Merge pull request #158 from maebert/pkcs7

PKCS#7 Padding

CHANGELOG.md

@@ -4,6 +4,7 @@ Changelog
 
 ### 1.7 (December 22, 2013)
 
+* __1.7.21__ jrnl now uses PKCS#7 padding.
 * __1.7.20__ Minor fixes when parsing DayOne journals
 * __1.7.19__ Creates full path to journal during installation if it doesn't exist yet
 * __1.7.18__ Small update to parsing regex

docs/encryption.rst

@@ -29,7 +29,7 @@ If you don't initially store the password in the keychain but decide to do so at
 Manual decryption
 -----------------
 
-Should you ever want to decrypt your journal manually, you can do so with any program that supports the AES algorithm. The key used for encryption is the SHA-256-hash of your password, and the IV (initialisation vector) is stored in the first 16 bytes of the encrypted file. So, to decrypt a journal file in python, run::
+Should you ever want to decrypt your journal manually, you can do so with any program that supports the AES algorithm in CBC. The key used for encryption is the SHA-256-hash of your password, the IV (initialisation vector) is stored in the first 16 bytes of the encrypted file. The plain text is encoded in UTF-8 and padded according to PKCS#7 before being encrypted. So, to decrypt a journal file in python, run::
 
     import hashlib, Crypto.Cipher
     key = hashlib.sha256(my_password).digest()
@@ -37,3 +37,5 @@ Should you ever want to decrypt your journal manually, you can do so with any pr
         cipher = f.read()
         crypto = AES.new(key, AES.MODE_CBC, iv = cipher[:16])
         plain = crypto.decrypt(cipher[16:])
+        plain = plain.strip(plain[-1])
+        plain = plain.decode("utf-8")

jrnl/Journal.py

@@ -66,11 +66,19 @@ class Journal(object):
         except ValueError:
             util.prompt("ERROR: Your journal file seems to be corrupted. You do have a backup, don't you?")
             sys.exit(1)
-        padding = " ".encode("utf-8")
-        if not plain.endswith(padding):  # Journals are always padded
+
+        padding_length = util.byte2int(plain[-1])
+        if padding_length > AES.block_size and padding_length != 32:
+            # 32 is the space character and is kept for backwards compatibility
+            return None
+        elif padding_length == 32:
+            plain = plain.strip()
+        elif plain[-padding_length:] != util.int2byte(padding_length) * padding_length:
+            # Invalid padding!
             return None
         else:
-            return plain.decode("utf-8")
+            plain = plain[:-padding_length]
+        return plain.decode("utf-8")
 
     def _encrypt(self, plain):
         """Encrypt a plaintext string using self.key as the key"""
@@ -80,7 +88,8 @@ class Journal(object):
         iv = Random.new().read(AES.block_size)
         crypto = AES.new(self.key, AES.MODE_CBC, iv)
         plain = plain.encode("utf-8")
-        plain += b" " * (AES.block_size - len(plain) % AES.block_size)
+        padding_length = AES.block_size - len(plain) % AES.block_size
+        plain += util.int2byte(padding_length) * padding_length
         return iv + crypto.encrypt(plain)
 
     def make_key(self, password):

jrnl/__init__.py

@@ -8,7 +8,7 @@ jrnl is a simple journal application for your command line.
 from __future__ import absolute_import
 
 __title__ = 'jrnl'
-__version__ = '1.7.20'
+__version__ = '1.7.21'
 __author__ = 'Manuel Ebert'
 __license__ = 'MIT License'
 __copyright__ = 'Copyright 2013 - 2014 Manuel Ebert'

jrnl/util.py

@@ -141,3 +141,14 @@ def slugify(string):
     slug = re.sub(r'[-\s]+', '-', no_punctuation)
     return u(slug)
 
+def int2byte(i):
+    """Converts an integer to a byte.
+    This is equivalent to chr() in Python 2 and bytes((i,)) in Python 3."""
+    return chr(i) if PY2 else bytes((i,))
+
+
+def byte2int(b):
+    """Converts a byte to an integer.
+    This is equivalent to ord(bs[0]) on Python 2 and bs[0] on Python 3."""
+    return ord(b)if PY2 else b
+