From 92b679d17ca41f85009c9e33cdd5967f955b5557 Mon Sep 17 00:00:00 2001 From: Ivan Stakhov <50211739+left-try@users.noreply.github.com> Date: Wed, 18 Sep 2024 19:10:59 +0300 Subject: [Feature] Add rspamadm secretbox command * [Minor] Small fix for error messages * [Feature] Create rspamadm util to decrypt header * [Feature] Create python example to encrypt/decrypt header * [Minor] Small clean up * [Minor] Change c-rspamadm util to lua-rspamadm util * [Minor] Small clean up * [Minor] Add some debug * [Feature] Add secretbox command * [Minor] Debug * [Minor] Add additional return for encrypted string(noce + encrypted string * [Minor] Small debug * [Minor] Add a way to provide encrypted text concatenated with nonce * [Minor] Add nonce to encrypt text * [Minor] Clean up * [Minor] Clean up unused variable * [Minor] Small fix * [Minor] Fix return issue * [Minor] Add blake2b for key derivation * [Minor] Small upgrade to debug * [Minor] Small clean up * [Minor] Change return to more convenient form * [Minor] Change print to test form * [Test] Provide tests for encrypt/decrypt with rspamadm util and python script * [Minor] Change python to python3 * [Minor] Add stderr check * [Minor] Make the function return nonce+text * [Minor] Change unit tests to new return format * [Minor] Add flag to manage encodings * [Minor] Add --encoding argument to manage encodings * [Minor] Change tests for new input format * [Minor] Fix lua format * [Minor] Small fix * [Minor] Provide full support for new return format of maybe_encrypt_header * [Test] Test small fix * [Test] Small fix * [Minor] Clean up * [Minor] Small fix for name of variable * [Minor] Small clean up * [Minor] Change format of command to a mre convenient * [Minor] Change tests to be same as a format of a command * [Minor] Change description of flags * [Minor] Small fix --------- Co-authored-by: Ivan Stakhov <50211739+LeftTry@users.noreply.github.com> --- utils/encrypt_decrypt_header.py | 97 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 utils/encrypt_decrypt_header.py (limited to 'utils') diff --git a/utils/encrypt_decrypt_header.py b/utils/encrypt_decrypt_header.py new file mode 100644 index 000000000..5f2ea755e --- /dev/null +++ b/utils/encrypt_decrypt_header.py @@ -0,0 +1,97 @@ +import argparse +import base64 + +import nacl.encoding +from nacl.secret import SecretBox +from nacl.hash import blake2b + + +def create_secret_box(key): + key = blake2b(key, encoder=nacl.encoding.RawEncoder) + box = SecretBox(key) + return box + +def encrypt_text(header, key, nonce): + box = create_secret_box(key) + if nonce is not None: + encrypted_header = box.encrypt(header, nonce=nonce) + else: + encrypted_header = box.encrypt(header) + return encrypted_header + +def decrypt_text(encrypted_header, key): + box = create_secret_box(key) + decrypted_header = box.decrypt(encrypted_header) + return decrypted_header + +def set_encoding(args, type_, text): + output = text + if type_ == 'encode': + if args.hex: + output = base64.b16encode(text) + elif args.base32: + output = base64.b32encode(text) + elif args.base64: + output = base64.b64encode(text) + elif type_ == 'decode': + if args.hex: + output = base64.b16decode(text) + elif args.base32: + output = base64.b32decode(text) + elif args.base64: + output = base64.b64decode(text) + return output + +def set_up_parser_args(): + new_parser = argparse.ArgumentParser(description="Encrypt or Decrypt a text.") + enc_group = new_parser.add_mutually_exclusive_group() + + enc_group.add_argument("-r", "--raw", action="store_true", + help="Encrypted text(and nonce if it is there) will be given in raw") + enc_group.add_argument("-H", "--hex", action="store_true", + help="Encrypted text(and nonce if it is there) will be given in hex") + enc_group.add_argument("-b", "--base32", action="store_true", + help="Encrypted text(and nonce if it is there) will be given in base32") + enc_group.add_argument("-B", "--base64", action="store_true", + help="Encrypted text(and nonce if it is there) will be given in base64") + + subparsers = new_parser.add_subparsers(dest="command", help="encrypt or decrypt") + + encrypt_parser = subparsers.add_parser("encrypt", help="Encrypt a text") + encrypt_parser.add_argument("-t", "--text", type=str, required=True, help="Text to encrypt") + encrypt_parser.add_argument("-k", "--key", type=str, required=True, help="Encryption key") + encrypt_parser.add_argument("-n", "--nonce", type=str, required=False, help="Encryption nonce") + + decrypt_parser = subparsers.add_parser("decrypt", help="Decrypt a text") + decrypt_parser.add_argument("-t", "--encrypted_text", type=str, required=True, help="Encrypted text") + decrypt_parser.add_argument("-k", "--key", type=str, required=True, help="Decryption key") + + args = new_parser.parse_args() + return args + +def main(): + args = set_up_parser_args() + + if args.command == "encrypt": + text = args.text.encode() + key = args.key.encode() + if args.nonce is not None: + nonce = set_encoding(args, 'decode', args.nonce) + else: + nonce = None + + encrypted_text = encrypt_text(text, key, nonce) + if args.raw: + print(set_encoding(args, 'encode', encrypted_text)) + else: + print(set_encoding(args, 'encode', encrypted_text).decode()) + + elif args.command == "decrypt": + encrypted_text = set_encoding(args, 'decode', args.encrypted_text) + key = args.key.encode() + + decrypted_text = decrypt_text(encrypted_text, key) + print(decrypted_text.decode()) + +if __name__ == "__main__": + main() \ No newline at end of file -- cgit v1.2.3