second_testing/lock.py at master · mshoffner2/second_testing · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
from Crypto.Cipher import AES
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
from Crypto.PublicKey import ECC
from Crypto.Signature import DSS
from Crypto.Cipher import PKCS1_OAEP
import sys
import os
from Crypto.Random import get_random_bytes


def make_AES_key(pub_key, priv_key, root_dir):
    aes_key = get_random_bytes(16)

    # encrypt aes_key with rsa, and writing to file
    key = RSA.importKey(pub_key)
    cipher = PKCS1_OAEP.new(key)
    ciphertext = cipher.encrypt(aes_key)

    key_f_name = os.path.join(root_dir, "keyfile")
    key_file = open(key_f_name, "wb")
    key_file.write(ciphertext)
    key_file.close()

    # signing the key, and writing to file
    ec_key = ECC.import_key(priv_key)
    sig_hash = SHA256.new(ciphertext)
    signer = DSS.new(ec_key, 'fips-186-3')
    final_sig = signer.sign(sig_hash)

    key_f_name = os.path.join(root_dir, "keyfile.sig")
    sig_file = open(key_f_name, "wb")
    sig_file.write(final_sig)
    sig_file.close()

    return aes_key


def enc_all_files(aes_key, root_dir):
    # traverse directory, and encrypt and tag all regular files
    for dir_name, sub_dir_list, file_list in os.walk(root_dir):
        for f_name in file_list:
            # do the stuff, encrypt and the like
            if f_name != 'keyfile' and f_name != 'keyfile.sig':
                # encrypt
                my_cipher = AES.new(aes_key, AES.MODE_GCM)
                temp_name = os.path.join(dir_name, f_name)
                file_in = open(temp_name, 'r')
                data = file_in.read()
                file_in.close()
                temp_ciphertext, temp_tag = my_cipher.encrypt_and_digest(data.encode())

                file_out = open(temp_name, "wb")
                [file_out.write(x) for x in (my_cipher.nonce, temp_tag, temp_ciphertext)]
                # print('encrypted ' + f_name + '\n')


pub_name = "pubkey.txt"
given_s = "Michaela"
root_d = "test"
priv_name = "privkey_ec.txt"

if len(sys.argv) != 9:
    print('usage: lock -d <directory to lock> -p <public key of unlocking party> -r <private key to sign keyfile> -s <subject>')
    exit()

if sys.argv[1] == '-s':
    given_s = sys.argv[2]
elif sys.argv[3] == '-s':
    given_s = sys.argv[4]
elif sys.argv[5] == '-s':
    given_s = sys.argv[6]
elif sys.argv[7] == '-s':
    given_s = sys.argv[8]
else:
    print('usage: lock -d <directory to lock> -p <public key of unlocking party> -r <private key to sign keyfile> -s <subject>')
    exit()

if sys.argv[1] == '-p':
    pub_name = sys.argv[2]
elif sys.argv[3] == '-p':
    pub_name = sys.argv[4]
elif sys.argv[5] == '-p':
    pub_name = sys.argv[6]
elif sys.argv[7] == '-p':
    pub_name = sys.argv[8]
else:
    print('usage: lock -d <directory to lock> -p <public key of unlocking party> -r <private key to sign keyfile> -s <subject>')
    exit()

if sys.argv[1] == '-r':
    priv_name = sys.argv[2]
elif sys.argv[3] == '-r':
    priv_name = sys.argv[4]
elif sys.argv[5] == '-r':
    priv_name = sys.argv[6]
elif sys.argv[7] == '-r':
    priv_name = sys.argv[8]
else:
    print('usage: lock -t <type of key pair> -s <subject> -pub <path to public key file> -priv <paht to private key file>')
    exit()

if sys.argv[1] == '-d':
    root_d = sys.argv[2]
elif sys.argv[3] == '-d':
    root_d = sys.argv[4]
elif sys.argv[5] == '-d':
    root_d = sys.argv[6]
elif sys.argv[7] == '-d':
    root_d = sys.argv[8]
else:
    print('usage: lock -d <directory to lock> -p <public key of unlocking party> -r <private key to sign keyfile> -s <subject>')
    exit()

pub_key_file = open(pub_name, "r")
sub = pub_key_file.readline()
sub = sub[:-1]
pb_s_type = pub_key_file.readline()
pb_key = pub_key_file.read()
pub_key_file.close()

priv_key_file = open(priv_name, "r")
pr_sub = priv_key_file.readline()
pr_s_type = priv_key_file.readline()
pr_key = priv_key_file.read()
priv_key_file.close()

#print('sub = ' + sub + '\n')
#print('given_s = ' + given_s + '\n')

if sub != given_s:
    print("Error, subject not correct\n")
    exit(1)

a_key = make_AES_key(pb_key, pr_key, root_d)

enc_all_files(a_key, root_d)