Add encryption and decryption to config file

xingweitian / fund-my-watcard

A tool to add fund to WatCard easily.

https://pypi.org/project/fund-my-watcard/

GNU General Public License v3.0

10 stars 4 forks source link

Add encryption and decryption to config file #21

Closed KevinLu closed 5 years ago

KevinLu commented 5 years ago

TODO:

Decrypt config file when using watcard -f
Add password required to do commands if a .key file exists

xingweitian commented 5 years ago

I am back. I will update this PR soon.

xingweitian commented 5 years ago

@KevinLu I changed the logic, it seems that unsafe to store the key file locally, so why not we don't store it, we can only depend on the user's password, which means that user should remember him/her password, otherwise he/she will not decrypt the config file successfully. What do you think?

KevinLu commented 5 years ago

Yes, storing the key file is not safe as it can be stolen. Now the problem is how can we authenticate the user without storing the password?

xingweitian commented 5 years ago

Yes, storing the key file is not safe as it can be stolen. Now the problem is how can we authenticate the user without storing the password?

Here is my think. Users use password to encrypt the config file, and when they want to decrypt, they should use the same password. It means that we provide a transparent encryption mechanism and user should remember the password, only the same password can decrypt the config file correctly. Does it make sense?