p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Island: Use secrets instead of Crypto (pycryptodome) in DataStoreEncryptor

This commit is contained in:
Shreya Malviya 2022-07-14 17:24:56 +05:30
parent 7456ef6b05
commit c12e281e4e
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py
View File

@ -1,9 +1,8 @@
import os import os
import secrets
from pathlib import Path from pathlib import Path
from typing import Union from typing import Union
from Crypto import Random # noqa: DUO133 # nosec: B413
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
from .i_encryptor import IEncryptor from .i_encryptor import IEncryptor
@ -38,8 +37,7 @@ class DataStoreEncryptor(IEncryptor):
return KeyBasedEncryptor(plaintext_key) return KeyBasedEncryptor(plaintext_key)
def _create_key(self) -> KeyBasedEncryptor: def _create_key(self) -> KeyBasedEncryptor:
# TODO: Can we just use secrets.token_bytes(DataStoreEncryptor._KEY_LENGTH_BYTES)? plaintext_key = secrets.token_bytes(DataStoreEncryptor._KEY_LENGTH_BYTES)
plaintext_key = Random.new().read(DataStoreEncryptor._KEY_LENGTH_BYTES)
encrypted_key = self._password_based_encryptor.encrypt(plaintext_key) encrypted_key = self._password_based_encryptor.encrypt(plaintext_key)
with open_new_securely_permissioned_file(str(self._key_file), "wb") as f: with open_new_securely_permissioned_file(str(self._key_file), "wb") as f: