|
|
|
@ -11,7 +11,6 @@ encfs --standard --extpass=./encfs_aes_getpass.py ~/.crypt ~/crypt
|
|
|
|
|
import os
|
|
|
|
|
import sys
|
|
|
|
|
import json
|
|
|
|
|
import base64
|
|
|
|
|
import hashlib
|
|
|
|
|
import binascii
|
|
|
|
|
|
|
|
|
@ -28,6 +27,15 @@ def wait_for_devices():
|
|
|
|
|
return devices
|
|
|
|
|
|
|
|
|
|
def choose_device(devices):
|
|
|
|
|
if not len(devices):
|
|
|
|
|
raise Exception("No Trezor connected!")
|
|
|
|
|
|
|
|
|
|
if len(devices) == 1:
|
|
|
|
|
try:
|
|
|
|
|
return HidTransport(devices[0])
|
|
|
|
|
except IOError:
|
|
|
|
|
raise Exception("Device is currently in use")
|
|
|
|
|
|
|
|
|
|
i = 0
|
|
|
|
|
sys.stderr.write("----------------------------\n")
|
|
|
|
|
sys.stderr.write("Available devices:\n")
|
|
|
|
@ -52,21 +60,13 @@ def choose_device(devices):
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
device_id = int(raw_input())
|
|
|
|
|
transport = HidTransport(devices[device_id])
|
|
|
|
|
return HidTransport(devices[device_id])
|
|
|
|
|
except:
|
|
|
|
|
raise Exception("Invalid choice, exiting...")
|
|
|
|
|
|
|
|
|
|
return transport
|
|
|
|
|
|
|
|
|
|
def main():
|
|
|
|
|
|
|
|
|
|
devices = wait_for_devices()
|
|
|
|
|
|
|
|
|
|
if len(devices) > 1:
|
|
|
|
|
transport = choose_device(devices)
|
|
|
|
|
else:
|
|
|
|
|
transport = HidTransport(devices[0])
|
|
|
|
|
|
|
|
|
|
transport = choose_device(devices)
|
|
|
|
|
client = TrezorClient(transport)
|
|
|
|
|
|
|
|
|
|
rootdir = os.environ['encfs_root'] # Read "man encfs" for more
|
|
|
|
@ -78,7 +78,8 @@ def main():
|
|
|
|
|
sys.stderr.write('Please provide label for new drive: ')
|
|
|
|
|
label = raw_input()
|
|
|
|
|
|
|
|
|
|
sys.stderr.write('Computer asked Trezor for new strong password.\nPlease confirm action on your device.\n')
|
|
|
|
|
sys.stderr.write('Computer asked Trezor for new strong password.\n')
|
|
|
|
|
sys.stderr.write('Please confirm action on your device.\n')
|
|
|
|
|
|
|
|
|
|
# 32 bytes, good for AES
|
|
|
|
|
trezor_entropy = client.get_entropy(32)
|
|
|
|
@ -89,24 +90,24 @@ def main():
|
|
|
|
|
raise Exception("32 bytes password expected")
|
|
|
|
|
|
|
|
|
|
bip32_path = [10, 0]
|
|
|
|
|
passw_encrypted = client.encrypt_keyvalue(bip32_path,
|
|
|
|
|
label, passw, False, True)
|
|
|
|
|
passw_encrypted = client.encrypt_keyvalue(bip32_path, label, passw, False, True)
|
|
|
|
|
|
|
|
|
|
f = open(passw_file, 'wb')
|
|
|
|
|
f.write(binascii.hexlify(label) + ',' + binascii.hexlify(passw_encrypted) + \
|
|
|
|
|
',' + binascii.hexlify(json.dumps(bip32_path)))
|
|
|
|
|
f.close()
|
|
|
|
|
data = {'label': label,
|
|
|
|
|
'bip32_path': bip32_path,
|
|
|
|
|
'password_encrypted_hex': binascii.hexlify(passw_encrypted)}
|
|
|
|
|
|
|
|
|
|
json.dump(data, open(passw_file, 'wb'))
|
|
|
|
|
|
|
|
|
|
# Let's load password
|
|
|
|
|
data = json.load(open(passw_file, 'r'))
|
|
|
|
|
|
|
|
|
|
sys.stderr.write('Please confirm action on your device.\n')
|
|
|
|
|
label, passw_encrypted, bip32_path = open(passw_file, 'r').read().split(',')
|
|
|
|
|
passw = client.decrypt_keyvalue(json.loads(binascii.unhexlify(bip32_path)),
|
|
|
|
|
binascii.unhexlify(label),
|
|
|
|
|
binascii.unhexlify(passw_encrypted),
|
|
|
|
|
passw = client.decrypt_keyvalue(data['bip32_path'],
|
|
|
|
|
data['label'],
|
|
|
|
|
binascii.unhexlify(data['password_encrypted_hex']),
|
|
|
|
|
False, True)
|
|
|
|
|
print passw
|
|
|
|
|
|
|
|
|
|
print passw
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
|
main()
|
|
|
|
|