danlabici / taskcluster-worker-checker

Script to check if any releng worker is missing in TC
1 stars 9 forks source link

[Core] Create a function to generate AES+Salt passwords #134

Closed danlabici closed 5 years ago

danlabici commented 5 years ago

This issue will help progress #133

Implementation idea:

danlabici commented 5 years ago

Proposed way to handle this:

import uuid
import base64
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.fernet import Fernet

def get_id():
    return uuid.getnode()

def enc_key():
    pc_uuid = str(get_id()).encode()
    salt = base64.urlsafe_b64encode(str(get_id()).encode())

    kdf = PBKDF2HMAC(
        algorithm=hashes.SHA256(),
        length=32,
        salt=salt,
        iterations=100000,
        backend=default_backend()
    )
    return base64.urlsafe_b64encode(kdf.derive(pc_uuid))

def enc_password(password, key):
    f = Fernet(key)
    return f.encrypt(password.encode())

def dec_password(password, key):
    f = Fernet(key)
    return f.decrypt(password)

test1 = enc_password(password="password123456", key=enc_key()).decode()
print(test1)
print(dec_password(test1.encode(), key=enc_key()).decode())