aboutsummaryrefslogtreecommitdiff
path: root/cryptech_backup
diff options
context:
space:
mode:
Diffstat (limited to 'cryptech_backup')
-rwxr-xr-xcryptech_backup16
1 files changed, 8 insertions, 8 deletions
diff --git a/cryptech_backup b/cryptech_backup
index a15c9c0..99d2c38 100755
--- a/cryptech_backup
+++ b/cryptech_backup
@@ -21,7 +21,7 @@ We also implement a software-based variant on this backup mechanism,
for cases where there is no second HSM. The protocol is much the
same, but the KEKEK is generated in software and encrypted using a
symmetric key derived from a passphrase using PBKDF2. This requires
-the PyCrypto library, and is only as secure as memory on the machine
+the PyCryptodome library, and is only as secure as memory on the machine
where you're running it (so it's theoretically vulnerable to root or
anybody with access to /dev/mem). Don't use this mode unless you
understand the risks, and see the "NOTE WELL" above.
@@ -305,7 +305,7 @@ class AESKeyWrapWithPadding(object):
"Something went wrong during unwrap."
def __init__(self, key):
- from Crypto.Cipher import AES
+ from Cryptodome.Cipher import AES
self.ctx = AES.new(key, AES.MODE_ECB)
def _encrypt(self, b1, b2):
@@ -391,7 +391,7 @@ class SoftKEKEK(object):
time.clock = time.process_time
def parse_EncryptedPrivateKeyInfo(self, der):
- from Crypto.Util.asn1 import DerObject, DerSequence, DerOctetString, DerObjectId
+ from Cryptodome.Util.asn1 import DerObject, DerSequence, DerOctetString, DerObjectId
encryptedPrivateKeyInfo = DerSequence()
encryptedPrivateKeyInfo.decode(der)
encryptionAlgorithm = DerSequence()
@@ -405,7 +405,7 @@ class SoftKEKEK(object):
return encryptedData.payload
def encode_EncryptedPrivateKeyInfo(self, der):
- from Crypto.Util.asn1 import DerSequence, DerOctetString
+ from Cryptodome.Util.asn1 import DerSequence, DerOctetString
return DerSequence([
DerSequence([
struct.pack("BB", 0x06, len(self.oid_aesKeyWrap)) + self.oid_aesKeyWrap
@@ -414,12 +414,12 @@ class SoftKEKEK(object):
]).encode()
def gen_salt(self, bytes = 16):
- from Crypto import Random
+ from Cryptodome import Random
return Random.new().read(bytes)
def wrapper(self, salt, keylen = 256, iterations = 8000):
- from Crypto.Protocol.KDF import PBKDF2
- from Crypto.Hash import SHA256, HMAC
+ from Cryptodome.Protocol.KDF import PBKDF2
+ from Cryptodome.Hash import SHA256, HMAC
return AESKeyWrapWithPadding(PBKDF2(
password = getpass.getpass("KEKEK Passphrase: "),
salt = salt,
@@ -433,7 +433,7 @@ class SoftKEKEK(object):
@classmethod
def generate(cls, args, result):
- from Crypto.PublicKey import RSA
+ from Cryptodome.PublicKey import RSA
self = cls()
k = RSA.generate(args.keylen)
salt = self.gen_salt()