diff options
| author | kali <kali@leap.se> | 2012-10-05 09:30:50 +0900 |
|---|---|---|
| committer | kali <kali@leap.se> | 2012-10-05 09:30:50 +0900 |
| commit | 7c659fed65f08f2b52f0320c99a456679749e3f3 (patch) | |
| tree | e0085fd2b4658dd53d7eed450f77e002e5ab5ea5 /src/leap/crypto | |
| parent | baefda49d741a6e8149233f292f92221aaf3b675 (diff) | |
use keyring to store user password
using a quite lame cryptedfile by the moment until dbus bug
makes gnome-keyring usable again or we come up with the
encrypted database solution. we might want to explore the
option of using this python-keyring with the different
native backends for win and macosx.
for now: we generate a random secret that we store in the qsettings file.
so, the whole thing is just to avoid plaintext stuff.
for this, we could have done rot13, haha.
Diffstat (limited to 'src/leap/crypto')
| -rw-r--r-- | src/leap/crypto/__init__.py | 0 | ||||
| -rw-r--r-- | src/leap/crypto/leapkeyring.py | 63 |
2 files changed, 63 insertions, 0 deletions
diff --git a/src/leap/crypto/__init__.py b/src/leap/crypto/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/src/leap/crypto/__init__.py diff --git a/src/leap/crypto/leapkeyring.py b/src/leap/crypto/leapkeyring.py new file mode 100644 index 00000000..394142db --- /dev/null +++ b/src/leap/crypto/leapkeyring.py @@ -0,0 +1,63 @@ +import os + +import keyring + +############# +# Disclaimer +############# +# This currently is not a keyring, it's more like a joke. +# No, seriously. +# We're affected by this **bug** + +# https://bitbucket.org/kang/python-keyring-lib/issue/65/dbusexception-method-opensession-with + +# so using the gnome keyring does not seem feasible right now. +# I thought this was the next best option to store secrets in plain sight. + +# in the future we should move to use the gnome/kde/macosx/win keyrings. + + +class LeapCryptedFileKeyring(keyring.backend.CryptedFileKeyring): + + filename = os.path.expanduser("~/.config/leap/.secrets") + + def __init__(self, seed=None): + self.seed = seed + + def _get_new_password(self): + # XXX every time this method is called, + # $deity kills a kitten. + return "secret%s" % self.seed + + def _init_file(self): + self.keyring_key = self._get_new_password() + self.set_password('keyring_setting', 'pass_ref', 'pass_ref_value') + + def _unlock(self): + self.keyring_key = self._get_new_password() + print 'keyring key ', self.keyring_key + try: + ref_pw = self.get_password( + 'keyring_setting', + 'pass_ref') + print 'ref pw ', ref_pw + assert ref_pw == "pass_ref_value" + except AssertionError: + self._lock() + raise ValueError('Incorrect password') + + +def leap_set_password(key, value, seed="xxx"): + keyring.set_keyring(LeapCryptedFileKeyring(seed=seed)) + keyring.set_password('leap', key, value) + + +def leap_get_password(key, seed="xxx"): + keyring.set_keyring(LeapCryptedFileKeyring(seed=seed)) + return keyring.get_password('leap', key) + + +if __name__ == "__main__": + leap_set_password('test', 'bar') + passwd = leap_get_password('test') + assert passwd == 'bar' |