thePR0M3TH3AN/seedPass
1
0
Fork 0
mirror of https://github.com/PR0M3TH3AN/SeedPass.git synced 2025-09-08 15:28:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Fernet fallback cipher

Browse Source
This commit is contained in:
thePR0M3TH3AN
2025-07-13 08:58:56 -04:00
parent 8fd29401d7
commit 4f7ff30657
1 changed files with 18 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/password_manager/encryption.py
View File

@@ -3,10 +3,11 @@
""" """
Encryption Module Encryption Module
This module provides the EncryptionManager class, which handles encryption and decryption This module provides the ``EncryptionManager`` class which handles encryption and
of data and files using a provided AES-GCM encryption key. This class ensures decryption of data and files using a provided AES-GCM encryption key. Legacy
that sensitive data is securely stored and retrieved, maintaining the confidentiality and integrity databases encrypted with Fernet are still supported for decryption. This class
of the password index. ensures that sensitive data is securely stored and retrieved, maintaining the
confidentiality and integrity of the password index.
Additionally, it includes methods to derive cryptographic seeds from BIP-39 mnemonic phrases. Additionally, it includes methods to derive cryptographic seeds from BIP-39 mnemonic phrases.
@@ -46,19 +47,22 @@ def decrypt_legacy_fernet(encryption_key: bytes | str, payload: bytes) -> bytes:
class EncryptionManager: class EncryptionManager:
""" """EncryptionManager Class
EncryptionManager Class
Manages the encryption and decryption of data and files using an AES-GCM encryption key. Manages the encryption and decryption of data and files using an AES-GCM
key. A :class:`cryptography.fernet.Fernet` instance is also kept for
decrypting legacy files that were encrypted using Fernet.
""" """
def __init__(self, encryption_key: bytes, fingerprint_dir: Path): def __init__(self, encryption_key: bytes, fingerprint_dir: Path):
""" """Initialize the manager with a base64 encoded key and directory.
Initializes the EncryptionManager with the provided encryption key and fingerprint directory.
The provided key is used to create both an AES-GCM cipher for current
operations and a Fernet cipher for decrypting legacy files.
Parameters: Parameters:
encryption_key (bytes): A base64-encoded AES-GCM key. encryption_key (bytes): Base64 encoded key material.
fingerprint_dir (Path): The directory corresponding to the fingerprint. fingerprint_dir (Path): Directory corresponding to the fingerprint.
""" """
self.fingerprint_dir = fingerprint_dir self.fingerprint_dir = fingerprint_dir
self.parent_seed_file = self.fingerprint_dir / "parent_seed.enc" self.parent_seed_file = self.fingerprint_dir / "parent_seed.enc"
@@ -68,9 +72,10 @@ class EncryptionManager:
encryption_key = encryption_key.encode() encryption_key = encryption_key.encode()
self.key_b64 = encryption_key self.key_b64 = encryption_key
self.key = base64.urlsafe_b64decode(encryption_key) self.key = base64.urlsafe_b64decode(encryption_key)
self.fernet = Fernet(self.key_b64)
self.cipher = AESGCM(self.key) self.cipher = AESGCM(self.key)
logger.debug( logger.debug(
f"EncryptionManager initialized for {self.fingerprint_dir} using AES-GCM" f"EncryptionManager initialized for {self.fingerprint_dir} using AES-GCM with Fernet fallback"
) )
except Exception as e: except Exception as e:
logger.error( logger.error(
@@ -318,7 +323,7 @@ class EncryptionManager:
return data return data
except (InvalidTag, json.JSONDecodeError): except (InvalidTag, json.JSONDecodeError):
logger.info( logger.info(
f"AES-GCM decryption failed for '{file_path}', attempting legacy format" f"AES-GCM decryption failed for '{file_path}', attempting Fernet fallback"
) )
with exclusive_lock(file_path) as fh: with exclusive_lock(file_path) as fh:
fh.seek(0) fh.seek(0)