· 6 years ago · Apr 20, 2020, 02:46 PM
1import os
2import base64
3import getpass
4import cryptography.exceptions
5from cryptography.fernet import Fernet
6from cryptography.hazmat.backends import default_backend
7from cryptography.hazmat.primitives import hashes
8from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
9
10def generate_key():
11 # ask user for passphrase
12 passphrase_provided = getpass.getpass(prompt=f'Enter passphrase: ')
13 passphrase = passphrase_provided.encode()
14 # salt generated with os.urandom(16) if not exists
15 if not os.path.exists('salt'):
16 salt = os.urandom(16)
17 else:
18 with open('salt', 'rb') as f:
19 salt = f.read()
20 kdf = PBKDF2HMAC(
21 algorithm=hashes.SHA512_256,
22 length=32,
23 salt=salt,
24 iterations=100000,
25 backend=default_backend()
26 )
27 with open('salt', 'wb') as f:
28 f.write(salt)
29 key = base64.urlsafe_b64encode(kdf.derive(passphrase))
30 return key
31
32def create_encrypted_file(key, file_name):
33 # ask user for api key
34 api_key = getpass.getpass(prompt=f'Enter your API key: ').encode()
35 fernet = Fernet(key)
36 encrypted = fernet.encrypt(api_key)
37 # save encrypted api_key as file
38 with open(file_name, 'wb') as f:
39 f.write(encrypted)
40
41def read_from_decrypted_file(key, file_name):
42 # open encrypted file
43 with open(file_name, 'rb') as f:
44 data = f.read()
45 fernet = Fernet(key)
46 try:
47 decrypted = fernet.decrypt(data)
48 message = decrypted.decode()
49 return message
50 except cryptography.fernet.InvalidToken:
51 print(f'Entered passphrase not valid!')
52
53def main():
54 key = generate_key()
55 file_name = 'credentials'
56 if not os.path.exists(file_name):
57 create_encrypted_file(key, file_name)
58 elif os.path.exists(file_name):
59 api_key = read_from_decrypted_file(key, file_name)
60 if api_key:
61 print(api_key)
62
63
64if __name__ == '__main__':
65 main()