diff --git a/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py b/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py index c5af78cbd..79f07e6c6 100644 --- a/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py +++ b/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py @@ -1,8 +1,9 @@ import os -import secrets from pathlib import Path from typing import Union +from cryptography.fernet import Fernet + from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file from .i_encryptor import IEncryptor @@ -37,7 +38,7 @@ class DataStoreEncryptor(IEncryptor): return KeyBasedEncryptor(plaintext_key) def _create_key(self) -> KeyBasedEncryptor: - plaintext_key = secrets.token_bytes(DataStoreEncryptor._KEY_LENGTH_BYTES) + plaintext_key = Fernet.generate_key() encrypted_key = self._password_based_encryptor.encrypt(plaintext_key) with open_new_securely_permissioned_file(str(self._key_file), "wb") as f: diff --git a/monkey/monkey_island/cc/server_utils/encryption/repository_encryptor.py b/monkey/monkey_island/cc/server_utils/encryption/repository_encryptor.py index c53d6e38b..7d1686c82 100644 --- a/monkey/monkey_island/cc/server_utils/encryption/repository_encryptor.py +++ b/monkey/monkey_island/cc/server_utils/encryption/repository_encryptor.py @@ -1,6 +1,7 @@ -import secrets from pathlib import Path +from cryptography.fernet import Fernet + from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file from . import ILockableEncryptor, LockedKeyError, ResetKeyError, UnlockError @@ -37,7 +38,7 @@ class RepositoryEncryptor(ILockableEncryptor): return KeyBasedEncryptor(plaintext_key) def _create_key(self) -> KeyBasedEncryptor: - plaintext_key = secrets.token_bytes(RepositoryEncryptor._KEY_LENGTH_BYTES) + plaintext_key = Fernet.generate_key() encrypted_key = self._password_based_encryptor.encrypt(plaintext_key) with open_new_securely_permissioned_file(str(self._key_file), "wb") as f: