For Fernet to work correctly, the salt must be the same when
re-encrypting the project after a successful decryption.
This is because the key for decryption and encryption must be the
same during a single session. So if the project was decrypted with
one salt, the we want to generate a new salt to re-encrypt the file
with a new key, Fernet will cough up an exception. Presumably this
problem won't exist with other crypto-systems (e.g. AES-GCM).
The crypto salt file is no longer a thing. Now the salt is merely
appended to the `crypt_file` as the last sixteen bytes. The salt
is read from the end of the `crypt_file` on subsequent decryptions.
Added a setting for enabling 'debug' mode, using `pdb` for dynamic
debugging in pappy sessions. When needing to debug a function, or
set of functionality add the conditional `if config.debug`, then
set an entry point for `pdb` using `import pdb; pdb.set_trace()`
May remove this functionality if not desired in the main project.
When the entire OS halts during the middle of a pappy crypto
session, the `crypt` working directory is left unencrypted.
To fix this, I added another conditional into `crypto.py`'s
decryption function to enter an existing crypto working directory,
so that when the project finishes it will encrypt/exit properly.
Pappy would raise exceptions and continued project in clear-text
when the user failed to enter the correct decryption password.
Added a boolean status variable to config `crypt_success` that
gets set to true when project decrypts correctly, otherwise it
is set to false.
When entering the wrong password, fernet throws an 'InvalidToken'
exception. This is now handled, but does not fully shutdown pappy.
Working on asking for password multiple times, then shutting down
completely after reasonable amount of total tries, e.g. 3.
Crypto mode for pappy now works. Still need to work out the kinks
for not supplying a project file to `pappy -c`, but when supplied
encryption and decryption work.
Project is now properly encrypting the archive,
and now I just need to ensure proper decryption
is happening. Also need to work on cleaning up
clear text versions of the crypt project files.
Need to write tests for flushing out edge cases.
In the function for grabbing project files (`Config.get_project_files`)
I was overcomplicating getting the current working directory.
Simplified the process and removed the bug!
Attempting to get stub file creation and copying working. Fixed
syntax errors, and now attempting to get password reading working
in the test environment.
Converted the crypto and compression plugins to core features, and
added the utility variables and functions to the Config class in
``config.py``. Added helper functions in PappySession class in
``pappy.py`` to enable the user to pass in an encrypted project archive.
Next moving to testing and debugging!
Cleaned up the huge mess I created, pushing back to catch everything up.
Redoing crypto plugin as main component instead of plugin.
Likely compressing existing project files on first crypto run,
then storing the encrypted archive blob in the project directory.
When pappy started again, it will see the encrypted blob, extract
files to working directory, do all of its work in that directory,
then exit the directory, and clean up all files. A lot of work, but
worth the end result!
Rob Glew
Nich
Nikolay Ermishkin
Rob Glew