RunasSudo/cryptomator-utils
1
Fork 0
Code Issues Pull Requests Activity

Print informational messages to stderr

Browse Source
This commit is contained in:
RunasSudo 2024-05-26 01:54:25 +10:00
parent dc148214e5
commit bba6e782f1
Signed by: RunasSudo
GPG Key ID: 7234E476BF21C61A
3 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
decrypt_file.py
View File

@ -23,8 +23,8 @@ import sys
def main(): def main():
if len(sys.argv) < 3: if len(sys.argv) < 3:
print('Decrypts a single file from a Cryptomator drive and prints to standard output') print('Decrypts a single file from a Cryptomator drive and prints to standard output', file=sys.stderr)
print() print('', file=sys.stderr)
print('Usage: {} /path/to/vault.cryptomator /plaintext/path/within/drive'.format(sys.argv[0]), file=sys.stderr) print('Usage: {} /path/to/vault.cryptomator /plaintext/path/within/drive'.format(sys.argv[0]), file=sys.stderr)
sys.exit(1) sys.exit(1)

24
lib_cryptomator_utils/cryptomator.py
View File

@ -47,7 +47,7 @@ def load_vault_config(vault_config_path):
vault_config_jwt_parts = vault_config_data.split('.') vault_config_jwt_parts = vault_config_data.split('.')
if len(vault_config_jwt_parts) != 3: if len(vault_config_jwt_parts) != 3:
print('Error: Invalid JWT (got {} parts, expected 3)'.format(len(vault_config_jwt_parts))) print('Error: Invalid JWT (got {} parts, expected 3)'.format(len(vault_config_jwt_parts)), file=sys.stderr)
sys.exit(1) sys.exit(1)
# Parse JWT header and payload # Parse JWT header and payload
@ -55,29 +55,29 @@ def load_vault_config(vault_config_path):
vault_config_header = json.loads(b64url_decode(vault_config_jwt_parts[0]).decode('utf-8')) vault_config_header = json.loads(b64url_decode(vault_config_jwt_parts[0]).decode('utf-8'))
vault_config_payload = json.loads(b64url_decode(vault_config_jwt_parts[1]).decode('utf-8')) vault_config_payload = json.loads(b64url_decode(vault_config_jwt_parts[1]).decode('utf-8'))
except json.JSONDecodeError as ex: except json.JSONDecodeError as ex:
print('Error: Malformed JWT (invalid JSON)') print('Error: Malformed JWT (invalid JSON)', file=sys.stderr)
import traceback; traceback.print_exc() import traceback; traceback.print_exc()
sys.exit(1) sys.exit(1)
# Validate settings # Validate settings
if vault_config_header['typ'] != 'JWT': if vault_config_header['typ'] != 'JWT':
print('Error: Malformed JWT (no "typ" in header)') print('Error: Malformed JWT (no "typ" in header)', file=sys.stderr)
sys.exit(1) sys.exit(1)
if vault_config_header['alg'] != 'HS256': if vault_config_header['alg'] != 'HS256':
print('Error: Unsupported JWT algorithm (got {}, expected HS256)'.format(vault_config_header['alg'])) print('Error: Unsupported JWT algorithm (got {}, expected HS256)'.format(vault_config_header['alg']), file=sys.stderr)
sys.exit(1) sys.exit(1)
if vault_config_payload['format'] != 8: # Current Cryptomator vault format if vault_config_payload['format'] != 8: # Current Cryptomator vault format
print('Error: Unsupported vault format (got {}, expected 8)'.format(vault_config_payload['format'])) print('Error: Unsupported vault format (got {}, expected 8)'.format(vault_config_payload['format']), file=sys.stderr)
sys.exit(1) sys.exit(1)
if vault_config_payload['cipherCombo'] != 'SIV_GCM': if vault_config_payload['cipherCombo'] != 'SIV_GCM':
print('Error: Unsupported vault cipher mode (got {}, expected SIV_GCM)'.format(vault_config_payload['cipherCombo'])) print('Error: Unsupported vault cipher mode (got {}, expected SIV_GCM)'.format(vault_config_payload['cipherCombo']), file=sys.stderr)
sys.exit(1) sys.exit(1)
# ------------- # -------------
# Read key file # Read key file
if not vault_config_header['kid'].startswith('masterkeyfile:'): if not vault_config_header['kid'].startswith('masterkeyfile:'):
print('Error: Unsupported vault master key ID (got {}, expected masterkeyfile)'.format(vault_config_header['kid'])) print('Error: Unsupported vault master key ID (got {}, expected masterkeyfile)'.format(vault_config_header['kid']), file=sys.stderr)
sys.exit(1) sys.exit(1)
master_key_path = os.path.join(os.path.split(vault_config_path)[0], vault_config_header['kid'][len('masterkeyfile:'):]) master_key_path = os.path.join(os.path.split(vault_config_path)[0], vault_config_header['kid'][len('masterkeyfile:'):])
@ -105,7 +105,7 @@ def load_vault_config(vault_config_path):
primary_master_key = aes_key_unwrap(kek, base64.b64decode(master_key_config['primaryMasterKey'])) primary_master_key = aes_key_unwrap(kek, base64.b64decode(master_key_config['primaryMasterKey']))
hmac_master_key = aes_key_unwrap(kek, base64.b64decode(master_key_config['hmacMasterKey'])) hmac_master_key = aes_key_unwrap(kek, base64.b64decode(master_key_config['hmacMasterKey']))
except InvalidUnwrap: except InvalidUnwrap:
print('Error: Incorrect password') print('Error: Incorrect password', file=sys.stderr)
sys.exit(1) sys.exit(1)
# ------------------------------- # -------------------------------
@ -115,7 +115,7 @@ def load_vault_config(vault_config_path):
expected_signature = hmac.digest(primary_master_key + hmac_master_key, (vault_config_jwt_parts[0] + '.' + vault_config_jwt_parts[1]).encode('utf-8'), 'SHA256') expected_signature = hmac.digest(primary_master_key + hmac_master_key, (vault_config_jwt_parts[0] + '.' + vault_config_jwt_parts[1]).encode('utf-8'), 'SHA256')
if b64url_encode(expected_signature) != vault_config_jwt_parts[2]: if b64url_encode(expected_signature) != vault_config_jwt_parts[2]:
print('Error: Invalid vault configuration file signature') print('Error: Invalid vault configuration file signature', file=sys.stderr)
sys.exit(1) sys.exit(1)
return primary_master_key, hmac_master_key return primary_master_key, hmac_master_key
@ -172,7 +172,7 @@ def list_directory(vault_path, primary_master_key, hmac_master_key, directory_id
# Check directory ID given by dirid.c9r matches the expected directory ID # Check directory ID given by dirid.c9r matches the expected directory ID
stored_directory_id = decrypt_file(vault_path, primary_master_key, hashed_directory_id, 'dirid.c9r') stored_directory_id = decrypt_file(vault_path, primary_master_key, hashed_directory_id, 'dirid.c9r')
if stored_directory_id != directory_id.encode('utf-8'): if stored_directory_id != directory_id.encode('utf-8'):
print('Error: Unexpected dirid.c9r (got "{}", expected "{}")'.format(stored_directory_id.decode('utf-8'), directory_id)) print('Error: Unexpected dirid.c9r (got "{}", expected "{}")'.format(stored_directory_id.decode('utf-8'), directory_id), file=sys.stderr)
sys.exit(1) sys.exit(1)
# List directory contents # List directory contents
@ -184,9 +184,9 @@ def list_directory(vault_path, primary_master_key, hmac_master_key, directory_id
elif entry.name.endswith('.c9r'): elif entry.name.endswith('.c9r'):
directory_contents.append(decrypt_filename(primary_master_key, hmac_master_key, directory_id, entry.name)) directory_contents.append(decrypt_filename(primary_master_key, hmac_master_key, directory_id, entry.name))
elif entry.name.endswith('.c9s'): elif entry.name.endswith('.c9s'):
print('Warning: Unsupported entry with long filename "{}" - not yet implemented'.format(entry.name)) print('Warning: Unsupported entry with long filename "{}" - not yet implemented'.format(entry.name), file=sys.stderr)
else: else:
print('Warning: Unknown file "{}" - ignoring'.format(entry.name)) print('Warning: Unknown file "{}" - ignoring'.format(entry.name), file=sys.stderr)
return directory_contents return directory_contents

6
list_directory.py
View File

@ -23,9 +23,9 @@ import sys
def main(): def main():
if len(sys.argv) < 3: if len(sys.argv) < 3:
print('Lists the contents of a given directory in a Cryptomator drive') print('Lists the contents of a given directory in a Cryptomator drive', file=sys.stderr)
print() print('', file=sys.stderr)
print('Usage: {} /path/to/vault.cryptomator /plaintext/path/within/drive'.format(sys.argv[0])) print('Usage: {} /path/to/vault.cryptomator /plaintext/path/within/drive'.format(sys.argv[0]), file=sys.stderr)
sys.exit(1) sys.exit(1)
# Parse CLI arguments # Parse CLI arguments