@ -32,28 +32,33 @@ class Crypto(object):
"""
"""
# Leave the crypto working directory
# Leave the crypto working directory
if self . config . crypt_dir in os . getcwd ( ) :
os . chdir ( ' ../ ' )
os . chdir ( ' ../ ' )
self . compressor . compress_project ( )
self . compressor . compress_project ( )
# Get the password and salt, then derive the key
self . crypto_ramp_up ( )
# Create project and crypto archive
# Create project and crypto archive
archive_file = open ( self . archive , ' rb ' )
archive_file = open ( self . archive , ' rb ' )
archive_crypt = open ( self . config . crypt_file , ' wb ' )
archive_crypt = open ( self . config . crypt_file , ' wb ' )
# Get the password and salt, then derive the key
try :
self . crypto_ramp_up ( )
# Encrypt the archive read as a bytestring
# Encrypt the archive read as a bytestring
fern = Fernet ( self . key )
fern = Fernet ( self . key )
crypt_token = fern . encrypt ( archive_file . read ( ) )
crypt_token = fern . encrypt ( archive_file . read ( ) )
archive_crypt . write ( crypt_token )
archive_crypt . write ( crypt_token )
except InvalidToken as e :
# Store the salt for the next decryption
raise PappyException ( " Error encrypting project: " , e )
self . create_salt_file ( )
return False
archive_file . close ( )
archive_file . close ( )
archive_crypt . close ( )
archive_crypt . close ( )
# Store the salt for the next decryption
self . create_salt_file ( )
# Delete clear-text files
# Delete clear-text files
self . delete_clear_files ( )
self . delete_clear_files ( )
return True
return True
@ -79,6 +84,7 @@ class Crypto(object):
cf = self . config . crypt_file
cf = self . config . crypt_file
sl = self . config . salt_len
sl = self . config . salt_len
crl = os . path . getsize ( cf ) - sl
crl = os . path . getsize ( cf ) - sl
archive_crypt = open ( cf , ' rb ' ) . read ( crl )
archive_crypt = open ( cf , ' rb ' ) . read ( crl )
archive_file = open ( self . config . archive , ' wb ' )
archive_file = open ( self . config . archive , ' wb ' )
@ -89,18 +95,16 @@ class Crypto(object):
fern = Fernet ( self . key )
fern = Fernet ( self . key )
archive = fern . decrypt ( archive_crypt )
archive = fern . decrypt ( archive_crypt )
break
break
except InvalidToken :
except InvalidToken as e :
print " Invalid password "
print " Invalid decryption: " , e
retries - = 1
retries - = 1
# Quit pappy if user doesn't retry
# Quit pappy if user doesn't retry
# or if all retries exhuasted
# or if all retries exhuasted
if not self . confirm_password_retry ( ) or retries < = 0 :
if not self . confirm_password_retry ( ) or retries < = 0 :
self . config . crypt_success = False
return False
return False
else :
else :
self . password = None
self . password = None
self . key = None
self . key = None
self . salt = None
pass
pass
archive_file . write ( archive )
archive_file . write ( archive )
@ -112,7 +116,7 @@ class Crypto(object):
return True
return True
def confirm_password_retry ( self ) :
def confirm_password_retry ( self ) :
answer = raw_input ( " Re-enter your password? (y/n) " ) . strip ( )
answer = raw_input ( " Re-enter your password? (y/n): " ) . strip ( )
if answer [ 0 ] == " y " or answer [ 0 ] == " Y " :
if answer [ 0 ] == " y " or answer [ 0 ] == " Y " :
return True
return True
else :
else :
@ -121,6 +125,7 @@ class Crypto(object):
def crypto_ramp_up ( self ) :
def crypto_ramp_up ( self ) :
if not self . password :
if not self . password :
self . get_password ( )
self . get_password ( )
if not self . salt :
self . set_salt ( )
self . set_salt ( )
self . derive_key ( )
self . derive_key ( )
@ -137,7 +142,11 @@ class Crypto(object):
raise PappyException ( " Invalid password, try again " )
raise PappyException ( " Invalid password, try again " )
def set_salt ( self ) :
def set_salt ( self ) :
if os . path . isfile ( self . config . crypt_file ) :
if self . config . crypt_dir in os . getcwd ( ) :
os . chdir ( ' ../ ' )
self . set_salt_from_file ( )
os . chdir ( self . config . crypt_dir )
elif os . path . isfile ( self . config . crypt_file ) :
self . set_salt_from_file ( )
self . set_salt_from_file ( )
else :
else :
self . salt = os . urandom ( 16 )
self . salt = os . urandom ( 16 )
@ -152,19 +161,17 @@ class Crypto(object):
# behavior.
# behavior.
salt_file = open ( self . config . crypt_file , ' rb ' )
salt_file = open ( self . config . crypt_file , ' rb ' )
sl = self . config . salt_len
sl = self . config . salt_len
salt_file . seek ( sl , 2 )
# Negate the salt length to seek to the
# correct position in the buffer
salt_file . seek ( - sl , 2 )
self . salt = salt_file . read ( sl )
self . salt = salt_file . read ( sl )
salt_file . close ( )
except :
except :
cf = self . config . crypt_file
cf = self . config . crypt_file
raise PappyException ( " Unable to read %s " % cf )
raise PappyException ( " Unable to read %s " % cf )
def create_salt_file ( self ) :
def create_salt_file ( self ) :
# WARNING: must open `crypt_file` in `wb` mode
salt_file = open ( self . config . crypt_file , ' a ' )
# or `salt_file.seek()` will result in undefined
# behavior.
salt_file = open ( self . config . crypt_file , ' wb ' )
# Seek to the end of the encrypted archive
salt_file . seek ( 0 , 2 )
salt_file . write ( self . salt )
salt_file . write ( self . salt )
salt_file . close ( )
salt_file . close ( )