forked from p15670423/monkey
Island: Use cryptography.fernet to generate key in DataStoreEncryptor
and RepositoryEncryptor We changed our encryption code to use cryptography.fernet instead of pycryptodome. Using secrets.token_bytes() with fernet was causing padding and encoding issues. This is a quicker and easier solution, and also probably more reliable since everything to do with encryption is from the same module now.
This commit is contained in:
Shreya Malviya
parent
5eb77dcbb6
commit
f8eeda1e6f
|
|
@ -1,8 +1,9 @@
|
||||||
import os
|
import os
|
||||||
import secrets
|
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
from typing import Union
|
from typing import Union
|
||||||
|
|
||||||
|
from cryptography.fernet import Fernet
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
|
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
|
||||||
|
|
||||||
from .i_encryptor import IEncryptor
|
from .i_encryptor import IEncryptor
|
||||||
|
|
@ -37,7 +38,7 @@ class DataStoreEncryptor(IEncryptor):
|
||||||
return KeyBasedEncryptor(plaintext_key)
|
return KeyBasedEncryptor(plaintext_key)
|
||||||
|
|
||||||
def _create_key(self) -> KeyBasedEncryptor:
|
def _create_key(self) -> KeyBasedEncryptor:
|
||||||
plaintext_key = secrets.token_bytes(DataStoreEncryptor._KEY_LENGTH_BYTES)
|
plaintext_key = Fernet.generate_key()
|
||||||
|
|
||||||
encrypted_key = self._password_based_encryptor.encrypt(plaintext_key)
|
encrypted_key = self._password_based_encryptor.encrypt(plaintext_key)
|
||||||
with open_new_securely_permissioned_file(str(self._key_file), "wb") as f:
|
with open_new_securely_permissioned_file(str(self._key_file), "wb") as f:
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
import secrets
|
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
|
|
||||||
|
from cryptography.fernet import Fernet
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
|
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
|
||||||
|
|
||||||
from . import ILockableEncryptor, LockedKeyError, ResetKeyError, UnlockError
|
from . import ILockableEncryptor, LockedKeyError, ResetKeyError, UnlockError
|
||||||
|
|
@ -37,7 +38,7 @@ class RepositoryEncryptor(ILockableEncryptor):
|
||||||
return KeyBasedEncryptor(plaintext_key)
|
return KeyBasedEncryptor(plaintext_key)
|
||||||
|
|
||||||
def _create_key(self) -> KeyBasedEncryptor:
|
def _create_key(self) -> KeyBasedEncryptor:
|
||||||
plaintext_key = secrets.token_bytes(RepositoryEncryptor._KEY_LENGTH_BYTES)
|
plaintext_key = Fernet.generate_key()
|
||||||
|
|
||||||
encrypted_key = self._password_based_encryptor.encrypt(plaintext_key)
|
encrypted_key = self._password_based_encryptor.encrypt(plaintext_key)
|
||||||
with open_new_securely_permissioned_file(str(self._key_file), "wb") as f:
|
with open_new_securely_permissioned_file(str(self._key_file), "wb") as f:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue