44 lines
1.3 KiB
Python
44 lines
1.3 KiB
Python
import base64
|
|
|
|
import bcrypt
|
|
|
|
from cryptography.fernet import Fernet
|
|
from cryptography.hazmat.backends import default_backend
|
|
from cryptography.hazmat.primitives import hashes
|
|
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
|
|
|
|
|
|
def _generate_key(salt: bytes, master_pass: bytes) -> bytes:
|
|
kdf = PBKDF2HMAC(
|
|
algorithm=hashes.SHA256(),
|
|
length=32,
|
|
salt=salt,
|
|
iterations=100000,
|
|
backend=default_backend(),
|
|
)
|
|
key = base64.urlsafe_b64encode(kdf.derive(master_pass))
|
|
return key
|
|
|
|
|
|
def encrypt_account_info(
|
|
login: str, passwd: str, master_pass: bytes
|
|
) -> tuple[bytes, bytes, bytes]:
|
|
"""Encrypts login and password of a user using hash of their master password as a key.
|
|
Returns a tuple of encrypted login password and salt"""
|
|
salt = bcrypt.gensalt()
|
|
key = _generate_key(salt, master_pass)
|
|
f = Fernet(key)
|
|
enc_login = f.encrypt(login.encode("utf-8"))
|
|
enc_passwd = f.encrypt(passwd.encode("utf-8"))
|
|
return (enc_login, enc_passwd, salt)
|
|
|
|
|
|
def decrypt_account_info(
|
|
enc_login: bytes, enc_pass: bytes, master_pass: bytes, salt: bytes
|
|
) -> tuple[str, str]:
|
|
key = _generate_key(salt, master_pass)
|
|
f = Fernet(key)
|
|
login_bytes = f.decrypt(enc_login)
|
|
pass_bytes = f.decrypt(enc_pass)
|
|
return (login_bytes.decode("utf-8"), pass_bytes.decode("utf-8"))
|