diff --git a/README.md b/README.md
index a8523c9..4eacdd8 100644
--- a/README.md
+++ b/README.md
@@ -75,7 +75,7 @@ OR, on Ubuntu,
- `-s` : match any of the keywords in URL or title. Order is irrelevant.
- `-S` : match all the keywords in URL or title. Order is irrelevant.
- Search results are indexed serially. This index is different from actual database index of a bookmark reord which is shown within `()` after the URL.
-- Encryption support is manual. Database file should be unlocked (`-k`) before using markit and locked (`-l`) afterwards. Note that the database file is unecrypted on creation. AES256 is used for encryption. Even a wrong password leads to (mathematically) successful decryption. So keep your encrypted database file safe i.e. do not overwrite it without verifying the file is decrypted correctly.
+- Encryption support is manual. Database file should be unlocked (`-k`) before using markit and locked (`-l`) afterwards. Note that the database file is unecrypted on creation. AES256 is used for encryption.
Cmdline help:
diff --git a/markit b/markit
index 79a4d44..8db9f3b 100755
--- a/markit
+++ b/markit
@@ -37,6 +37,7 @@ try:
import struct
no_crypto = False
+ BLOCKSIZE = 65536
except ImportError:
no_crypto = True
@@ -456,6 +457,19 @@ def browser_open(url):
+# Get the SHA256 hash of a file
+def get_filehash(filepath):
+ with open(filepath, 'rb') as f:
+ hasher = hashlib.sha256()
+ buf = f.read(BLOCKSIZE)
+ while len(buf) > 0:
+ hasher.update(buf)
+ buf = f.read(BLOCKSIZE)
+
+ return hasher.digest()
+
+
+
# Encrypt the bookmarks database file
def encrypt_file():
dbpath = os.path.join(os.environ.get('HOME'), '.cache', 'markit', 'bookmarks.db')
@@ -477,6 +491,9 @@ def encrypt_file():
chunksize = 512 * 1024
encpath = dbpath + '.enc'
+ # Get SHA256 hash of DB file
+ dbhash = get_filehash(dbpath)
+
iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CBC, iv)
filesize = os.path.getsize(dbpath)
@@ -486,6 +503,9 @@ def encrypt_file():
outfile.write(struct.pack('