parent
590b72fec3
commit
f3ec923656
@ -0,0 +1,29 @@
|
|||||||
|
from Crypto.Cipher import AES
|
||||||
|
from authorizedkeys.parser import parse_file, dump_file, AuthorizedKey
|
||||||
|
import sys
|
||||||
|
from base64 import b64decode, b64encode
|
||||||
|
|
||||||
|
# TODO: argument parsing!
|
||||||
|
|
||||||
|
# TODO: We currently do not care for authenticity, since we are only concerned
|
||||||
|
# with the comment. We could sign the rest of the data in the comment and do
|
||||||
|
# some AEAD, but we currently do not.
|
||||||
|
key = open('secret', 'rb').read(16)
|
||||||
|
iv = b"WTF I don't care"
|
||||||
|
cipher = AES.new(key, AES.MODE_CBC, iv=iv)
|
||||||
|
|
||||||
|
output = sys.stdout
|
||||||
|
decrypt = True if sys.argv[1] == 'decrypt' else False
|
||||||
|
encrypt = not decrypt
|
||||||
|
input = open(sys.argv[2]) if len(sys.argv) >= 3 else sys.stdin
|
||||||
|
|
||||||
|
# FIXME: file closing
|
||||||
|
|
||||||
|
keys = parse_file(input)
|
||||||
|
for k in keys:
|
||||||
|
if isinstance(k, AuthorizedKey):
|
||||||
|
if encrypt:
|
||||||
|
k.comment = b64encode(cipher.encrypt(k.comment.encode())).decode()
|
||||||
|
else: # And now this is just wow.
|
||||||
|
k.comment = cipher.decrypt(b64decode(k.comment)).decode()
|
||||||
|
dump_file(keys, output)
|
||||||
Loading…
Reference in New Issue