Add check for wrong password.

Embed original file's SHA256 hash in encrypted file for a later match.

Signed-off-by: Arun Prakash Jana <engineerarun@gmail.com>
This commit is contained in:
Arun Prakash Jana 2015-12-20 01:25:05 +05:30
parent 90123b9d59
commit 97ff185bb7
3 changed files with 34 additions and 3 deletions

View File

@ -75,7 +75,7 @@ OR, on Ubuntu,
- `-s` : match any of the keywords in URL or title. Order is irrelevant. - `-s` : match any of the keywords in URL or title. Order is irrelevant.
- `-S` : match all the keywords in URL or title. Order is irrelevant. - `-S` : match all the keywords in URL or title. Order is irrelevant.
- Search results are indexed serially. This index is different from actual database index of a bookmark reord which is shown within `()` after the URL. - Search results are indexed serially. This index is different from actual database index of a bookmark reord which is shown within `()` after the URL.
- Encryption support is manual. Database file should be unlocked (`-k`) before using markit and locked (`-l`) afterwards. Note that the database file is <i>unecrypted on creation</i>. AES256 is used for encryption. Even a wrong password leads to (mathematically) successful decryption. So keep your encrypted database file safe i.e. do not overwrite it without verifying the file is decrypted correctly. - Encryption support is manual. Database file should be unlocked (`-k`) before using markit and locked (`-l`) afterwards. Note that the database file is <i>unecrypted on creation</i>. AES256 is used for encryption.
<b>Cmdline help:</b> <b>Cmdline help:</b>

31
markit
View File

@ -37,6 +37,7 @@ try:
import struct import struct
no_crypto = False no_crypto = False
BLOCKSIZE = 65536
except ImportError: except ImportError:
no_crypto = True no_crypto = True
@ -456,6 +457,19 @@ def browser_open(url):
# Get the SHA256 hash of a file
def get_filehash(filepath):
with open(filepath, 'rb') as f:
hasher = hashlib.sha256()
buf = f.read(BLOCKSIZE)
while len(buf) > 0:
hasher.update(buf)
buf = f.read(BLOCKSIZE)
return hasher.digest()
# Encrypt the bookmarks database file # Encrypt the bookmarks database file
def encrypt_file(): def encrypt_file():
dbpath = os.path.join(os.environ.get('HOME'), '.cache', 'markit', 'bookmarks.db') dbpath = os.path.join(os.environ.get('HOME'), '.cache', 'markit', 'bookmarks.db')
@ -477,6 +491,9 @@ def encrypt_file():
chunksize = 512 * 1024 chunksize = 512 * 1024
encpath = dbpath + '.enc' encpath = dbpath + '.enc'
# Get SHA256 hash of DB file
dbhash = get_filehash(dbpath)
iv = Random.new().read(AES.block_size) iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CBC, iv) cipher = AES.new(key, AES.MODE_CBC, iv)
filesize = os.path.getsize(dbpath) filesize = os.path.getsize(dbpath)
@ -486,6 +503,9 @@ def encrypt_file():
outfile.write(struct.pack('<Q', filesize)) outfile.write(struct.pack('<Q', filesize))
outfile.write(iv) outfile.write(iv)
# Embed DB file hash in encrypted file
outfile.write(dbhash)
while True: while True:
chunk = infile.read(chunksize) chunk = infile.read(chunksize)
if len(chunk) == 0: if len(chunk) == 0:
@ -523,6 +543,9 @@ def decrypt_file():
iv = infile.read(16) iv = infile.read(16)
cipher = AES.new(key, AES.MODE_CBC, iv) cipher = AES.new(key, AES.MODE_CBC, iv)
# Get original DB file's SHA256 hash from encrypted file
enchash = infile.read(32)
with open(dbpath, 'wb') as outfile: with open(dbpath, 'wb') as outfile:
while True: while True:
chunk = infile.read(chunksize) chunk = infile.read(chunksize)
@ -533,7 +556,15 @@ def decrypt_file():
outfile.truncate(origsize) outfile.truncate(origsize)
# Match hash of generated file with that of original DB file
dbhash = get_filehash(dbpath)
if dbhash != enchash:
os.remove(dbpath)
print("Wrong password")
else:
os.remove(encpath)
print("File decrypted") print("File decrypted")
sys.exit(0) sys.exit(0)

View File

@ -26,7 +26,7 @@ Search works in mysterious ways:
- '-S' : match all the keywords in URL or title. Order is irrelevant. - '-S' : match all the keywords in URL or title. Order is irrelevant.
- Search results are indexed serially. This index is different from actual database index of a bookmark reord which is shown within '()' after the URL. - Search results are indexed serially. This index is different from actual database index of a bookmark reord which is shown within '()' after the URL.
.PP .PP
Encryption support is manual. Database file should be unlocked ('-k') before using markit and locked ('-l') afterwards. Note that the database file is unecrypted on creation. AES256 is used for encryption. Even a wrong password leads to (mathematically) successful decryption. So keep your encrypted database file safe i.e. do not overwrite it without verifying the file is decrypted correctly. Encryption support is manual. Database file should be unlocked ('-k') before using markit and locked ('-l') afterwards. Note that the database file is unecrypted on creation. AES256 is used for encryption.
.SH OPTIONS .SH OPTIONS
.TP .TP
.BI \-a " URL" " " "tag 1", " tag 2", " ..." .BI \-a " URL" " " "tag 1", " tag 2", " ..."