pjht/buku
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add check for wrong password.

Browse Source 
Embed original file's SHA256 hash in encrypted file for a later match.

Signed-off-by: Arun Prakash Jana <engineerarun@gmail.com>
This commit is contained in:
Arun Prakash Jana 2015-12-20 01:25:05 +05:30
parent 90123b9d59
commit 97ff185bb7
3 changed files with 34 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -75,7 +75,7 @@ OR, on Ubuntu,
- `-s` : match any of the keywords in URL or title. Order is irrelevant.
- `-S` : match all the keywords in URL or title. Order is irrelevant.
- Search results are indexed serially. This index is different from actual database index of a bookmark reord which is shown within `()` after the URL.
- Encryption support is manual. Database file should be unlocked (`-k`) before using markit and locked (`-l`) afterwards. Note that the database file is <i>unecrypted on creation</i>. AES256 is used for encryption. Even a wrong password leads to (mathematically) successful decryption. So keep your encrypted database file safe i.e. do not overwrite it without verifying the file is decrypted correctly.
- Encryption support is manual. Database file should be unlocked (`-k`) before using markit and locked (`-l`) afterwards. Note that the database file is <i>unecrypted on creation</i>. AES256 is used for encryption.
<b>Cmdline help:</b>

33
markit
View File

@ -37,6 +37,7 @@ try:
import struct
no_crypto = False
BLOCKSIZE = 65536
except ImportError:
no_crypto = True
@ -456,6 +457,19 @@ def browser_open(url):
# Get the SHA256 hash of a file
def get_filehash(filepath):
with open(filepath, 'rb') as f:
hasher = hashlib.sha256()
buf = f.read(BLOCKSIZE)
while len(buf) > 0:
hasher.update(buf)
buf = f.read(BLOCKSIZE)
return hasher.digest()
# Encrypt the bookmarks database file
def encrypt_file():
dbpath = os.path.join(os.environ.get('HOME'), '.cache', 'markit', 'bookmarks.db')
@ -477,6 +491,9 @@ def encrypt_file():
chunksize = 512 * 1024
encpath = dbpath + '.enc'
# Get SHA256 hash of DB file
dbhash = get_filehash(dbpath)
iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CBC, iv)
filesize = os.path.getsize(dbpath)
@ -486,6 +503,9 @@ def encrypt_file():
outfile.write(struct.pack('<Q', filesize))
outfile.write(iv)
# Embed DB file hash in encrypted file
outfile.write(dbhash)
while True:
chunk = infile.read(chunksize)
if len(chunk) == 0:
@ -523,6 +543,9 @@ def decrypt_file():
iv = infile.read(16)
cipher = AES.new(key, AES.MODE_CBC, iv)
# Get original DB file's SHA256 hash from encrypted file
enchash = infile.read(32)
with open(dbpath, 'wb') as outfile:
while True:
chunk = infile.read(chunksize)
@ -533,7 +556,15 @@ def decrypt_file():
outfile.truncate(origsize)
print("File decrypted")
# Match hash of generated file with that of original DB file
dbhash = get_filehash(dbpath)
if dbhash != enchash:
os.remove(dbpath)
print("Wrong password")
else:
os.remove(encpath)
print("File decrypted")
sys.exit(0)

2
markit.1
View File

@ -26,7 +26,7 @@ Search works in mysterious ways:
- '-S' : match all the keywords in URL or title. Order is irrelevant.
- Search results are indexed serially. This index is different from actual database index of a bookmark reord which is shown within '()' after the URL.
.PP
Encryption support is manual. Database file should be unlocked ('-k') before using markit and locked ('-l') afterwards. Note that the database file is unecrypted on creation. AES256 is used for encryption. Even a wrong password leads to (mathematically) successful decryption. So keep your encrypted database file safe i.e. do not overwrite it without verifying the file is decrypted correctly.
Encryption support is manual. Database file should be unlocked ('-k') before using markit and locked ('-l') afterwards. Note that the database file is unecrypted on creation. AES256 is used for encryption.
.SH OPTIONS
.TP
.BI \-a " URL" " " "tag 1", " tag 2", " ..."