Island: Switch back to using secrets for encryption key generation instead of cryptography.fernet in DataStoreEncryptor and RepositoryEncryptor

2022-07-19 18:22:34 +05:30 · 2022-07-19 18:22:34 +05:30 · 4d31e0d56e
parent d022c65439
commit 4d31e0d56e
2 changed files with 4 additions and 6 deletions
--- a/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py
+++ b/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py
@ -1,9 +1,8 @@
 import os
+import secrets
 from pathlib import Path
 from typing import Union

-from cryptography.fernet import Fernet
-
 from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file

 from .i_encryptor import IEncryptor
@ -36,7 +35,7 @@ class DataStoreEncryptor(IEncryptor):
        return KeyBasedEncryptor(plaintext_key)

    def _create_key(self) -> KeyBasedEncryptor:
-        plaintext_key = Fernet.generate_key()
+        plaintext_key = secrets.token_bytes(32)

        encrypted_key = self._password_based_encryptor.encrypt(plaintext_key)
        with open_new_securely_permissioned_file(str(self._key_file), "wb") as f:
--- a/monkey/monkey_island/cc/server_utils/encryption/repository_encryptor.py
+++ b/monkey/monkey_island/cc/server_utils/encryption/repository_encryptor.py
@ -1,7 +1,6 @@
+import secrets
 from pathlib import Path

-from cryptography.fernet import Fernet
-
 from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file

 from . import ILockableEncryptor, LockedKeyError, ResetKeyError, UnlockError
@ -36,7 +35,7 @@ class RepositoryEncryptor(ILockableEncryptor):
        return KeyBasedEncryptor(plaintext_key)

    def _create_key(self) -> KeyBasedEncryptor:
-        plaintext_key = Fernet.generate_key()
+        plaintext_key = secrets.token_bytes(32)

        encrypted_key = self._password_based_encryptor.encrypt(plaintext_key)
        with open_new_securely_permissioned_file(str(self._key_file), "wb") as f: