" 
 
 
-python scripts/main.py --mode cleanup --user "1"  && python scripts/main.py --mode decrypt --user "1" --user-password "O3ITMWXZED9FKYQ0PB2WNVRWSCSCYVXCD00PJ6GQ4MFPIUWBVDCYSSSX9ZDBW5QU"
+python scripts/main.py --mode cleanup --file-types decrypted && python scripts/main.py --mode decrypt --user "1" --user-password "O3ITMWXZED9FKYQ0PB2WNVRWSCSCYVXCD00PJ6GQ4MFPIUWBVDCYSSSX9ZDBW5QU" << END_OF_INPUTS
-
+2
+YGC6FLI5FIFL4WV4JPZZI7RVOZTWLROCLY4HVGDMWWSTAIQJTLUQK1VBBY0E24PN
+END_OF_INPUTS
 ```
 # Requirements to know
 - Amount of People
@@ -33,7 +35,7 @@ python scripts/main.py --mode cleanup --user "1"  && python scripts/main.py --mo
 - Plattform independend
 - easy to use
 
-# setup
+# required software
 ```bash 
     pip install numpy
     gpg
@@ -41,6 +43,11 @@ python scripts/main.py --mode cleanup --user "1"  && python scripts/main.py --mo
     pip
 ```
 
+## todo 
+- implement tails setup script
+- implement relativ call
+- implement tmp mount for decrypted files
+
 ## Further Information
 - https://www.tutorialspoint.com/python/python_command_line_arguments.htm
 - https://docs.python.org/3/library/argparse.html#module-argparse

scripts/classes/AbstractSplittedSecret.py

@@ -1,11 +1,26 @@
 from .Cli import Cli
 
 class AbstractSplittedSecret(Cli):
+    USER_PASSWORD_LENGTHS = 64
+    OVERALL_PASSWORD_LENGTHS = 128
+    
+    # At the moment the programm can used deal with one digit numbers. 
+    MAXIMUM_SECRET_HOLDERS = 9
+    MINIMUM_SECRET_HOLDERS = 2
+    
+    TYPE_ENCRYPTED="encrypted"
+    TYPE_DECRYPTED="decrypted"
     
     def __init__(self):
         super(Cli, self).__init__()
         self.data_folder = "data/"
     
+    def getCoSecretHoldersRange():
+        return range(AbstractSplittedSecret.MINIMUM_SECRET_HOLDERS,AbstractSplittedSecret.MAXIMUM_SECRET_HOLDERS)
+    
+    def getSecretHoldersRange():
+        return range(1,AbstractSplittedSecret.MAXIMUM_SECRET_HOLDERS)
+    
     def getFolderPath(self,folder_type):
         return self.data_folder + folder_type + "/"
     
@@ -16,7 +31,7 @@ class AbstractSplittedSecret(Cli):
         return self.getFolderPath(folder_type) + "user_files/"
     
     def getFileExtension(self,file_type):
-        if file_type == "encrypted":
+        if file_type == AbstractSplittedSecret.TYPE_ENCRYPTED:
             return '.gpg'
         return ''
     

scripts/classes/Cleanup.py

@@ -1,6 +1,5 @@
 from .AbstractSplittedSecret import AbstractSplittedSecret
 class Cleanup(AbstractSplittedSecret):
-    
     def __init__(self):
         super(Cleanup, self).__init__()
         
@@ -17,21 +16,17 @@ class Cleanup(AbstractSplittedSecret):
         except:
             pass    
     
-    def deleteAllFiles(self,file_type):
+    def cleanupFiles(self,file_type):
         for folder_path in self.getAllFilePaths(file_type):
             self.deleteAllFilesInFolder(folder_path)
             
-    def deleteAllEncryptedFiles(self):
-        for folder_path in self.encrypted_files_folders:
-            self.deleteAllFilesInFolder(folder_path)
-            
     def cleanupForUser(self,user):
         try:
-            self.executeCommand('find "' + self.getFolderPath("encrypted") + '" -not -name "*' + str(user) +'*" -type f -print | xargs rm -v')   
+            self.executeCommand('find "' + self.getFolderPath(AbstractSplittedSecret.TYPE_ENCRYPTED) + '" -not -name "*' + str(user) +'*" -type f -print | xargs rm -v')   
         except:
             pass
-        self.deleteAllFiles("decrypted")
+        self.cleanupFiles(AbstractSplittedSecret.TYPE_DECRYPTED)
 
     def deleteAll(self):
-        self.deleteAllFiles("encrypted")
+        self.cleanupFiles(AbstractSplittedSecret.TYPE_ENCRYPTED)
-        self.deleteAllFiles("decrypted")
+        self.cleanupFiles(AbstractSplittedSecret.TYPE_DECRYPTED)

scripts/classes/Cli.py

@@ -19,8 +19,7 @@ class Cli(object):
         for line in stdout:
             self.output.append(line.decode("utf-8"))
         if process.wait() > bool(0):
-            print(command, out, err)
+            raise Exception("Error for: \nCommand:<<" + str(command) + ">>\nOutput:<<" + str(out) + ">>\nExitcode:<<" + str(err) + ">>")
-            raise Exception("Exitcode is greater then 0")
         return self.output
     
     def getOutputString(self):

scripts/classes/Decryption.py

@@ -1,5 +1,6 @@
 from .AbstractSplittedSecret import AbstractSplittedSecret
 import json
+from pathlib import Path
 class Decryption(AbstractSplittedSecret):
     
     def __init__(self):
@@ -7,35 +8,106 @@ class Decryption(AbstractSplittedSecret):
         self.user_password=''
         super(Decryption, self).__init__()
     
-    def setUserId(self,user_id):
+    def initializeUser(self,user_id):
         self.user_id=str(user_id)
-        self.user_file_decrypted_path = self.getUserFilePath(self.user_id,"decrypted")
+        self.user_file_decrypted_path = self.getUserFilePath(self.user_id,AbstractSplittedSecret.TYPE_DECRYPTED)
+
+    def initializeUserDataDecryption(self):
+        self.decryptUserFile()
+        self.user_data = self.loadJsonFile(self.user_file_decrypted_path)
+        self.initializeNeededDecryptersAmount()
+        self.initializeValidDecrypterIds()
+    
+    def initializeGroupDataEncryption(self):
+        self.group_name = self.getDecryptersGroupName()
+        self.encrypted_group_file_path = self.getGroupFilePath(self.group_name, AbstractSplittedSecret.TYPE_DECRYPTED)
+        self.decryptGroupFile()
+        self.master_password = self.loadTxtFile(self.encrypted_group_file_path)
+
+    def initializeNeededDecryptersAmount(self):
+        self.needed_decrypters_amount = len(str(list(self.user_data['groups'].keys())[0]))
+    
+    def initializeValidDecrypterIds(self):
+        self.valid_decrypter_ids = []
+        self.valid_decrypter_ids.append(int(self.user_id))
+        for contact_id in self.user_data['contacts']:
+            self.valid_decrypter_ids.append(int(contact_id)) 
     
     def setUserPassword(self,user_password):
         self.user_password = str(user_password)
         
+    def resetDecrypterIds(self):
+        self.decrypter_ids = []
+        self.addDecrypterId(self.user_id)
+        
+    def resetPasswordShare(self):
+        self.password_parts = {}
+        self.addPasswordShare(self.user_id,self.getPasswordShare())
+
+    def addPasswordShare(self,user_id,password_share):
+        self.password_parts[str(user_id)] = password_share
+        
+    def getGroupPassword(self):
+        shared_password = ''
+        for password_share_index in sorted(self.password_parts):
+            shared_password += str(self.password_parts[password_share_index])
+        return shared_password
+    
+    def getMasterPassword(self):
+        return self.master_password
+    
+    def addDecrypterId(self,decrypter_id):
+        decrypter_id = int(decrypter_id)
+        if decrypter_id not in self.valid_decrypter_ids:
+            raise Exception("The encrypter id is not valid. Valid encrypter ids are: " + str(self.valid_decrypter_ids))
+        if len(self.decrypter_ids) >= self.needed_decrypters_amount:
+            raise Exception("There are already sufficients decrypters (" + str(len(self.decrypter_ids)) + ") defined!")
+        if decrypter_id in self.decrypter_ids:
+            raise Exception("The decrypter is already in the list.")
+        self.decrypter_ids.append(decrypter_id)
+    
+    def getUserId(self):
+        return self.user_id
+    
+    def getCoDecrypterIds(self):
+        co_decrypter_ids = self.decrypter_ids[:]
+        co_decrypter_ids.remove(int(self.user_id))
+        return co_decrypter_ids
+    
+    def getDecrypterIds(self):
+        return self.decrypter_ids
+    
+    def getDecryptersGroupName(self):
+        self.decrypter_ids.sort()
+        return ''.join(str(x) for x in self.decrypter_ids)
+    
+    def getPasswordShare(self):
+        return self.user_data['groups'][str(self.getDecryptersGroupName())]
+        
+    def getNeededDecryptersAmount(self):
+        return self.needed_decrypters_amount
+    
+    def loadTxtFile(self,file_path):
+        return Path(file_path).read_text()
+    
     def loadJsonFile(self,file_path):
         file = open(file_path)
         data = json.load(file)
         file.close()
         return data
     
-    def setNeededEncryptersAmount(self):
-        self.needed_encrypters_amount = len(str(list(self.user_data['groups'].keys())[0]))-1
-    
     def decryptFile(self,password,input_file_path,output_file_path):
         self.executeCommand('gpg --batch --passphrase "'+ password + '" -o "' + output_file_path +'" "'+ input_file_path+'"')
     
     def decryptUserFile(self):
-        input_file_path = self.getUserFilePath(self.user_id,"encrypted")
+        input_file_path = self.getUserFilePath(self.user_id,AbstractSplittedSecret.TYPE_ENCRYPTED)
         self.decryptFile(self.user_password, input_file_path, self.user_file_decrypted_path)
         
-    def decryptAccumulatedFile(self):
+    def decryptGroupFile(self):
-        input_file_path = self.getAccumulatedFilePath("encrypted")
+        input_file_path = self.getGroupFilePath(self.group_name, AbstractSplittedSecret.TYPE_ENCRYPTED)
-        output_file_path = self.getAccumulatedFilePath("decrypted")
+        self.decryptFile(self.getGroupPassword(), input_file_path, self.encrypted_group_file_path)
-        self.decryptFile(self.user_password, input_file_path, output_file_path)
         
-    def initializeData(self):
+    def decryptAccumulatedFile(self):
-        self.decryptUserFile()
+        input_file_path = self.getAccumulatedFilePath(AbstractSplittedSecret.TYPE_ENCRYPTED)
-        self.user_data = self.loadJsonFile(self.user_file_decrypted_path)
+        output_file_path = self.getAccumulatedFilePath(AbstractSplittedSecret.TYPE_DECRYPTED)
-        self.setNeededEncryptersAmount()
+        self.decryptFile(self.user_password, input_file_path, output_file_path)

scripts/classes/Encryption.py

@@ -22,7 +22,7 @@ class Encryption(AbstractSplittedSecret):
         self.user_mapped_data = {}
         user_count = 1
         while user_count <= self.amount_of_secret_holders:
-            self.user_mapped_data[str(user_count)] = {"groups":{},"user_password":self.createPassword(64),"about":{}}
+            self.user_mapped_data[str(user_count)] = {"groups":{},"user_password":self.createPassword(self.USER_PASSWORD_LENGTHS),"about":{}}
             user_count += 1;
     
     def initializeGroupData(self):
@@ -51,11 +51,11 @@ class Encryption(AbstractSplittedSecret):
         characters = string.ascii_letters + string.digits
         return (''.join(random.choice(characters) for i in range(length)).upper())
     
-    def isGroupValid(self,password_group_index_str):
+    def isGroupValid(self,password_group_name):
         secret_stakeholders_range=range(1,(self.amount_of_secret_holders+1))
         valid_numbers = re.compile("([" + ','.join([str(x) for x in secret_stakeholders_range]) + "]{" + str(self.group_members_amount) + "})")
         unvalid_sequenz = re.compile("(.)\\1+")
-        return re.search(valid_numbers, password_group_index_str) and not re.search(unvalid_sequenz, password_group_index_str)
+        return re.search(valid_numbers, password_group_name) and not re.search(unvalid_sequenz, password_group_name)
     
     def compileContacts(self):
         contacts = {}
@@ -71,21 +71,21 @@ class Encryption(AbstractSplittedSecret):
         self.compileContacts()
         index = self.getStartnumber()
         while index < self.getEndnumber():
-            password_group_index_str = ''.join(sorted(str(index)))
+            password_group_name = ''.join(sorted(str(index)))
-            if self.isGroupValid(password_group_index_str):
+            if self.isGroupValid(password_group_name):
-                password_group_index_int = int(password_group_index_str)
+                password_group_index_int = int(password_group_name)
                 if not password_group_index_int in self.group_mapped_data:
                     self.group_mapped_data[password_group_index_int] = {}
                     self.group_mapped_data[password_group_index_int]['members'] = {}
                     self.group_mapped_data[password_group_index_int]['password'] = '' 
                     password = ''
-                    for secret_holder_index in password_group_index_str:
+                    for secret_holder_index in password_group_name:
                         self.group_mapped_data[password_group_index_int]['members'][secret_holder_index]={}
-                        particial_password_length= int(128*self.quota_factor); 
+                        particial_password_length= int(self.OVERALL_PASSWORD_LENGTHS*self.quota_factor); 
                         password_part = self.createPassword(particial_password_length)
                         self.group_mapped_data[password_group_index_int]['members'][secret_holder_index] = password_part
                         password += password_part
-                        self.user_mapped_data[secret_holder_index]['groups'][password_group_index_str] = password_part
+                        self.user_mapped_data[secret_holder_index]['groups'][password_group_name] = password_part
                     self.group_mapped_data[password_group_index_int]['password'] += password
             index += 1
             
@@ -94,7 +94,7 @@ class Encryption(AbstractSplittedSecret):
     
     def encryptGroupFiles(self):
         for password_group_index_int in self.group_mapped_data:
-            encrypted_group_password_file_path = self.getGroupFilePath(password_group_index_int,"encrypted")
+            encrypted_group_password_file_path = self.getGroupFilePath(password_group_index_int,AbstractSplittedSecret.TYPE_ENCRYPTED)
             self.encryptStringToFile(self.master_password,encrypted_group_password_file_path,self.group_mapped_data[password_group_index_int]['password'])
     
     def encryptToJsonFile(self,data,file_path,password):
@@ -102,13 +102,13 @@ class Encryption(AbstractSplittedSecret):
         
     def encryptUserData(self):
         for user_id in self.user_mapped_data:
-            file_path=self.getUserFilePath(user_id,"encrypted")
+            file_path=self.getUserFilePath(user_id,AbstractSplittedSecret.TYPE_ENCRYPTED)
             data=self.user_mapped_data[user_id]
             password=self.user_mapped_data[user_id]['user_password']
             self.encryptToJsonFile(data,file_path,password)
             
     def encryptAccumulatedData(self):
-        file_path=self.getAccumulatedFilePath("encrypted")
+        file_path=self.getAccumulatedFilePath(AbstractSplittedSecret.TYPE_ENCRYPTED)
         data={"user_mapped": self.user_mapped_data, "group_mapped": self.group_mapped_data}
         self.encryptToJsonFile(data,file_path,self.master_password)
     

scripts/main.py

@@ -3,74 +3,132 @@ from classes.Encryption import Encryption
 from classes.Cleanup import Cleanup
 from classes.Decryption import Decryption
 from getpass import getpass
+from classes.AbstractSplittedSecret import AbstractSplittedSecret
+import traceback
 
-if __name__ == '__main__':
+cleanup = Cleanup()
+
+def clean_exit():
+    print("Cleaning up.")
+    try:
+        cleanup.cleanupFiles(AbstractSplittedSecret.TYPE_DECRYPTED)
+    except:
+        pass
+    print("Leaving program.")
+    exit()
+
+def dirty_exit():
+    print("ATTENTION: SECURITY RISK !!!\nPROGRAM DIDN'T CLEAN UP DECRYPTED DATA. \nDECRYPTED DATA EXISTS AND CAN BE READ BY EVERYBODY!")
+    print("TO REMOVE DECRYPTED DATA EXECUTE:\nmain.py --mode cleanup --file-types " + AbstractSplittedSecret.TYPE_DECRYPTED)
+    print("Leaving program.")
+    exit()
+
+try:
+    if __name__ == '__main__':
         parser = argparse.ArgumentParser()
         parser.add_argument('--mode',type=str, dest='mode',required=True,choices=['cleanup','encrypt','decrypt'])
-    parser.add_argument('--amount',type=int, dest='amount_of_secret_holders',required=False,choices=range(1,9))
+        parser.add_argument('--file-types',type=str, dest='file_types',required=False,choices=[AbstractSplittedSecret.TYPE_DECRYPTED, AbstractSplittedSecret.TYPE_ENCRYPTED])
+        parser.add_argument('--amount',type=int, dest='amount_of_secret_holders',required=False,choices=AbstractSplittedSecret.getCoSecretHoldersRange())
         parser.add_argument('--quota', type=int, dest='decryption_quota', choices=range(1,101),required=False)
         parser.add_argument('--master-password',type=str, dest='master_password',required=False)
         parser.add_argument('--user-password',type=str, dest='user_password',required=False)
-    parser.add_argument('--user',type=int, dest='user',choices=range(1,9),required=False)
+        parser.add_argument('--user',type=int, dest='user',choices=AbstractSplittedSecret.getSecretHoldersRange(),required=False)
         parser.add_argument('--add-user-information',type=bool, dest='add_user_information', default=False, required=False, action=argparse.BooleanOptionalAction)
         args = parser.parse_args()
-    mode = args.mode
 
-    print("Splitted Secret Interface started.")
+        print("Application started.")
-    print("Selected Mode: " + mode)
+        print("Selected Mode: " + args.mode)
         
-    if mode == 'cleanup':
+        if args.mode == 'cleanup':   
-        cleanup = Cleanup()
+            print("Cleaning up.")
+            if args.file_types is None:
                 if args.user is None: 
-            print("Delete all files.")
+                    print("Deleting all encrypted and decrypted files.")
                     cleanup.deleteAll()
-            exit()
+                    clean_exit()
-        print("Delete files for user <<" + str(args.user) + ">>");
+                print("Deleting all files which aren't related to user: " + str(args.user));
                 cleanup.cleanupForUser(args.user)
-        exit()
+                clean_exit()
+            print("Deleting all " + args.file_types + " files.")
+            cleanup.cleanupFiles(args.file_types)
+            clean_exit()
             
-    if mode == 'decrypt':
+        if args.mode == 'decrypt':
             decrypt = Decryption()
             if args.master_password is None:
                 if args.user is None: 
-                print("Please type in the user number:")
+                    print("Type in the user id:")
-                decrypt.setUserId(input())
+                    decrypt.initializeUser(input())
                 else:
-                decrypt.setUserId(args.user)
+                    decrypt.initializeUser(args.user)
                 if args.user_password is None:
                     while True:
-                    print("Please enter the user password:")
+                        print("Enter the user password:")
                         decrypt.setUserPassword(getpass())
                         print("Decrypting User File...")
                         try:
-                        decrypt.initializeData();
+                            decrypt.initializeUserDataDecryption();
                             break;
-                    except:
+                        except Exception as error:
-                        print("Wrong password :(")
+                            print("An error occured. Propably you typed in a wrong password :( The error is: " + str(error))
                 else:
                     decrypt.setUserPassword(args.user_password)
                     print("Decrypting User File...")
                     try:
-                    decrypt.initializeData();
+                        decrypt.initializeUserDataDecryption();
-                except:
+                    except Exception as error:
-                    print("Wrong password :(")
+                        print("An error occured. Propably you passed a wrong password :( The error is: " + str(error))
-                    exit()
+                        clean_exit()
-            print("File decrypted :) \n")
+                print("\nContact the following persons and request their password share: \n")
-            print("Please contact the following persons and tell them that you need help to encrypt the data: \n")
                 for contact_id in decrypt.user_data['contacts']:
                     print("user_id: " + contact_id)
                     for label in decrypt.user_data['contacts'][contact_id]:
                         print(label + ": " + decrypt.user_data['contacts'][contact_id][label])
-            print("You need at least <<" + str(decrypt.needed_encrypters_amount) +">> other person to decrypt the secret.")
+                while True:
-            exit()
+                    print("\nReset password shares.\n")
+                    decrypt.resetDecrypterIds()
+                    try:
+                        password_shares_count = 1
+                        while password_shares_count < decrypt.getNeededDecryptersAmount():
+                            print(str(password_shares_count) + " password shares had been added.")
+                            print("Password shares for the the users " + str(decrypt.getDecrypterIds()) + " been added. ")
+                            print("You need to add " + str((decrypt.getNeededDecryptersAmount()-password_shares_count)) +" more password shares.")
+                            print("\nType in the user id of another decrypter:")
+                            decrypt.addDecrypterId(int(input()))
+                            password_shares_count += 1
+                        break
+                    except Exception as error:
+                        print("The following error occured <<" + str(error) + ">> :( \n Try again :)")
+                print("\nYour data is:\n")
+                print("FOR PASSWORD GROUP: " + decrypt.getDecryptersGroupName()) 
+                print("FOR USER ID: "  + decrypt.getUserId())
+                print("PASSWORD SHARE IS: " + decrypt.getPasswordShare() + "\n")
+                while True:
+                    try:
+                        decrypt.resetPasswordShare()
+                        co_decrypter_ids = decrypt.getCoDecrypterIds()
+                        for co_decrypter_id in decrypt.getCoDecrypterIds():
+                            print("Type in the password share for: \n")
+                            print("FOR PASSWORD GROUP: " + decrypt.getDecryptersGroupName()) 
+                            print("FOR USER: " + str(co_decrypter_id)) 
+                            print("PASSWORD SHARE IS: ")
+                            decrypt.addPasswordShare(co_decrypter_id, input())
+                        print("\nTHE GROUP PASSWORD IS: " + decrypt.getGroupPassword())
+                        print("\nDecrypting group password file.\n")
+                        decrypt.initializeGroupDataEncryption()
+                        print("THE MASTER PASSWORD IS: " + decrypt.getMasterPassword())
+                        break;
+                    except:
+                        print("An unexpected error occured: \n" + traceback.format_exc())
+                dirty_exit()
             print("Decrypting accumulated file...")
             decrypt.setUserPassword(args.master_password)
             decrypt.decryptAccumulatedFile()
-        exit()
+            clean_exit()
         
-    if mode == 'encrypt':
+        if args.mode == 'encrypt':
             if args.master_password is None:
-            print("Please enter the master password:")
+                print("Enter the master password:")
                 master_password = getpass()
             else:
                 master_password = args.master_password
@@ -78,8 +136,11 @@ if __name__ == '__main__':
             if args.add_user_information is not None:
                 for user_id in encrypt.user_mapped_data:
                     for label in ['name','phone','email','address']:
-                    print("Please enter attribut <<" + label + ">> for user <<" + user_id+ ">>:" )
+                        print("Enter attribut <<" + label + ">> for user <<" + user_id+ ">>:" )
                         encrypt.addInformationToUser(user_id, label, str(input()))
             encrypt.compileData()
             encrypt.encrypt()
-        exit()
+            clean_exit()
+except KeyboardInterrupt:
+    print("Program interrupted by user.")
+clean_exit()