search

schubergphilis / lastpasslib

Library interacting with lastpass.
MIT License
4 stars 1 forks source link

Newer urls are now encrypted #17

Open andersfylling opened 2 weeks ago

andersfylling commented 2 weeks ago

https://blog.lastpass.com/posts/2024/05/lastpass-is-encrypting-urls-heres-whats-happening

I'm seeing that some urls are just a hex string. Would there be an easy approach to identifying these and decrypt them?

costastf commented 2 weeks ago

Hi @andersfylling i would initially try to add the url to the schema here 

self.plain_encrypted = ['name', 'group', 'notes', 'username', 'password', 'mfa_seed',]

and remove it from https://github.com/schubergphilis/lastpasslib/blob/50ad5ef1442b2be25cbeb99327874f661fd0eb63/lastpasslib/dataschemas.py#L60. if you are extremely lucky it will work. I am sorry but we are not using lastpass any more so i cannot really help. I am happy to point to directions if you are interested in trying to fix it if the above does not work, but that will be a while as I am off on vacation for a couple of weeks.

andersfylling commented 2 weeks ago

Thank you. Essentially I just decided to check if the url started with https and go from there, which solved my case:


if not str(secret.url).startswith("https"):
    url = EncryptManager.decrypt_aes256_auto(secret.url, secret.encryption_key).decode("utf-8")
else:
    url = secret.url.decode("utf-8")
costastf commented 2 weeks ago

Great! That fix is just as easy and nice! I am very happy that you got it working! Would you like to contribute the fix so more people benefit? If you do so, I will release a patch version.

andersfylling commented 2 weeks ago

I wonder if my fix is tailored to my needs. Others may have different url types perhaps?

costastf commented 2 weeks ago

Fair enough. On the other hand if they are encrypted and you got them decrypted I guess it is generalizable. If they are not encrypted nobody cares. I would say go for it.