Add check for wrong password.
Embed original file's SHA256 hash in encrypted file for a later match. Signed-off-by: Arun Prakash Jana <engineerarun@gmail.com>
This commit is contained in:
parent
90123b9d59
commit
97ff185bb7
@ -75,7 +75,7 @@ OR, on Ubuntu,
|
|||||||
- `-s` : match any of the keywords in URL or title. Order is irrelevant.
|
- `-s` : match any of the keywords in URL or title. Order is irrelevant.
|
||||||
- `-S` : match all the keywords in URL or title. Order is irrelevant.
|
- `-S` : match all the keywords in URL or title. Order is irrelevant.
|
||||||
- Search results are indexed serially. This index is different from actual database index of a bookmark reord which is shown within `()` after the URL.
|
- Search results are indexed serially. This index is different from actual database index of a bookmark reord which is shown within `()` after the URL.
|
||||||
- Encryption support is manual. Database file should be unlocked (`-k`) before using markit and locked (`-l`) afterwards. Note that the database file is <i>unecrypted on creation</i>. AES256 is used for encryption. Even a wrong password leads to (mathematically) successful decryption. So keep your encrypted database file safe i.e. do not overwrite it without verifying the file is decrypted correctly.
|
- Encryption support is manual. Database file should be unlocked (`-k`) before using markit and locked (`-l`) afterwards. Note that the database file is <i>unecrypted on creation</i>. AES256 is used for encryption.
|
||||||
|
|
||||||
<b>Cmdline help:</b>
|
<b>Cmdline help:</b>
|
||||||
|
|
||||||
|
31
markit
31
markit
@ -37,6 +37,7 @@ try:
|
|||||||
import struct
|
import struct
|
||||||
|
|
||||||
no_crypto = False
|
no_crypto = False
|
||||||
|
BLOCKSIZE = 65536
|
||||||
except ImportError:
|
except ImportError:
|
||||||
no_crypto = True
|
no_crypto = True
|
||||||
|
|
||||||
@ -456,6 +457,19 @@ def browser_open(url):
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Get the SHA256 hash of a file
|
||||||
|
def get_filehash(filepath):
|
||||||
|
with open(filepath, 'rb') as f:
|
||||||
|
hasher = hashlib.sha256()
|
||||||
|
buf = f.read(BLOCKSIZE)
|
||||||
|
while len(buf) > 0:
|
||||||
|
hasher.update(buf)
|
||||||
|
buf = f.read(BLOCKSIZE)
|
||||||
|
|
||||||
|
return hasher.digest()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Encrypt the bookmarks database file
|
# Encrypt the bookmarks database file
|
||||||
def encrypt_file():
|
def encrypt_file():
|
||||||
dbpath = os.path.join(os.environ.get('HOME'), '.cache', 'markit', 'bookmarks.db')
|
dbpath = os.path.join(os.environ.get('HOME'), '.cache', 'markit', 'bookmarks.db')
|
||||||
@ -477,6 +491,9 @@ def encrypt_file():
|
|||||||
chunksize = 512 * 1024
|
chunksize = 512 * 1024
|
||||||
encpath = dbpath + '.enc'
|
encpath = dbpath + '.enc'
|
||||||
|
|
||||||
|
# Get SHA256 hash of DB file
|
||||||
|
dbhash = get_filehash(dbpath)
|
||||||
|
|
||||||
iv = Random.new().read(AES.block_size)
|
iv = Random.new().read(AES.block_size)
|
||||||
cipher = AES.new(key, AES.MODE_CBC, iv)
|
cipher = AES.new(key, AES.MODE_CBC, iv)
|
||||||
filesize = os.path.getsize(dbpath)
|
filesize = os.path.getsize(dbpath)
|
||||||
@ -486,6 +503,9 @@ def encrypt_file():
|
|||||||
outfile.write(struct.pack('<Q', filesize))
|
outfile.write(struct.pack('<Q', filesize))
|
||||||
outfile.write(iv)
|
outfile.write(iv)
|
||||||
|
|
||||||
|
# Embed DB file hash in encrypted file
|
||||||
|
outfile.write(dbhash)
|
||||||
|
|
||||||
while True:
|
while True:
|
||||||
chunk = infile.read(chunksize)
|
chunk = infile.read(chunksize)
|
||||||
if len(chunk) == 0:
|
if len(chunk) == 0:
|
||||||
@ -523,6 +543,9 @@ def decrypt_file():
|
|||||||
iv = infile.read(16)
|
iv = infile.read(16)
|
||||||
cipher = AES.new(key, AES.MODE_CBC, iv)
|
cipher = AES.new(key, AES.MODE_CBC, iv)
|
||||||
|
|
||||||
|
# Get original DB file's SHA256 hash from encrypted file
|
||||||
|
enchash = infile.read(32)
|
||||||
|
|
||||||
with open(dbpath, 'wb') as outfile:
|
with open(dbpath, 'wb') as outfile:
|
||||||
while True:
|
while True:
|
||||||
chunk = infile.read(chunksize)
|
chunk = infile.read(chunksize)
|
||||||
@ -533,7 +556,15 @@ def decrypt_file():
|
|||||||
|
|
||||||
outfile.truncate(origsize)
|
outfile.truncate(origsize)
|
||||||
|
|
||||||
|
# Match hash of generated file with that of original DB file
|
||||||
|
dbhash = get_filehash(dbpath)
|
||||||
|
if dbhash != enchash:
|
||||||
|
os.remove(dbpath)
|
||||||
|
print("Wrong password")
|
||||||
|
else:
|
||||||
|
os.remove(encpath)
|
||||||
print("File decrypted")
|
print("File decrypted")
|
||||||
|
|
||||||
sys.exit(0)
|
sys.exit(0)
|
||||||
|
|
||||||
|
|
||||||
|
2
markit.1
2
markit.1
@ -26,7 +26,7 @@ Search works in mysterious ways:
|
|||||||
- '-S' : match all the keywords in URL or title. Order is irrelevant.
|
- '-S' : match all the keywords in URL or title. Order is irrelevant.
|
||||||
- Search results are indexed serially. This index is different from actual database index of a bookmark reord which is shown within '()' after the URL.
|
- Search results are indexed serially. This index is different from actual database index of a bookmark reord which is shown within '()' after the URL.
|
||||||
.PP
|
.PP
|
||||||
Encryption support is manual. Database file should be unlocked ('-k') before using markit and locked ('-l') afterwards. Note that the database file is unecrypted on creation. AES256 is used for encryption. Even a wrong password leads to (mathematically) successful decryption. So keep your encrypted database file safe i.e. do not overwrite it without verifying the file is decrypted correctly.
|
Encryption support is manual. Database file should be unlocked ('-k') before using markit and locked ('-l') afterwards. Note that the database file is unecrypted on creation. AES256 is used for encryption.
|
||||||
.SH OPTIONS
|
.SH OPTIONS
|
||||||
.TP
|
.TP
|
||||||
.BI \-a " URL" " " "tag 1", " tag 2", " ..."
|
.BI \-a " URL" " " "tag 1", " tag 2", " ..."
|
||||||
|
Loading…
x
Reference in New Issue
Block a user