From 1ae2832a7cffc5f0193a4f3769f5e95d782ae2d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Haziza?= Date: Mon, 22 Jan 2018 10:28:04 +0100 Subject: [PATCH] No RSA passphrase. Bootstrap adjusted. --- deployments/docker/bootstrap/instance.sh | 6 ++---- deployments/docker/bootstrap/settings/fin1 | 2 -- deployments/docker/bootstrap/settings/swe1 | 2 -- lega/keyserver.py | 5 +---- lega/utils/crypto.py | 5 +++-- 5 files changed, 6 insertions(+), 14 deletions(-) diff --git a/deployments/docker/bootstrap/instance.sh b/deployments/docker/bootstrap/instance.sh index 07049a4e..fde2b8b2 100755 --- a/deployments/docker/bootstrap/instance.sh +++ b/deployments/docker/bootstrap/instance.sh @@ -53,8 +53,8 @@ ${GPG_CONF} --kill gpg-agent ######################################################################### echomsg "\t* the RSA public and private key" -${OPENSSL} genrsa -out ${PRIVATE}/${INSTANCE}/rsa/ega.sec -passout pass:${RSA_PASSPHRASE} 2048 -${OPENSSL} rsa -in ${PRIVATE}/${INSTANCE}/rsa/ega.sec -passin pass:${RSA_PASSPHRASE} -pubout -out ${PRIVATE}/${INSTANCE}/rsa/ega.pub +${OPENSSL} genpkey -algorithm RSA -out ${PRIVATE}/${INSTANCE}/rsa/ega.sec -pkeyopt rsa_keygen_bits:2048 +${OPENSSL} rsa -pubout -in ${PRIVATE}/${INSTANCE}/rsa/ega.sec -out ${PRIVATE}/${INSTANCE}/rsa/ega.pub ######################################################################### @@ -71,7 +71,6 @@ active_master_key = 1 [master.key.1] seckey = /etc/ega/rsa/sec.pem pubkey = /etc/ega/rsa/pub.pem -passphrase = ${RSA_PASSPHRASE} EOF echomsg "\t* ega.conf" @@ -341,7 +340,6 @@ GPG_PASSPHRASE = ${GPG_PASSPHRASE} GPG_NAME = ${GPG_NAME} GPG_COMMENT = ${GPG_COMMENT} GPG_EMAIL = ${GPG_EMAIL} -RSA_PASSPHRASE = ${RSA_PASSPHRASE} SSL_SUBJ = ${SSL_SUBJ} # DB_USER = ${DB_USER} diff --git a/deployments/docker/bootstrap/settings/fin1 b/deployments/docker/bootstrap/settings/fin1 index ba05b915..2ef7ca3c 100644 --- a/deployments/docker/bootstrap/settings/fin1 +++ b/deployments/docker/bootstrap/settings/fin1 @@ -17,8 +17,6 @@ DB_TRY=30 GPG_NAME="EGA Finland" GPG_COMMENT="@CSC" GPG_EMAIL="ega@csc.fi" - GPG_PASSPHRASE=$(generate_password 16) -RSA_PASSPHRASE=$(generate_password 16) LOG_LEVEL=INFO diff --git a/deployments/docker/bootstrap/settings/swe1 b/deployments/docker/bootstrap/settings/swe1 index 0ba01d75..debd0880 100644 --- a/deployments/docker/bootstrap/settings/swe1 +++ b/deployments/docker/bootstrap/settings/swe1 @@ -17,8 +17,6 @@ DB_TRY=30 GPG_NAME="EGA Sweden" GPG_COMMENT="@NBIS" GPG_EMAIL="ega@nbis.se" - GPG_PASSPHRASE=$(generate_password 16) -RSA_PASSPHRASE=$(generate_password 16) LOG_LEVEL=DEBUG diff --git a/lega/keyserver.py b/lega/keyserver.py index df829400..c9b2935d 100644 --- a/lega/keyserver.py +++ b/lega/keyserver.py @@ -18,8 +18,7 @@ PGP_PASSPHRASE = b'3' MASTER_SECKEY = b'4' MASTER_PUBKEY = b'5' -MASTER_PASSPHRASE = b'6' -ACTIVE_MASTER_KEY = b'7' +ACTIVE_MASTER_KEY = b'6' # For the match, we turn that off ssl.match_hostname = lambda cert, hostname: True @@ -81,7 +80,6 @@ def main(args=None): active_master_key = KEYS.getint('DEFAULT','active_master_key') master_seckey = get_file_content(KEYS.get(f'master.key.{active_master_key}','seckey')) master_pubkey = get_file_content(KEYS.get(f'master.key.{active_master_key}','pubkey')) - master_passphrase = (KEYS.get(f'master.key.{active_master_key}','passphrase')).encode() secrets = { # PGP_SECKEY : pgp_seckey, @@ -89,7 +87,6 @@ def main(args=None): # PGP_PASSPHRASE : pgp_passphrase, MASTER_SECKEY : master_seckey, MASTER_PUBKEY : master_pubkey, - MASTER_PASSPHRASE : master_passphrase, ACTIVE_MASTER_KEY : str(active_master_key).encode(), } diff --git a/lega/utils/crypto.py b/lega/utils/crypto.py index b81d6fe2..9e7b6d2a 100644 --- a/lega/utils/crypto.py +++ b/lega/utils/crypto.py @@ -19,6 +19,7 @@ from Cryptodome.PublicKey import RSA from Cryptodome.Random import get_random_bytes from Cryptodome.Cipher import AES, PKCS1_OAEP +from Cryptodome.Hash import SHA256 from . import exceptions, checksum, get_file_content @@ -54,8 +55,8 @@ def encrypt_engine(key,passphrase=None): aes = AES.new(key=session_key, mode=AES.MODE_CTR) LOG.info('Creating RSA cypher') - rsa_key = RSA.import_key(key, passphrase = passphrase) - rsa = PKCS1_OAEP.new(rsa_key) + rsa_key = RSA.import_key(key) + rsa = PKCS1_OAEP.new(rsa_key, hashAlgo = SHA256) encryption_key = rsa.encrypt(session_key) LOG.debug(f'\tencryption key = {encryption_key}')