1 files changed, 8 insertions, 8 deletions

diff --git a/cryptech_backup b/cryptech_backup
index a15c9c0..99d2c38 100755
--- a/cryptech_backup
+++ b/cryptech_backup
@@ -21,7 +21,7 @@ We also implement a software-based variant on this backup mechanism,
 for cases where there is no second HSM.  The protocol is much the
 same, but the KEKEK is generated in software and encrypted using a
 symmetric key derived from a passphrase using PBKDF2.  This requires
-the PyCrypto library, and is only as secure as memory on the machine
+the PyCryptodome library, and is only as secure as memory on the machine
 where you're running it (so it's theoretically vulnerable to root or
 anybody with access to /dev/mem).  Don't use this mode unless you
 understand the risks, and see the "NOTE WELL" above.
@@ -305,7 +305,7 @@ class AESKeyWrapWithPadding(object):
         "Something went wrong during unwrap."
 
     def __init__(self, key):
-        from Crypto.Cipher import AES
+        from Cryptodome.Cipher import AES
         self.ctx = AES.new(key, AES.MODE_ECB)
 
     def _encrypt(self, b1, b2):
@@ -391,7 +391,7 @@ class SoftKEKEK(object):
         time.clock = time.process_time
 
     def parse_EncryptedPrivateKeyInfo(self, der):
-        from Crypto.Util.asn1 import DerObject, DerSequence, DerOctetString, DerObjectId
+        from Cryptodome.Util.asn1 import DerObject, DerSequence, DerOctetString, DerObjectId
         encryptedPrivateKeyInfo = DerSequence()
         encryptedPrivateKeyInfo.decode(der)
         encryptionAlgorithm = DerSequence()
@@ -405,7 +405,7 @@ class SoftKEKEK(object):
         return encryptedData.payload
 
     def encode_EncryptedPrivateKeyInfo(self, der):
-        from Crypto.Util.asn1 import DerSequence, DerOctetString
+        from Cryptodome.Util.asn1 import DerSequence, DerOctetString
         return DerSequence([
             DerSequence([
                 struct.pack("BB", 0x06, len(self.oid_aesKeyWrap)) + self.oid_aesKeyWrap
@@ -414,12 +414,12 @@ class SoftKEKEK(object):
         ]).encode()
 
     def gen_salt(self, bytes = 16):
-        from Crypto import Random
+        from Cryptodome import Random
         return Random.new().read(bytes)
 
     def wrapper(self, salt, keylen = 256, iterations = 8000):
-        from Crypto.Protocol.KDF import PBKDF2
-        from Crypto.Hash         import SHA256, HMAC
+        from Cryptodome.Protocol.KDF import PBKDF2
+        from Cryptodome.Hash         import SHA256, HMAC
         return AESKeyWrapWithPadding(PBKDF2(
             password = getpass.getpass("KEKEK Passphrase: "),
             salt     = salt,
@@ -433,7 +433,7 @@ class SoftKEKEK(object):
 
     @classmethod
     def generate(cls, args, result):
-        from Crypto.PublicKey import RSA
+        from Cryptodome.PublicKey import RSA
         self = cls()
         k = RSA.generate(args.keylen)
         salt  = self.gen_salt()