|
| 1 | +importcryptography |
| 2 | +fromcryptography.fernetimportFernet |
| 3 | +fromcryptography.hazmat.primitives.kdf.scryptimportScrypt |
| 4 | + |
| 5 | +importsecrets |
| 6 | +importbase64 |
| 7 | +importgetpass |
| 8 | + |
| 9 | + |
| 10 | +defgenerate_salt(size=16): |
| 11 | +"""Generate the salt used for key derivation, |
| 12 | + `size` is the length of the salt to generate""" |
| 13 | +returnsecrets.token_bytes(size) |
| 14 | + |
| 15 | + |
| 16 | +defderive_key(salt,password): |
| 17 | +"""Derive the key from the `password` using the passed `salt`""" |
| 18 | +kdf=Scrypt(salt=salt,length=32,n=2**14,r=8,p=1) |
| 19 | +returnkdf.derive(password.encode()) |
| 20 | + |
| 21 | + |
| 22 | +defload_salt(): |
| 23 | +# load salt from salt.salt file |
| 24 | +returnopen("salt.salt","rb").read() |
| 25 | + |
| 26 | + |
| 27 | +defgenerate_key(password,salt_size=16,load_existing_salt=False,save_salt=True): |
| 28 | +""" |
| 29 | + Generates a key from a `password` and the salt. |
| 30 | + If `load_existing_salt` is True, it'll load the salt from a file |
| 31 | + in the current directory called "salt.salt". |
| 32 | + If `save_salt` is True, then it will generate a new salt |
| 33 | + and save it to "salt.salt" |
| 34 | + """ |
| 35 | +ifload_existing_salt: |
| 36 | +# load existing salt |
| 37 | +salt=load_salt() |
| 38 | +elifsave_salt: |
| 39 | +# generate new salt and save it |
| 40 | +salt=generate_salt(salt_size) |
| 41 | +withopen("salt.salt","wb")assalt_file: |
| 42 | +salt_file.write(salt) |
| 43 | +# generate the key from the salt and the password |
| 44 | +derived_key=derive_key(salt,password) |
| 45 | +# encode it using Base 64 and return it |
| 46 | +returnbase64.urlsafe_b64encode(derived_key) |
| 47 | + |
| 48 | + |
| 49 | +defencrypt(filename,key): |
| 50 | +""" |
| 51 | + Given a filename (str) and key (bytes), it encrypts the file and write it |
| 52 | + """ |
| 53 | +f=Fernet(key) |
| 54 | +withopen(filename,"rb")asfile: |
| 55 | +# read all file data |
| 56 | +file_data=file.read() |
| 57 | +# encrypt data |
| 58 | +encrypted_data=f.encrypt(file_data) |
| 59 | +# write the encrypted file |
| 60 | +withopen(filename,"wb")asfile: |
| 61 | +file.write(encrypted_data) |
| 62 | + |
| 63 | + |
| 64 | +defdecrypt(filename,key): |
| 65 | +""" |
| 66 | + Given a filename (str) and key (bytes), it decrypts the file and write it |
| 67 | + """ |
| 68 | +f=Fernet(key) |
| 69 | +withopen(filename,"rb")asfile: |
| 70 | +# read the encrypted data |
| 71 | +encrypted_data=file.read() |
| 72 | +# decrypt data |
| 73 | +try: |
| 74 | +decrypted_data=f.decrypt(encrypted_data) |
| 75 | +exceptcryptography.fernet.InvalidToken: |
| 76 | +print("Invalid token, most likely the password is incorrect") |
| 77 | +return |
| 78 | +# write the original file |
| 79 | +withopen(filename,"wb")asfile: |
| 80 | +file.write(decrypted_data) |
| 81 | +print("File decrypted successfully") |
| 82 | + |
| 83 | + |
| 84 | +if__name__=="__main__": |
| 85 | +importargparse |
| 86 | +parser=argparse.ArgumentParser(description="File Encryptor Script with a Password") |
| 87 | +parser.add_argument("file",help="File to encrypt/decrypt") |
| 88 | +parser.add_argument("-s","--salt-size",help="If this is set, a new salt with the passed size is generated", |
| 89 | +type=int) |
| 90 | +parser.add_argument("-e","--encrypt",action="store_true", |
| 91 | +help="Whether to encrypt the file, only -e or -d can be specified.") |
| 92 | +parser.add_argument("-d","--decrypt",action="store_true", |
| 93 | +help="Whether to decrypt the file, only -e or -d can be specified.") |
| 94 | + |
| 95 | +args=parser.parse_args() |
| 96 | +file=args.file |
| 97 | + |
| 98 | +ifargs.encrypt: |
| 99 | +password=getpass.getpass("Enter the password for encryption: ") |
| 100 | +elifargs.decrypt: |
| 101 | +password=getpass.getpass("Enter the password you used for encryption: ") |
| 102 | + |
| 103 | +ifargs.salt_size: |
| 104 | +key=generate_key(password,salt_size=args.salt_size,save_salt=True) |
| 105 | +else: |
| 106 | +key=generate_key(password,load_existing_salt=True) |
| 107 | + |
| 108 | +encrypt_=args.encrypt |
| 109 | +decrypt_=args.decrypt |
| 110 | + |
| 111 | +ifencrypt_anddecrypt_: |
| 112 | +raiseTypeError("Please specify whether you want to encrypt the file or decrypt it.") |
| 113 | +elifencrypt_: |
| 114 | +encrypt(file,key) |
| 115 | +elifdecrypt_: |
| 116 | +decrypt(file,key) |
| 117 | +else: |
| 118 | +raiseTypeError("Please specify whether you want to encrypt the file or decrypt it.") |
| 119 | + |
| 120 | + |
| 121 | + |
| 122 | + |
| 123 | + |
| 124 | + |