ega-archive / crypt4gh Goto Github PK
View Code? Open in Web Editor NEWGA4GH cryptographic tools
Home Page: http://crypt4gh.readthedocs.io
License: Apache License 2.0
GA4GH cryptographic tools
Home Page: http://crypt4gh.readthedocs.io
License: Apache License 2.0
Test case:
Distributor ID: Ubuntu
Description: Ubuntu 16.04.5 LTS
Release: 16.04
Codename: xenial
python3 --version
Python 3.6.9
pip3 install git+https://github.com/EGA-archive/crypt4gh.git
Expected result: the tool is installed.
Actual result:
Traceback (most recent call last):
File "/usr/bin/pip3", line 11, in <module>
sys.exit(main())
File "/usr/lib/python3/dist-packages/pip/__init__.py", line 215, in main
locale.setlocale(locale.LC_ALL, '')
File "/usr/lib/python3.5/locale.py", line 594, in setlocale
return _setlocale(category, locale)
locale.Error: unsupported locale setting
Error in sys.excepthook:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/apport_python_hook.py", line 109, in apport_excepthook
pr.add_proc_info(extraenv=['PYTHONPATH', 'PYTHONHOME'])
File "/usr/lib/python3/dist-packages/apport/report.py", line 525, in add_proc_info
self.add_proc_environ(pid, extraenv)
File "/usr/lib/python3/dist-packages/apport/report.py", line 592, in add_proc_environ
env = _read_file('environ', dir_fd=proc_pid_fd).replace('\n', '\\n')
File "/usr/lib/python3/dist-packages/apport/report.py", line 73, in _read_file
with open(path, 'rb', opener=lambda path, mode: os.open(path, mode, dir_fd=dir_fd)) as fd:
File "/usr/lib/python3/dist-packages/apport/report.py", line 73, in <lambda>
with open(path, 'rb', opener=lambda path, mode: os.open(path, mode, dir_fd=dir_fd)) as fd:
TypeError: argument should be integer, not list
Original exception was:
Traceback (most recent call last):
File "/usr/bin/pip3", line 11, in <module>
sys.exit(main())
File "/usr/lib/python3/dist-packages/pip/__init__.py", line 215, in main
locale.setlocale(locale.LC_ALL, '')
File "/usr/lib/python3.5/locale.py", line 594, in setlocale
return _setlocale(category, locale)
locale.Error: unsupported locale setting
Work-around: export LC_ALL=C
Most of the tests in test_crypt4gh.py
and test_cli.py
are commented out. As we start collaborating on this together, we could be breaking things and not know it. Would be great if we can get these working again! ๐
When installing the library I get the following error:
Cloning https://github.com/EGA-archive/crypt4gh.git to /private/var/folders/1d/71z0tzqj39s7m3_yq504_t1r0000gn/T/pip-req-build-prc_7eza
Running command git clone -q https://github.com/EGA-archive/crypt4gh.git /private/var/folders/1d/71z0tzqj39s7m3_yq504_t1r0000gn/T/pip-req-build-prc_7eza
ERROR: Command errored out with exit status 1:
command: /private/tmp/venv/bin/python3.8 -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/private/var/folders/1d/71z0tzqj39s7m3_yq504_t1r0000gn/T/pip-req-build-prc_7eza/setup.py'"'"'; __file__='"'"'/private/var/folders/1d/71z0tzqj39s7m3_yq504_t1r0000gn/T/pip-req-build-prc_7eza/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /private/var/folders/1d/71z0tzqj39s7m3_yq504_t1r0000gn/T/pip-req-build-prc_7eza/pip-egg-info
cwd: /private/var/folders/1d/71z0tzqj39s7m3_yq504_t1r0000gn/T/pip-req-build-prc_7eza/
Complete output (7 lines):
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/private/var/folders/1d/71z0tzqj39s7m3_yq504_t1r0000gn/T/pip-req-build-prc_7eza/setup.py", line 7, in <module>
from crypt4gh import __version__, __author__, __title__, __doc__ as lega_doc, __license__, PROG
File "/private/var/folders/1d/71z0tzqj39s7m3_yq504_t1r0000gn/T/pip-req-build-prc_7eza/crypt4gh/__init__.py", line 25, in <module>
from nacl.exceptions import InvalidkeyError, BadSignatureError, CryptoError
ModuleNotFoundError: No module named 'nacl'
----------------------------------------
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
virtualenv /tmp/venv
source /tmp/venv/bin/activate
pip install git+https://github.com/EGA-archive/crypt4gh.git
setup.py
imports the ga4gh library to get the __version__
strings and some other metadata. But ga4gh/__init__.py
imports both nacl
and cryptography
, both of which aren't installed yet.
crypt4gh decrypt --sk ~/.ssh/chut_mac.sec < ***.c4gh
No supported encryption method
In cases where se several encryption keys are used, no error message is returned if one of the keys is missing.
Example. Command:
crypt4gh encrypt --recipient_pk key1.pub --recipient_pk key2.pub < input > out.c4gh
does not report any errors if key1.pub exists but key2.pub does not exist.
Hi! I am trying to decrypt some files and I have a secret key for that that I've set as passphrase:
export C4GH_PASSPHRASE= decryption key they sent me via email
I am trying to generate a secret key using ssh-keygen -t ed25519
and then I set this:
export C4GH_SECRET_KEY=โega_ed25519_key' generated as above
But when I try to decrypt my file using cat $file_to_decrypt | crypt4gh decrypt > "$file_to_decrypt"
I get the error:
Warning: Using a passphrase in an environment variable is insecure
Header too small
Do you know where the error is coming from? Many thanks in advance!
Would it be possible to add two features?
That will allow for multiple recipients to be added in the encryption process. Multiple recipients would then be able to decrypt the message.
In re-encryption to be allowed to add an additional recipient to the header without encrypting the data packet again. The result would be multiple recipients in the header and in turn multiple recipients can decrypt the message.
First of all, thank you for putting together this implementation. We used it in our usecase, to handle Crypt4GH-encrypted data in a DRS implementation. One limitation of the current implementation, however, is that the header and file data are always stored together, in the same file. The disadvantage is that re-encryption therefore implies creating a new header, and copying over the encrypted data, which may be substantial. Moreover, it may make sense, at times, to store the header and the data in entirely separate environments (e.g. encrypted file data in an S3 bucket, and the header in memory or in a database).
Would it be possible to extend the API to allow for writing the header and data to different files? As far as I can tell this would mean that all API functions would take two output files as arguments, instead of one, but this would not affect the CLI.
If this is an idea that meets with your approval, I can put together a PR.
docopt
hasn't received any updates since 2014, and only a source distribution is available on pypi. For my use case each dependency of crypt4gh required a built distribution (a wheel file) to work. I built a wheel file for docopt manually and everything is OK for my use case.
The docopt
project appears to be abandoned and users are reporting compatibility problems with newer versions of python. I just wanted to mention this as you might run into problems in the future.
Thanks for your work developing this great package ๐ฅณ
Test case:
openssl genpkey -algorithm x25519 -out writer.sec.pem
openssl pkey -in writer.sec.pem -pubout -out writer.pub.pem
openssl genpkey -algorithm x25519 -out reader.sec.pem
openssl pkey -in reader.sec.pem -pubout -out reader.pub.pem
crypt4gh encrypt --sk writer.sec.pem --recipient_pk reader.pub.pem < file > file.c4gh
Expected result: the file is encrypted.
Actual result:
Traceback (most recent call last):
File "/home/ubuntu/.local/bin/crypt4gh", line 8, in <module>
sys.exit(main())
File "/home/ubuntu/.local/lib/python3.6/site-packages/crypt4gh/__main__.py", line 21, in main
cmd(args)
File "/home/ubuntu/.local/lib/python3.6/site-packages/crypt4gh/cli.py", line 142, in encrypt
end_coordinate = range_end)
File "/home/ubuntu/.local/lib/python3.6/site-packages/crypt4gh/engine.py", line 91, in encrypt
header_bytes = header.serialize(header_packets)
File "/home/ubuntu/.local/lib/python3.6/site-packages/crypt4gh/header.py", line 75, in serialize
packets = list(packets)
File "/home/ubuntu/.local/lib/python3.6/site-packages/crypt4gh/header.py", line 259, in encrypt
encrypt_X25519_Chacha20_Poly1305(packet, seckey, recipient_pubkey))
File "/home/ubuntu/.local/lib/python3.6/site-packages/crypt4gh/header.py", line 150, in encrypt_X25519_Chacha20_Poly1305
pubkey = bytes(PrivateKey(seckey).public_key)
File "/home/ubuntu/.local/lib/python3.6/site-packages/nacl/public.py", line 90, in __init__
"bytes long raw secret key").format(self.SIZE)
nacl.exceptions.TypeError: PrivateKey must be created from a 32 bytes long raw secret key
When trying to generate keys with crypt4gh-keygen
I get the following error:
Traceback (most recent call last):
File "/private/tmp/venv/bin/crypt4gh-keygen", line 8, in <module>
sys.exit(main())
File "/private/tmp/venv/lib/python3.8/site-packages/crypt4gh/keys.py", line 263, in main
run(argv)
File "/private/tmp/venv/lib/python3.8/site-packages/crypt4gh/keys.py", line 259, in run
generate(seckey, pubkey, callback=cb, comment=comment)
File "/private/tmp/venv/lib/python3.8/site-packages/crypt4gh/keys.py", line 149, in generate
pkey = _encode_encrypted_private_key(sk, passphrase.encode(), comment)
File "/private/tmp/venv/lib/python3.8/site-packages/crypt4gh/keys.py", line 114, in _encode_encrypted_private_key
derived_key = _derive_key(kdfname, passphrase, salt, rounds)
File "/private/tmp/venv/lib/python3.8/site-packages/crypt4gh/keys.py", line 89, in _derive_key
return scrypt(passphrase, salt, 1<<14, 8, 1, dklen=32)
TypeError: scrypt() takes exactly 1 positional argument (5 given)
scrypt
function from hashlib
for example.crypt4gh-keygen --pk a --sk b
Update the call to scrypt
to take keyword arguments instead of positional.
When generating a c4gh-v1 key, we should ask confirmation for the passphrase.
We ask twice and compare the responses.
Is there any way to decrypt multiple files at once? Perhaps I'm missing a simple solution?
Wildcard seems to still only read in one file at at time. I wrote a looping script, but despite setting unlimited timeout, I can't seem to use a script with "expect" either to roll through the files one at a time. We have almost 1000 files to decrypt. Thank you!
pip install git+https://github.com/EGA-archive/crypt4gh.git
Collecting git+https://github.com/EGA-archive/crypt4gh.git
Cloning https://github.com/EGA-archive/crypt4gh.git to /tmp/pip-req-build-zze_dA
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "", line 1, in
File "/tmp/pip-req-build-zze_dA/setup.py", line 23
f'{PROG} = crypt4gh.main:main' ,
^
SyntaxError: invalid syntax
----------------------------------------
This is on:
Distributor ID: Ubuntu
Description: Ubuntu 16.04.5 LTS
Release: 16.04
Codename: xenial
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.