p-sherratt / sagecipher Goto Github PK
View Code? Open in Web Editor NEWUses SSH agent to encrypt/decrypt arbitrary data
License: Other
sagecipher's People
Contributors
Stargazers
Watchers
sagecipher's Issues
KEYRING_PROPERTY_SSH_KEY_FINGERPRINT doesn't work with multiple identities in ssh-add
Python 3.6.9
keyring Version: 22.0.1
sagecipher, version 0.7.5
keyring set ansible-vault ${USER} < <(echo "super")
Please select from the following keys...
[1] ssh-rsa ...
[2] ssh-rsa ...
Selection (1..2): Traceback (most recent call last):
File "/home/ubuntu/.local/bin/keyring", line 8, in <module>
sys.exit(main())
File "/home/ubuntu/.local/lib/python3.6/site-packages/keyring/cli.py", line 135, in main
return cli.run(argv)
File "/home/ubuntu/.local/lib/python3.6/site-packages/keyring/cli.py", line 68, in run
return method()
File "/home/ubuntu/.local/lib/python3.6/site-packages/keyring/cli.py", line 85, in do_set
set_password(self.service, self.username, password)
File "/home/ubuntu/.local/lib/python3.6/site-packages/keyring/core.py", line 60, in set_password
get_keyring().set_password(service_name, username, password)
File "/home/ubuntu/.local/lib/python3.6/site-packages/keyring/backends/chainer.py", line 58, in set_password
return keyring.set_password(service, username, password)
File "/home/ubuntu/.local/lib/python3.6/site-packages/keyrings/alt/file_base.py", line 123, in set_password
password_encrypted = self.encrypt(password.encode('utf-8'), assoc)
File "/home/ubuntu/.local/lib/python3.6/site-packages/sagecipher/keyring.py", line 33, in encrypt
fingerprint = self.ssh_key_fingerprint
File "/home/ubuntu/.local/lib/python3.6/site-packages/sagecipher/keyring.py", line 24, in ssh_key_fingerprint
return prompt_for_key()
File "/home/ubuntu/.local/lib/python3.6/site-packages/sagecipher/cipher.py", line 125, in prompt_for_key
i = int(input("Selection (1..%s): " % len(keys)))
EOFError: EOF when reading a line
Looking at keyring.py and debgging at line 22, we see the following:
(Pdb++) pprint(getmembers(self))
[('__abstractmethods__', frozenset()),
('__class__', <class 'sagecipher.keyring.Keyring'>),
('__delattr__',
<method-wrapper '__delattr__' of Keyring object at 0x7fe1163a67b8>),
('__dict__', {}),
('__dir__', <built-in method __dir__ of Keyring object at 0x7fe1163a67b8>),
('__doc__', None),
('__eq__', <method-wrapper '__eq__' of Keyring object at 0x7fe1163a67b8>),
('__format__',
<built-in method __format__ of Keyring object at 0x7fe1163a67b8>),
('__ge__', <method-wrapper '__ge__' of Keyring object at 0x7fe1163a67b8>),
('__getattribute__',
<method-wrapper '__getattribute__' of Keyring object at 0x7fe1163a67b8>),
('__gt__', <method-wrapper '__gt__' of Keyring object at 0x7fe1163a67b8>),
('__hash__', <method-wrapper '__hash__' of Keyring object at 0x7fe1163a67b8>),
('__init__', <method-wrapper '__init__' of Keyring object at 0x7fe1163a67b8>),
('__init_subclass__',
<built-in method __init_subclass__ of KeyringBackendMeta object at 0x25ade38>),
('__le__', <method-wrapper '__le__' of Keyring object at 0x7fe1163a67b8>),
('__lt__', <method-wrapper '__lt__' of Keyring object at 0x7fe1163a67b8>),
('__module__', 'sagecipher.keyring'),
('__ne__', <method-wrapper '__ne__' of Keyring object at 0x7fe1163a67b8>),
('__new__', <built-in method __new__ of type object at 0x9d17a0>),
('__reduce__',
<built-in method __reduce__ of Keyring object at 0x7fe1163a67b8>),
('__reduce_ex__',
<built-in method __reduce_ex__ of Keyring object at 0x7fe1163a67b8>),
('__repr__',
<bound method FileBacked.__repr__ of <Keyring with [PBKDF2] AES256.CBC (sagecipher) v.1.0 at /home/ubuntu/.local/share/python_keyring/sagecipher_pass.cfg>>),
('__setattr__',
<bound method Keyring.__setattr__ of <Keyring with [PBKDF2] AES256.CBC (sagecipher) v.1.0 at /home/ubuntu/.local/share/python_keyring/sagecipher_pass.cfg>>),
('__sizeof__',
<built-in method __sizeof__ of Keyring object at 0x7fe1163a67b8>),
('__str__',
<bound method KeyringBackend.__str__ of <Keyring with [PBKDF2] AES256.CBC (sagecipher) v.1.0 at /home/ubuntu/.local/share/python_keyring/sagecipher_pass.cfg>>),
('__subclasshook__',
<built-in method __subclasshook__ of KeyringBackendMeta object at 0x25ade38>),
('__weakref__', None),
('_abc_cache', <_weakrefset.WeakSet object at 0x7fe1163a6518>),
('_abc_negative_cache', <_weakrefset.WeakSet object at 0x7fe1163a6588>),
('_abc_negative_cache_version', 203),
('_abc_registry', <_weakrefset.WeakSet object at 0x7fe1163a64e0>),
('_classes',
{<class 'keyring.backends.fail.Keyring'>,
<class 'keyrings.alt.Gnome.Keyring'>,
<class 'keyrings.alt.Google.KeyczarDocsKeyring'>,
<class 'keyrings.alt.Google.DocsKeyring'>,
<class 'keyrings.alt.Windows.RegistryKeyring'>,
<class 'keyrings.alt.Windows.EncryptedKeyring'>,
<class 'keyrings.alt.file.PlaintextKeyring'>,
<class 'keyrings.alt.file.EncryptedKeyring'>,
<class 'keyrings.alt.multi.MultipartKeyringWrapper'>,
<class 'keyrings.alt.pyfs.BasicKeyring'>,
<class 'keyrings.alt.pyfs.PlaintextKeyring'>,
<class 'keyrings.alt.pyfs.EncryptedKeyring'>,
<class 'keyrings.alt.pyfs.KeyczarKeyring'>,
<class 'keyring.backends.kwallet.DBusKeyring'>,
<class 'keyring.backends.kwallet.DBusKeyringKWallet4'>,
<class 'keyring.backends.SecretService.Keyring'>,
<class 'keyring.backends.Windows.WinVaultKeyring'>,
<class 'keyring.backends.chainer.ChainerBackend'>,
<class 'keyring.backends.macOS.Keyring'>,
<class 'sagecipher.keyring.Keyring'>}),
('_ensure_file_path',
<bound method Keyring._ensure_file_path of <Keyring with [PBKDF2] AES256.CBC (sagecipher) v.1.0 at /home/ubuntu/.local/share/python_keyring/sagecipher_pass.cfg>>),
('_generate_assoc',
<bound method Keyring._generate_assoc of <Keyring with [PBKDF2] AES256.CBC (sagecipher) v.1.0 at /home/ubuntu/.local/share/python_keyring/sagecipher_pass.cfg>>),
('_write_config_value',
<bound method Keyring._write_config_value of <Keyring with [PBKDF2] AES256.CBC (sagecipher) v.1.0 at /home/ubuntu/.local/share/python_keyring/sagecipher_pass.cfg>>),
('decrypt',
<bound method Keyring.decrypt of <Keyring with [PBKDF2] AES256.CBC (sagecipher) v.1.0 at /home/ubuntu/.local/share/python_keyring/sagecipher_pass.cfg>>),
('delete_password',
<bound method Keyring.delete_password of <Keyring with [PBKDF2] AES256.CBC (sagecipher) v.1.0 at /home/ubuntu/.local/share/python_keyring/sagecipher_pass.cfg>>),
('encrypt',
<bound method Keyring.encrypt of <Keyring with [PBKDF2] AES256.CBC (sagecipher) v.1.0 at /home/ubuntu/.local/share/python_keyring/sagecipher_pass.cfg>>),
('file_path', '/home/ubuntu/.local/share/python_keyring/sagecipher_pass.cfg'),
('file_version', None),
('filename', 'sagecipher_pass.cfg'),
('get_credential',
<bound method KeyringBackend.get_credential of <Keyring with [PBKDF2] AES256.CBC (sagecipher) v.1.0 at /home/ubuntu/.local/share/python_keyring/sagecipher_pass.cfg>>),
('get_password',
<bound method Keyring.get_password of <Keyring with [PBKDF2] AES256.CBC (sagecipher) v.1.0 at /home/ubuntu/.local/share/python_keyring/sagecipher_pass.cfg>>),
('get_viable_backends',
<bound method KeyringBackend.get_viable_backends of <class 'sagecipher.keyring.Keyring'>>),
('name', 'keyring Keyring'),
('priority', 1),
('scheme', '[PBKDF2] AES256.CBC (sagecipher)'),
('set_password',
<bound method Keyring.set_password of <Keyring with [PBKDF2] AES256.CBC (sagecipher) v.1.0 at /home/ubuntu/.local/share/python_keyring/sagecipher_pass.cfg>>),
('set_properties_from_env',
<bound method KeyringBackend.set_properties_from_env of <Keyring with [PBKDF2] AES256.CBC (sagecipher) v.1.0 at /home/ubuntu/.local/share/python_keyring/sagecipher_pass.cfg>>),
('version', '1.0'),
('viable', True)]
Inserting the statement on self.set_properties_from_env() line 22 fixes this issue. We then see the following:
(Pdb++) pprint(getmembers(self))
...
('ssh_key_fingerprint', '...'),
...]
It seems set_properties_from_env was added in keyring 19.3.0 -- https://pypi.org/project/keyring/19.3.0/
custom the data file path when used as a keyring backend
Need an env switch to control the output keyring data path to a custom location.
`decrypt_to_file` should write with binary mode
decrypt_to_file cannot write to normal file on python 3, "wb" mode should fix this.
support macos
pyinotify is not avaliable on macos. when write to fifo, we could avoid depending on pyinotify, invoke write_to_fifo directly.
[Document] suggest confirming when using ssh-agent forwarding in readme
ssh-agent confirm feature could reduce a little attack surface when have to forward the ssh-agent. For a one-time password and a dedicated ssh-agent forwarded via unix domain sock file (not -A option), if we can confirm on the signing, and a special ssh-askpass helper which can delete the private key after a single success signature, it should be considered as a way of transferring the confidential via ssh with very little attack surface.
sagecipher keyring.errors.Keyring Locked: Failed to unlock the collection!
If the .ssh directory is deleted and re-generated, accessing keys generates the following error:
sagecipher keyring.errors.Keyring Locked: Failed to unlock the collection!
It would seem the encrypted keys are stored somewhere on the filesystem - where does sagecipher store these so the application can choose to erase them and start over?
tip of "Reading from STDIN..." pollute the stdout result
the tip of "Reading from STDIN..." is written to stdout, which cause the stdout result cannot be decrypted correctly. when write the tip to stderr, the pipeline result can be decrypted:
echo secret | sagecipher encrypt | sagecipher decryptRecommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.