diff options
Diffstat (limited to 'cryptech_backup')
-rwxr-xr-x | cryptech_backup | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/cryptech_backup b/cryptech_backup index a15c9c0..99d2c38 100755 --- a/cryptech_backup +++ b/cryptech_backup @@ -21,7 +21,7 @@ We also implement a software-based variant on this backup mechanism, for cases where there is no second HSM. The protocol is much the same, but the KEKEK is generated in software and encrypted using a symmetric key derived from a passphrase using PBKDF2. This requires -the PyCrypto library, and is only as secure as memory on the machine +the PyCryptodome library, and is only as secure as memory on the machine where you're running it (so it's theoretically vulnerable to root or anybody with access to /dev/mem). Don't use this mode unless you understand the risks, and see the "NOTE WELL" above. @@ -305,7 +305,7 @@ class AESKeyWrapWithPadding(object): "Something went wrong during unwrap." def __init__(self, key): - from Crypto.Cipher import AES + from Cryptodome.Cipher import AES self.ctx = AES.new(key, AES.MODE_ECB) def _encrypt(self, b1, b2): @@ -391,7 +391,7 @@ class SoftKEKEK(object): time.clock = time.process_time def parse_EncryptedPrivateKeyInfo(self, der): - from Crypto.Util.asn1 import DerObject, DerSequence, DerOctetString, DerObjectId + from Cryptodome.Util.asn1 import DerObject, DerSequence, DerOctetString, DerObjectId encryptedPrivateKeyInfo = DerSequence() encryptedPrivateKeyInfo.decode(der) encryptionAlgorithm = DerSequence() @@ -405,7 +405,7 @@ class SoftKEKEK(object): return encryptedData.payload def encode_EncryptedPrivateKeyInfo(self, der): - from Crypto.Util.asn1 import DerSequence, DerOctetString + from Cryptodome.Util.asn1 import DerSequence, DerOctetString return DerSequence([ DerSequence([ struct.pack("BB", 0x06, len(self.oid_aesKeyWrap)) + self.oid_aesKeyWrap @@ -414,12 +414,12 @@ class SoftKEKEK(object): ]).encode() def gen_salt(self, bytes = 16): - from Crypto import Random + from Cryptodome import Random return Random.new().read(bytes) def wrapper(self, salt, keylen = 256, iterations = 8000): - from Crypto.Protocol.KDF import PBKDF2 - from Crypto.Hash import SHA256, HMAC + from Cryptodome.Protocol.KDF import PBKDF2 + from Cryptodome.Hash import SHA256, HMAC return AESKeyWrapWithPadding(PBKDF2( password = getpass.getpass("KEKEK Passphrase: "), salt = salt, @@ -433,7 +433,7 @@ class SoftKEKEK(object): @classmethod def generate(cls, args, result): - from Crypto.PublicKey import RSA + from Cryptodome.PublicKey import RSA self = cls() k = RSA.generate(args.keylen) salt = self.gen_salt() |