aiden
/
Aegis
mirror of https://github.com/beemdevelopment/Aegis
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
v2.0.3-release
v1.2.1-release
v1.0.3-release
v3.3.4
v3.3.3
v3.3.2
v3.3.1
v3.3
v3.3-beta1
v3.2
v3.1.1
v3.1.1-beta1
v3.1
v3.1-beta1
v3.0.1
v3.0
v3.0-beta1
v2.2.2
v2.2.1
v2.2
v2.2-beta1
v2.1.3
v2.1.2
v2.1.1
v2.1
v2.1-beta2
v2.1-beta1
v2.0.3
v2.0.2
v2.0.1
v2.0
v2.0-beta2
v2.0-beta1
v1.4.2
v1.4.1
v1.4
v1.4-beta2
v1.4-beta1
v1.3
v1.3-beta2
v1.3-beta1
v1.2.1
v1.2
v1.2-beta5
v1.2-beta4
v1.2-beta3
v1.2-beta2
v1.2-beta1
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1
v1.1-beta1
v1.0.3
v0.1
v0.1.1
v0.2
v0.2.1
v0.2.2
v0.3
v0.3.1
v0.3.2
v0.3.3
v0.4
v0.4.1
v0.4.2
v0.4.3
v1.0
v1.0-beta1
v1.0.1
v1.0.2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '69f0bb4fbc'
${ noResults }
Aegis/docs/decrypt.py

94 lines
2.7 KiB
Python
Raw Normal View History Unescape Escape

Add simple example script to decrypt an Aegis vault
6 years ago
#!/usr/bin/env python3
# this depends on the 'cryptography' package
# pip install cryptography
Remove old testdata and update documentation to new location
4 years ago
# example usage: ./scripts/decrypt.py --input ./app/src/test/resources/com/beemdevelopment/aegis/importers/aegis_encrypted.json
Add simple example script to decrypt an Aegis vault
6 years ago
# password: test
import argparse
import base64
import getpass
import io
import json
import sys
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
from cryptography.hazmat.backends import default_backend
import cryptography
backend = default_backend()
def die(msg, code=1):
print(msg, file=sys.stderr)
exit(code)
def main():
parser = argparse.ArgumentParser(description="Decrypt an Aegis vault")
parser.add_argument("--input", dest="input", required=True, help="encrypted Aegis vault file")
parser.add_argument("--output", dest="output", default="-", help="output file ('-' for stdout)")
args = parser.parse_args()
# parse the Aegis vault file
with io.open(args.input, "r") as f:
data = json.load(f)
# ask the user for a password
password = getpass.getpass().encode("utf-8")
# extract all password slots from the header
header = data["header"]
slots = [slot for slot in header["slots"] if slot["type"] == 1]
# try the given password on every slot until one succeeds
master_key = None
for slot in slots:
# derive a key from the given password
kdf = Scrypt(
salt=bytes.fromhex(slot["salt"]),
length=32,
n=slot["n"],
r=slot["r"],
p=slot["p"],
backend=backend
)
key = kdf.derive(password)
# try to use the derived key to decrypt the master key
cipher = AESGCM(key)
params = slot["key_params"]
try:
master_key = cipher.decrypt(
nonce=bytes.fromhex(params["nonce"]),
data=bytes.fromhex(slot["key"]) + bytes.fromhex(params["tag"]),
associated_data=None
)
break
except cryptography.exceptions.InvalidTag:
pass
if master_key is None:
die("error: unable to decrypt the master key with the given password")
# decode the base64 vault contents
content = base64.b64decode(data["db"])
# decrypt the vault contents using the master key
params = header["params"]
cipher = AESGCM(master_key)
db = cipher.decrypt(
nonce=bytes.fromhex(params["nonce"]),
data=content + bytes.fromhex(params["tag"]),
associated_data=None
)
db = db.decode("utf-8")
if args.output != "-":
with io.open(args.output, "w") as f:
f.write(db)
else:
print(db)
if __name__ == "__main__":
main()