From bf86e740bd1f025af3158ffdaaa05c25d7a2a37a Mon Sep 17 00:00:00 2001 From: jaseg Date: Wed, 26 Jun 2019 16:36:20 +0900 Subject: Improve encrypt command line interface, add progress bar --- encrypt.py | 44 +++++++++++++++++++++++++++++++++++++------- filecrypt.py | 35 +++++++++++++++++++---------------- server.py | 3 ++- 3 files changed, 58 insertions(+), 24 deletions(-) diff --git a/encrypt.py b/encrypt.py index e813d36..e13df79 100644 --- a/encrypt.py +++ b/encrypt.py @@ -1,20 +1,50 @@ #!/usr/bin/env python3 -import os - -from filecrypt import encrypt_file - if __name__ == '__main__': + import os + import configparser import argparse - parser = argparse.ArgumentParser() + + from tqdm import tqdm + + from filecrypt import generate_keys, payload_size + + parser = argparse.ArgumentParser(description='Filecrypt secure file download encryption tool.' + 'Encrypts a file for use with the filecrypt server, and output the generated download link.') parser.add_argument('infile') + parser.add_argument('-c', '--config', default=None, help='Config file location (default; $XDG_CONFIG_HOME/filecrypt.conf)') + parser.add_argument('-b', '--base-url', default=None, help='Base URL for link (also as config option)') + parser.add_argument('-q', '--no-progress', action='store_true', help='Hide progress bar') + parser.add_argument('-p', '--progress', action='store_true', help='Show progress bar (default, also as config option)') args = parser.parse_args() + progress = (not args.no_progress) or args.progress + config_path = args.config or os.environ.get('XDG_CONFIG_HOME', os.environ.get('HOME') + '/.config') + '/filecrypt.conf' + base_url = args.base_url + if os.path.isfile(config_path): + with open(config_path) as f: + config = configparser.ConfigParser(defaults={'url_base': ''}) + config.read_string('[DEFAULT]\n'+f.read()) # doesn't parse simple key=value file by default m( + + if base_url is None: + base_url = config.get('DEFAULT', 'base_url', fallback='').rstrip('/') + if not (args.no_progress or args.progress): + progress = config.getboolean('DEFAULT', 'progress', fallback=True) + if not os.path.isfile(args.infile): print(f'{infile} is not a file or directory, exiting.') os.exit(2) download_filename = os.path.basename(args.infile) - file_id, token = encrypt_file(args.infile, download_filename) - print(f'/{file_id}/{token}/{download_filename}') + + file_id, token, encrypt = generate_keys(download_filename) + print(f'{base_url}/{file_id}/{token}/{download_filename}') + + if progress: + with tqdm(total=payload_size(args.infile), unit='B', unit_scale=True) as pbar: + for progress in encrypt(args.infile): + pbar.update(progress) + else: + for _progress in encrypt(args.infile): + pass diff --git a/filecrypt.py b/filecrypt.py index da0db9b..755e857 100644 --- a/filecrypt.py +++ b/filecrypt.py @@ -5,12 +5,13 @@ import struct import subprocess import binascii import os +from contextlib import contextmanager FILE_ID_LENGTH = 22 TOKEN_LENGTH = 22 HEADER_LENGTH = 56 -def encrypt_file(filename_in, download_filename, chunk_size=1000000//16): +def generate_keys(download_filename, chunk_size=1000000//16): file_id = secrets.token_urlsafe(16) auth_secret = secrets.token_bytes(16) key = secrets.token_bytes(16) @@ -19,25 +20,27 @@ def encrypt_file(filename_in, download_filename, chunk_size=1000000//16): token_cipher = AES.new(auth_secret, AES.MODE_GCM) token_cipher.update(download_filename.encode()) ciphertext, token_tag = token_cipher.encrypt_and_digest(key) - token = base64.b64encode(ciphertext).rstrip(b'=').decode() + token = base64.b64encode(ciphertext, b'+-').rstrip(b'=').decode() - with open(f'{file_id}.enc', 'wb') as fout, open(filename_in, 'rb') as fin: - fout.write(token_cipher.nonce) # 16 bytes - fout.write(token_tag) # 16 bytes - fout.write(auth_secret) # 16 bytes - fout.write(data_nonce) # 8 bytes - assert fout.tell() == HEADER_LENGTH + def encrypt(filename_in): + with open(f'{file_id}.enc', 'wb') as fout, open(filename_in, 'rb') as fin: + fout.write(token_cipher.nonce) # 16 bytes + fout.write(token_tag) # 16 bytes + fout.write(auth_secret) # 16 bytes + fout.write(data_nonce) # 8 bytes + assert fout.tell() == HEADER_LENGTH - cipher = AES.new(key, AES.MODE_CTR, - initial_value=struct.pack('//') @@ -17,7 +18,7 @@ def download(file_id, token, filename): if not BASE64_RE.match(token) or len(token) != filecrypt.TOKEN_LENGTH: abort(400, 'Invalid token format') - path = f'{file_id}.enc' + path = f'{app.config["SERVE_PATH"]}/{file_id}.enc' if not os.path.isfile(path): abort(403) # forbidden -- cgit