diff --git a/decrypt_file.py b/decrypt_file.py index 381f4c9..791c4a1 100755 --- a/decrypt_file.py +++ b/decrypt_file.py @@ -23,8 +23,8 @@ import sys def main(): if len(sys.argv) < 3: - print('Decrypts a single file from a Cryptomator drive and prints to standard output') - print() + print('Decrypts a single file from a Cryptomator drive and prints to standard output', file=sys.stderr) + print('', file=sys.stderr) print('Usage: {} /path/to/vault.cryptomator /plaintext/path/within/drive'.format(sys.argv[0]), file=sys.stderr) sys.exit(1) diff --git a/lib_cryptomator_utils/cryptomator.py b/lib_cryptomator_utils/cryptomator.py index 6db5e49..74b6ac6 100644 --- a/lib_cryptomator_utils/cryptomator.py +++ b/lib_cryptomator_utils/cryptomator.py @@ -47,7 +47,7 @@ def load_vault_config(vault_config_path): vault_config_jwt_parts = vault_config_data.split('.') if len(vault_config_jwt_parts) != 3: - print('Error: Invalid JWT (got {} parts, expected 3)'.format(len(vault_config_jwt_parts))) + print('Error: Invalid JWT (got {} parts, expected 3)'.format(len(vault_config_jwt_parts)), file=sys.stderr) sys.exit(1) # Parse JWT header and payload @@ -55,29 +55,29 @@ def load_vault_config(vault_config_path): vault_config_header = json.loads(b64url_decode(vault_config_jwt_parts[0]).decode('utf-8')) vault_config_payload = json.loads(b64url_decode(vault_config_jwt_parts[1]).decode('utf-8')) except json.JSONDecodeError as ex: - print('Error: Malformed JWT (invalid JSON)') + print('Error: Malformed JWT (invalid JSON)', file=sys.stderr) import traceback; traceback.print_exc() sys.exit(1) # Validate settings if vault_config_header['typ'] != 'JWT': - print('Error: Malformed JWT (no "typ" in header)') + print('Error: Malformed JWT (no "typ" in header)', file=sys.stderr) sys.exit(1) if vault_config_header['alg'] != 'HS256': - print('Error: Unsupported JWT algorithm (got {}, expected HS256)'.format(vault_config_header['alg'])) + print('Error: Unsupported JWT algorithm (got {}, expected HS256)'.format(vault_config_header['alg']), file=sys.stderr) sys.exit(1) if vault_config_payload['format'] != 8: # Current Cryptomator vault format - print('Error: Unsupported vault format (got {}, expected 8)'.format(vault_config_payload['format'])) + print('Error: Unsupported vault format (got {}, expected 8)'.format(vault_config_payload['format']), file=sys.stderr) sys.exit(1) if vault_config_payload['cipherCombo'] != 'SIV_GCM': - print('Error: Unsupported vault cipher mode (got {}, expected SIV_GCM)'.format(vault_config_payload['cipherCombo'])) + print('Error: Unsupported vault cipher mode (got {}, expected SIV_GCM)'.format(vault_config_payload['cipherCombo']), file=sys.stderr) sys.exit(1) # ------------- # Read key file if not vault_config_header['kid'].startswith('masterkeyfile:'): - print('Error: Unsupported vault master key ID (got {}, expected masterkeyfile)'.format(vault_config_header['kid'])) + print('Error: Unsupported vault master key ID (got {}, expected masterkeyfile)'.format(vault_config_header['kid']), file=sys.stderr) sys.exit(1) master_key_path = os.path.join(os.path.split(vault_config_path)[0], vault_config_header['kid'][len('masterkeyfile:'):]) @@ -105,7 +105,7 @@ def load_vault_config(vault_config_path): primary_master_key = aes_key_unwrap(kek, base64.b64decode(master_key_config['primaryMasterKey'])) hmac_master_key = aes_key_unwrap(kek, base64.b64decode(master_key_config['hmacMasterKey'])) except InvalidUnwrap: - print('Error: Incorrect password') + print('Error: Incorrect password', file=sys.stderr) sys.exit(1) # ------------------------------- @@ -115,7 +115,7 @@ def load_vault_config(vault_config_path): expected_signature = hmac.digest(primary_master_key + hmac_master_key, (vault_config_jwt_parts[0] + '.' + vault_config_jwt_parts[1]).encode('utf-8'), 'SHA256') if b64url_encode(expected_signature) != vault_config_jwt_parts[2]: - print('Error: Invalid vault configuration file signature') + print('Error: Invalid vault configuration file signature', file=sys.stderr) sys.exit(1) return primary_master_key, hmac_master_key @@ -172,7 +172,7 @@ def list_directory(vault_path, primary_master_key, hmac_master_key, directory_id # Check directory ID given by dirid.c9r matches the expected directory ID stored_directory_id = decrypt_file(vault_path, primary_master_key, hashed_directory_id, 'dirid.c9r') if stored_directory_id != directory_id.encode('utf-8'): - print('Error: Unexpected dirid.c9r (got "{}", expected "{}")'.format(stored_directory_id.decode('utf-8'), directory_id)) + print('Error: Unexpected dirid.c9r (got "{}", expected "{}")'.format(stored_directory_id.decode('utf-8'), directory_id), file=sys.stderr) sys.exit(1) # List directory contents @@ -184,9 +184,9 @@ def list_directory(vault_path, primary_master_key, hmac_master_key, directory_id elif entry.name.endswith('.c9r'): directory_contents.append(decrypt_filename(primary_master_key, hmac_master_key, directory_id, entry.name)) elif entry.name.endswith('.c9s'): - print('Warning: Unsupported entry with long filename "{}" - not yet implemented'.format(entry.name)) + print('Warning: Unsupported entry with long filename "{}" - not yet implemented'.format(entry.name), file=sys.stderr) else: - print('Warning: Unknown file "{}" - ignoring'.format(entry.name)) + print('Warning: Unknown file "{}" - ignoring'.format(entry.name), file=sys.stderr) return directory_contents diff --git a/list_directory.py b/list_directory.py index 817d7c0..cfe9ee8 100755 --- a/list_directory.py +++ b/list_directory.py @@ -23,9 +23,9 @@ import sys def main(): if len(sys.argv) < 3: - print('Lists the contents of a given directory in a Cryptomator drive') - print() - print('Usage: {} /path/to/vault.cryptomator /plaintext/path/within/drive'.format(sys.argv[0])) + print('Lists the contents of a given directory in a Cryptomator drive', file=sys.stderr) + print('', file=sys.stderr) + print('Usage: {} /path/to/vault.cryptomator /plaintext/path/within/drive'.format(sys.argv[0]), file=sys.stderr) sys.exit(1) # Parse CLI arguments