From 4d31e0d56e37769500e1f619f1833d9e3898ba29 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Tue, 19 Jul 2022 18:22:34 +0530 Subject: [PATCH] Island: Switch back to using secrets for encryption key generation instead of cryptography.fernet in DataStoreEncryptor and RepositoryEncryptor --- .../cc/server_utils/encryption/data_store_encryptor.py | 5 ++--- .../cc/server_utils/encryption/repository_encryptor.py | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py b/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py index 9fecce939..bc5d44dd6 100644 --- a/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py +++ b/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py @@ -1,9 +1,8 @@ import os +import secrets from pathlib import Path from typing import Union -from cryptography.fernet import Fernet - from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file from .i_encryptor import IEncryptor @@ -36,7 +35,7 @@ class DataStoreEncryptor(IEncryptor): return KeyBasedEncryptor(plaintext_key) def _create_key(self) -> KeyBasedEncryptor: - plaintext_key = Fernet.generate_key() + plaintext_key = secrets.token_bytes(32) encrypted_key = self._password_based_encryptor.encrypt(plaintext_key) with open_new_securely_permissioned_file(str(self._key_file), "wb") as f: diff --git a/monkey/monkey_island/cc/server_utils/encryption/repository_encryptor.py b/monkey/monkey_island/cc/server_utils/encryption/repository_encryptor.py index ccc5403f1..3e73e6314 100644 --- a/monkey/monkey_island/cc/server_utils/encryption/repository_encryptor.py +++ b/monkey/monkey_island/cc/server_utils/encryption/repository_encryptor.py @@ -1,7 +1,6 @@ +import secrets from pathlib import Path -from cryptography.fernet import Fernet - from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file from . import ILockableEncryptor, LockedKeyError, ResetKeyError, UnlockError @@ -36,7 +35,7 @@ class RepositoryEncryptor(ILockableEncryptor): return KeyBasedEncryptor(plaintext_key) def _create_key(self) -> KeyBasedEncryptor: - plaintext_key = Fernet.generate_key() + plaintext_key = secrets.token_bytes(32) encrypted_key = self._password_based_encryptor.encrypt(plaintext_key) with open_new_securely_permissioned_file(str(self._key_file), "wb") as f: