From 3ffc7d45b92a6442ba15b8b8c08a379d2e6e5b64 Mon Sep 17 00:00:00 2001 From: RunasSudo Date: Sat, 18 Jan 2025 20:28:44 +1100 Subject: [PATCH] Add script to obtain the encrypted filename of a given file --- README.md | 1 + encrypt_filename.py | 51 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100755 encrypt_filename.py diff --git a/README.md b/README.md index 299f5a8..4871fbf 100644 --- a/README.md +++ b/README.md @@ -6,3 +6,4 @@ Includes scripts for: * Listing contents of a directory * Decrypting a single file +* Getting the encrypted filename of a single file diff --git a/encrypt_filename.py b/encrypt_filename.py new file mode 100755 index 0000000..41301b7 --- /dev/null +++ b/encrypt_filename.py @@ -0,0 +1,51 @@ +#!/usr/bin/env python3 + +# cryptomator-utils: Python utilities for inspecting Cryptomator drives +# Copyright (C) 2024-2025 Lee Yingtong Li (RunasSudo) +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +from lib_cryptomator_utils.cryptomator import directory_path_to_id, encrypt_filename, hash_directory_id, load_vault_config + +import os +import sys + +def main(): + if len(sys.argv) < 3: + print('Get the encrypted filename for a single file from a Cryptomator drive', file=sys.stderr) + print('', file=sys.stderr) + print('Usage: {} /path/to/vault.cryptomator /plaintext/path/within/drive'.format(sys.argv[0]), file=sys.stderr) + sys.exit(1) + + # Parse CLI arguments + vault_config_path = sys.argv[1] + target_file = sys.argv[2] + + vault_path = os.path.split(vault_config_path)[0] + + # Load vault config (asks for password) + primary_master_key, hmac_master_key = load_vault_config(vault_config_path) + + # Resolve the parent directory of the file + target_file_parts = target_file.strip('/').split('/') + directory_id = directory_path_to_id(vault_path, primary_master_key, hmac_master_key, '/'.join(target_file_parts[:-1])) + + # Get the encrypted filename + hashed_directory_id = hash_directory_id(primary_master_key, hmac_master_key, directory_id) + encrypted_filename = encrypt_filename(primary_master_key, hmac_master_key, directory_id, target_file_parts[-1]) + + print(os.path.join('d', hashed_directory_id[:2], hashed_directory_id[2:], encrypted_filename)) + +if __name__ == '__main__': + main()