Add utility to decrypt a given file

decrypt_file.py

@@ -0,0 +1,52 @@
+#!/usr/bin/env python3
+
+#   cryptomator-utils: Python utilities for inspecting Cryptomator drives
+#   Copyright (C) 2024  Lee Yingtong Li (RunasSudo)
+#
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU Affero General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU Affero General Public License for more details.
+#
+#   You should have received a copy of the GNU Affero General Public License
+#   along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+from lib_cryptomator_utils.cryptomator import decrypt_file, directory_path_to_id, encrypt_filename, hash_directory_id, load_vault_config
+
+import os
+import sys
+
+def main():
+	if len(sys.argv) < 3:
+		print('Usage: {} /path/to/vault.cryptomator /plaintext/path/within/drive'.format(sys.argv[0]), file=sys.stderr)
+		sys.exit(1)
+	
+	# Parse CLI arguments
+	vault_config_path = sys.argv[1]
+	target_directory = sys.argv[2]
+	
+	vault_path = os.path.split(vault_config_path)[0]
+	
+	# Load vault config (asks for password)
+	primary_master_key, hmac_master_key = load_vault_config(vault_config_path)
+	
+	# Resolve the parent directory of the file
+	target_directory_parts = target_directory.strip('/').split('/')
+	directory_id = directory_path_to_id(vault_path, primary_master_key, hmac_master_key, '/'.join(target_directory_parts[:-1]))
+	
+	# Decrypt the file
+	hashed_directory_id = hash_directory_id(primary_master_key, hmac_master_key, directory_id)
+	encrypted_filename = encrypt_filename(primary_master_key, hmac_master_key, directory_id, target_directory_parts[-1])
+	content = decrypt_file(vault_path, primary_master_key, hashed_directory_id, encrypted_filename)
+	
+	# Print to stdout
+	sys.stdout.buffer.write(content)
+	sys.stdout.buffer.flush()
+
+if __name__ == '__main__':
+	main()

lib_cryptomator_utils/cryptomator.py

@@ -130,6 +130,38 @@ def hash_directory_id(primary_master_key, hmac_master_key, directory_id):
 	hashed_directory_id = base64.b32encode(hashlib.sha1(encrypted_directory_id).digest()).decode('utf-8')
 	return hashed_directory_id
 
+def directory_path_to_id(vault_path, primary_master_key, hmac_master_key, directory_path):
+	"""
+	Recurse the drive to resolve the directory ID for the directory at the given plaintext path
+	"""
+	
+	directory_path_parts = directory_path.strip('/').split('/')
+	
+	# Begin in root directory
+	# The root directory in Cryptomator has an empty directory ID
+	directory_id = ''
+	
+	# Traverse path
+	for path_part in directory_path_parts:
+		if not path_part:
+			continue
+		
+		# Hash the current directory ID
+		hashed_directory_id = hash_directory_id(primary_master_key, hmac_master_key, directory_id)
+		
+		# Look up the encrypted path_part in the current directory
+		encrypted_filename = encrypt_filename(primary_master_key, hmac_master_key, directory_id, path_part)
+		
+		# Get the directory ID of the part_path
+		subdirectory_dir_file = os.path.join(vault_path, 'd', hashed_directory_id[:2], hashed_directory_id[2:], encrypted_filename, 'dir.c9r')
+		with open(subdirectory_dir_file, 'r') as f:
+			new_directory_id = f.read()
+		
+		# Traverse to the new directory ID
+		directory_id = new_directory_id
+	
+	return directory_id
+
 def list_directory(vault_path, primary_master_key, hmac_master_key, directory_id):
 	"""
 	Return a list of files and directories in the directory with the given plaintext directory ID

list_directory.py

@@ -16,7 +16,7 @@
 #   You should have received a copy of the GNU Affero General Public License
 #   along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
-from lib_cryptomator_utils.cryptomator import encrypt_filename, hash_directory_id, list_directory, load_vault_config
+from lib_cryptomator_utils.cryptomator import directory_path_to_id, encrypt_filename, hash_directory_id, list_directory, load_vault_config
 
 import os
 import sys
@@ -35,32 +35,11 @@ def main():
 	# Load vault config (asks for password)
 	primary_master_key, hmac_master_key = load_vault_config(vault_config_path)
 	
+	# Resolve the target directory
 	target_directory_parts = target_directory.strip('/').split('/')
+	directory_id = directory_path_to_id(vault_path, primary_master_key, hmac_master_key, '/'.join(target_directory_parts))
 	
-	# Begin in root directory
+	# Print directory listing
-	# The root directory in Cryptomator has an empty directory ID
-	directory_id = ''
-	
-	# Traverse path
-	for path_part in target_directory_parts:
-		if not path_part:
-			continue
-		
-		# Hash the current directory ID
-		hashed_directory_id = hash_directory_id(primary_master_key, hmac_master_key, directory_id)
-		
-		# Look up the encrypted path_part in the current directory
-		encrypted_filename = encrypt_filename(primary_master_key, hmac_master_key, directory_id, path_part)
-		
-		# Get the directory ID of the part_path
-		subdirectory_dir_file = os.path.join(vault_path, 'd', hashed_directory_id[:2], hashed_directory_id[2:], encrypted_filename, 'dir.c9r')
-		with open(subdirectory_dir_file, 'r') as f:
-			new_directory_id = f.read()
-		
-		# Traverse to the new directory ID
-		directory_id = new_directory_id
-	
-	# Now we have reached the requested directory, so print directory listing
 	for filename in sorted(list_directory(vault_path, primary_master_key, hmac_master_key, directory_id)):
 		print(filename)