Island: Switch back to using secrets for encryption key generation instead of cryptography.fernet in DataStoreEncryptor and RepositoryEncryptor

This commit is contained in:
Shreya Malviya 2022-07-19 18:22:34 +05:30
parent d022c65439
commit 4d31e0d56e
2 changed files with 4 additions and 6 deletions

View File

@ -1,9 +1,8 @@
import os import os
import secrets
from pathlib import Path from pathlib import Path
from typing import Union from typing import Union
from cryptography.fernet import Fernet
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
from .i_encryptor import IEncryptor from .i_encryptor import IEncryptor
@ -36,7 +35,7 @@ class DataStoreEncryptor(IEncryptor):
return KeyBasedEncryptor(plaintext_key) return KeyBasedEncryptor(plaintext_key)
def _create_key(self) -> KeyBasedEncryptor: def _create_key(self) -> KeyBasedEncryptor:
plaintext_key = Fernet.generate_key() plaintext_key = secrets.token_bytes(32)
encrypted_key = self._password_based_encryptor.encrypt(plaintext_key) encrypted_key = self._password_based_encryptor.encrypt(plaintext_key)
with open_new_securely_permissioned_file(str(self._key_file), "wb") as f: with open_new_securely_permissioned_file(str(self._key_file), "wb") as f:

View File

@ -1,7 +1,6 @@
import secrets
from pathlib import Path from pathlib import Path
from cryptography.fernet import Fernet
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
from . import ILockableEncryptor, LockedKeyError, ResetKeyError, UnlockError from . import ILockableEncryptor, LockedKeyError, ResetKeyError, UnlockError
@ -36,7 +35,7 @@ class RepositoryEncryptor(ILockableEncryptor):
return KeyBasedEncryptor(plaintext_key) return KeyBasedEncryptor(plaintext_key)
def _create_key(self) -> KeyBasedEncryptor: def _create_key(self) -> KeyBasedEncryptor:
plaintext_key = Fernet.generate_key() plaintext_key = secrets.token_bytes(32)
encrypted_key = self._password_based_encryptor.encrypt(plaintext_key) encrypted_key = self._password_based_encryptor.encrypt(plaintext_key)
with open_new_securely_permissioned_file(str(self._key_file), "wb") as f: with open_new_securely_permissioned_file(str(self._key_file), "wb") as f: