initial commit of vaguely working ish build

2020-08-22 11:39:15 +01:00
commit ff85c35873
34 changed files with 11067 additions and 0 deletions
--- a/genkeys.py
+++ b/genkeys.py
@@ -0,0 +1,38 @@
+#!/usr/bin/env python3
+
+import ccecc
+import getpass
+import hashlib
+from cryptography.fernet import Fernet
+import base64
+import os
+import sys
+
+def hash_pw(pw, salt):
+    return hashlib.scrypt(pw.encode("utf-8"), salt=salt, n=2**14, r=8, p=1)[:32]
+
+def encrypt(data, pw):
+    salt = os.urandom(16)
+    key = hash_pw(pw, salt)
+    f = Fernet(base64.urlsafe_b64encode(key))
+    return base64.b64encode(salt) + b"\n" + f.encrypt(data)
+
+def decrypt(data, pw):
+    rsalt, encdata = data.split(b"\n", 1)
+    salt = base64.b64decode(rsalt)
+    key = hash_pw(pw, salt)
+    f = Fernet(base64.urlsafe_b64encode(key))
+    return f.decrypt(encdata)
+
+if __name__ == "__main__":
+    pw = getpass.getpass()
+    pwconfirm = getpass.getpass()
+    if pw != pwconfirm:
+        print("passwords do not match")
+        sys.exit(1)
+    priv, pub = ccecc.keypair()
+    open("update-key", "wb").write(encrypt(priv, pw))
+
+# for use in generate_manifest.py
+def get_key():
+    return decrypt(open("update-key", "rb").read(), getpass.getpass())