jizhilong/gen_git_crypt_key.py

## gen_git_crypt_key.py
#!/usr/bin/env python
import os
import struct
import hashlib
import hmac
import sys
import getpass


HMAC_KEY_FOR_AES = '\xa7\x8fd\xaa\xa9\x9cwWnjf\xf6bN\xb0\xb7<a\xdb\xd8\xbf\xc7\x99\xaf\xc1)\x96\xf8\xe4i`\xc3l\x94l7h'
HMAC_KEY_FOR_HMAC = '\x8f\xca\x93\xc86\xc7II&\x8c\xe4\x0cr\x94{\xe5\xe6\xd8\xcc'
PREFIX = '\x00GITCRYPTKEY'
FORMAT_VERSION = 2
HEADER_FIELD_END = 0
KEY_FIELD_VERSION = 1
KEY_VERSION = 0
KEY_FIELD_AES_KEY = 3
AES_KEY_LEN = 32
KEY_FIELD_HMAC_KEY = 5
HMAC_KEY_LEN = 64
KEY_FIELD_END = 0


def write_be32(f, i):
    f.write(struct.pack('>I', i))


def gen_keys(passwd):
    return hmac.HMAC(HMAC_KEY_FOR_AES, passwd, hashlib.sha256).digest(),\
           hmac.HMAC(HMAC_KEY_FOR_HMAC, passwd, hashlib.sha512).digest()


def gen_key_file(passwd, fname='.git/git-crypt/keys/default'):
    if not os.path.exists(os.path.dirname(fname)):
        os.makedirs(os.path.dirname(fname))
    aes_key, hmac_key = gen_keys(passwd)
    with open(fname, 'wb') as f:
        f.write(PREFIX)
        write_be32(f, FORMAT_VERSION)
        write_be32(f, HEADER_FIELD_END)

        write_be32(f, KEY_FIELD_VERSION)
        write_be32(f, 4)
        write_be32(f, KEY_VERSION)

        write_be32(f, KEY_FIELD_AES_KEY)
        write_be32(f, AES_KEY_LEN)
        f.write(aes_key)

        write_be32(f, KEY_FIELD_HMAC_KEY)
        write_be32(f, HMAC_KEY_LEN)
        f.write(hmac_key)

        write_be32(f, KEY_FIELD_END)


if __name__ == '__main__':
    passwd = getpass.getpass('input password to generate git crypt key: ')
    if len(sys.argv) >= 2:
        gen_key_file(passwd, sys.argv[1])
    else:
        gen_key_file(passwd)
	#!/usr/bin/env python
	import os
	import struct
	import hashlib
	import hmac
	import sys
	import getpass


	HMAC_KEY_FOR_AES = '\xa7\x8fd\xaa\xa9\x9cwWnjf\xf6bN\xb0\xb7<a\xdb\xd8\xbf\xc7\x99\xaf\xc1)\x96\xf8\xe4i`\xc3l\x94l7h'
	HMAC_KEY_FOR_HMAC = '\x8f\xca\x93\xc86\xc7II&\x8c\xe4\x0cr\x94{\xe5\xe6\xd8\xcc'
	PREFIX = '\x00GITCRYPTKEY'
	FORMAT_VERSION = 2
	HEADER_FIELD_END = 0
	KEY_FIELD_VERSION = 1
	KEY_VERSION = 0
	KEY_FIELD_AES_KEY = 3
	AES_KEY_LEN = 32
	KEY_FIELD_HMAC_KEY = 5
	HMAC_KEY_LEN = 64
	KEY_FIELD_END = 0


	def write_be32(f, i):
	f.write(struct.pack('>I', i))


	def gen_keys(passwd):
	return hmac.HMAC(HMAC_KEY_FOR_AES, passwd, hashlib.sha256).digest(),\
	hmac.HMAC(HMAC_KEY_FOR_HMAC, passwd, hashlib.sha512).digest()


	def gen_key_file(passwd, fname='.git/git-crypt/keys/default'):
	if not os.path.exists(os.path.dirname(fname)):
	os.makedirs(os.path.dirname(fname))
	aes_key, hmac_key = gen_keys(passwd)
	with open(fname, 'wb') as f:
	f.write(PREFIX)
	write_be32(f, FORMAT_VERSION)
	write_be32(f, HEADER_FIELD_END)

	write_be32(f, KEY_FIELD_VERSION)
	write_be32(f, 4)
	write_be32(f, KEY_VERSION)

	write_be32(f, KEY_FIELD_AES_KEY)
	write_be32(f, AES_KEY_LEN)
	f.write(aes_key)

	write_be32(f, KEY_FIELD_HMAC_KEY)
	write_be32(f, HMAC_KEY_LEN)
	f.write(hmac_key)

	write_be32(f, KEY_FIELD_END)


	if __name__ == '__main__':
	passwd = getpass.getpass('input password to generate git crypt key: ')
	if len(sys.argv) >= 2:
	gen_key_file(passwd, sys.argv[1])
	else:
	gen_key_file(passwd)