Work on cryptography

2025-07-13 10:16:12 +02:00 · 2014-09-27 13:15:46 -07:00 · 2014-09-27 13:15:46 -07:00 · a1b5a4099e
commit a1b5a4099e
parent e75e3d73a0
11 changed files with 69 additions and 17 deletions
--- a/jrnl/upgrade.py
+++ b/jrnl/upgrade.py
@ -4,12 +4,15 @@ from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
 import hashlib
 import util
 from . import __version__
+from . import EncryptedJournal
 import sys
+from cryptography.fernet import Fernet


 def upgrade_encrypted_journal(filename, key_plain):
    """Decrypts a journal in memory using the jrnl 1.x encryption scheme
    and returns it in plain text."""
+    util.prompt( "UPGRADING JOURNAL")
    with open(filename) as f:
        iv_cipher = f.read()
    iv, cipher = iv_cipher[:16], iv_cipher[16:]
@ -23,6 +26,11 @@ def upgrade_encrypted_journal(filename, key_plain):
        plain += unpadder.finalize()
    except ValueError:
        return None
+
+    key = EncryptedJournal.make_key(key_plain)
+    journal = Fernet(key).encrypt(plain.encode('utf-8'))
+    with open(filename, 'w') as f:
+        f.write(journal)
    return plain


@ -44,12 +52,15 @@ def upgrade_jrnl_if_necessary(config_path):
    plain_journals = {}
    for journal, journal_conf in config['journals'].items():
        if isinstance(journal_conf, dict):
-            if journal_conf.get("encrypted"):
+            if journal_conf.get("encrypt"):
                encrypted_journals[journal] = journal_conf.get("journal")
            else:
                plain_journals[journal] = journal_conf.get("journal")
        else:
-            plain_journals[journal] = journal_conf.get("journal")
+            if config.get('encrypt'):
+                encrypted_journals[journal] = journal_conf
+            else:
+                plain_journals[journal] = journal_conf
    if encrypted_journals:
        util.prompt("Following encrypted journals will be upgraded to jrnl {}:".format(__version__))
        for journal, path in encrypted_journals.items():
@ -63,3 +74,7 @@ def upgrade_jrnl_if_necessary(config_path):
    if not cont:
        util.prompt("jrnl NOT upgraded, exiting.")
        sys.exit(1)
+
+    for journal, path in encrypted_journals.items():
+        util.prompt("Enter password for {} journal (stored in {}).".format(journal, path))
+        util.get_password(keychain=journal, validator=lambda pwd: upgrade_encrypted_journal(path, pwd))