45 lines
1.5 KiB
Python
45 lines
1.5 KiB
Python
import base64
|
|
import os
|
|
|
|
from cryptography.fernet import Fernet
|
|
from cryptography.hazmat.backends import default_backend
|
|
from cryptography.hazmat.primitives import hashes
|
|
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
|
|
|
|
|
|
def _generate_key(salt: bytes, master_pass: bytes) -> bytes:
|
|
kdf = PBKDF2HMAC(
|
|
algorithm=hashes.SHA256(),
|
|
length=32,
|
|
salt=salt,
|
|
iterations=100000,
|
|
backend=default_backend(),
|
|
)
|
|
key = base64.urlsafe_b64encode(kdf.derive(master_pass))
|
|
return key
|
|
|
|
|
|
def encrypt_account_info(
|
|
login: str, passwd: str, master_pass: str
|
|
) -> tuple[bytes, bytes, bytes]:
|
|
"""Encrypts login and password of a user using their master password as a key.
|
|
Returns a tuple of encrypted login, password and salt"""
|
|
salt = os.urandom(64)
|
|
key = _generate_key(salt, master_pass.encode("utf-8"))
|
|
f = Fernet(key)
|
|
enc_login = f.encrypt(login.encode("utf-8"))
|
|
enc_passwd = f.encrypt(passwd.encode("utf-8"))
|
|
return (enc_login, enc_passwd, salt)
|
|
|
|
|
|
def decrypt_account_info(
|
|
enc_login: bytes, enc_pass: bytes, master_pass: str, salt: bytes
|
|
) -> tuple[str, str]:
|
|
"""Decrypts login and password using their master password as a key.
|
|
Returns a tuple of decrypted login and password"""
|
|
key = _generate_key(salt, master_pass.encode("utf-8"))
|
|
f = Fernet(key)
|
|
login_bytes = f.decrypt(enc_login)
|
|
pass_bytes = f.decrypt(enc_pass)
|
|
return (login_bytes.decode("utf-8"), pass_bytes.decode("utf-8"))
|