Add utility to decrypt a given file

This commit is contained in:
RunasSudo 2024-05-26 01:30:03 +10:00
parent 283f432c7c
commit 251ca2671a
Signed by: RunasSudo
GPG Key ID: 7234E476BF21C61A
3 changed files with 88 additions and 25 deletions

52
decrypt_file.py Executable file
View File

@ -0,0 +1,52 @@
#!/usr/bin/env python3
# cryptomator-utils: Python utilities for inspecting Cryptomator drives
# Copyright (C) 2024 Lee Yingtong Li (RunasSudo)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
from lib_cryptomator_utils.cryptomator import decrypt_file, directory_path_to_id, encrypt_filename, hash_directory_id, load_vault_config
import os
import sys
def main():
if len(sys.argv) < 3:
print('Usage: {} /path/to/vault.cryptomator /plaintext/path/within/drive'.format(sys.argv[0]), file=sys.stderr)
sys.exit(1)
# Parse CLI arguments
vault_config_path = sys.argv[1]
target_directory = sys.argv[2]
vault_path = os.path.split(vault_config_path)[0]
# Load vault config (asks for password)
primary_master_key, hmac_master_key = load_vault_config(vault_config_path)
# Resolve the parent directory of the file
target_directory_parts = target_directory.strip('/').split('/')
directory_id = directory_path_to_id(vault_path, primary_master_key, hmac_master_key, '/'.join(target_directory_parts[:-1]))
# Decrypt the file
hashed_directory_id = hash_directory_id(primary_master_key, hmac_master_key, directory_id)
encrypted_filename = encrypt_filename(primary_master_key, hmac_master_key, directory_id, target_directory_parts[-1])
content = decrypt_file(vault_path, primary_master_key, hashed_directory_id, encrypted_filename)
# Print to stdout
sys.stdout.buffer.write(content)
sys.stdout.buffer.flush()
if __name__ == '__main__':
main()

View File

@ -130,6 +130,38 @@ def hash_directory_id(primary_master_key, hmac_master_key, directory_id):
hashed_directory_id = base64.b32encode(hashlib.sha1(encrypted_directory_id).digest()).decode('utf-8')
return hashed_directory_id
def directory_path_to_id(vault_path, primary_master_key, hmac_master_key, directory_path):
"""
Recurse the drive to resolve the directory ID for the directory at the given plaintext path
"""
directory_path_parts = directory_path.strip('/').split('/')
# Begin in root directory
# The root directory in Cryptomator has an empty directory ID
directory_id = ''
# Traverse path
for path_part in directory_path_parts:
if not path_part:
continue
# Hash the current directory ID
hashed_directory_id = hash_directory_id(primary_master_key, hmac_master_key, directory_id)
# Look up the encrypted path_part in the current directory
encrypted_filename = encrypt_filename(primary_master_key, hmac_master_key, directory_id, path_part)
# Get the directory ID of the part_path
subdirectory_dir_file = os.path.join(vault_path, 'd', hashed_directory_id[:2], hashed_directory_id[2:], encrypted_filename, 'dir.c9r')
with open(subdirectory_dir_file, 'r') as f:
new_directory_id = f.read()
# Traverse to the new directory ID
directory_id = new_directory_id
return directory_id
def list_directory(vault_path, primary_master_key, hmac_master_key, directory_id):
"""
Return a list of files and directories in the directory with the given plaintext directory ID

View File

@ -16,7 +16,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
from lib_cryptomator_utils.cryptomator import encrypt_filename, hash_directory_id, list_directory, load_vault_config
from lib_cryptomator_utils.cryptomator import directory_path_to_id, encrypt_filename, hash_directory_id, list_directory, load_vault_config
import os
import sys
@ -35,32 +35,11 @@ def main():
# Load vault config (asks for password)
primary_master_key, hmac_master_key = load_vault_config(vault_config_path)
# Resolve the target directory
target_directory_parts = target_directory.strip('/').split('/')
directory_id = directory_path_to_id(vault_path, primary_master_key, hmac_master_key, '/'.join(target_directory_parts))
# Begin in root directory
# The root directory in Cryptomator has an empty directory ID
directory_id = ''
# Traverse path
for path_part in target_directory_parts:
if not path_part:
continue
# Hash the current directory ID
hashed_directory_id = hash_directory_id(primary_master_key, hmac_master_key, directory_id)
# Look up the encrypted path_part in the current directory
encrypted_filename = encrypt_filename(primary_master_key, hmac_master_key, directory_id, path_part)
# Get the directory ID of the part_path
subdirectory_dir_file = os.path.join(vault_path, 'd', hashed_directory_id[:2], hashed_directory_id[2:], encrypted_filename, 'dir.c9r')
with open(subdirectory_dir_file, 'r') as f:
new_directory_id = f.read()
# Traverse to the new directory ID
directory_id = new_directory_id
# Now we have reached the requested directory, so print directory listing
# Print directory listing
for filename in sorted(list_directory(vault_path, primary_master_key, hmac_master_key, directory_id)):
print(filename)