@@ -149,7 +149,7 @@ def __encrypt_key__(self, key, password, iterations, id, user=''):
149149 iv = get_random_bytes (16 )
150150 cipher = AES .new (kdfkey , AES .MODE_CBC , iv )
151151 # use it to encrypt the AES-256 key
152- plaintext = key + quote (self .config ['remember_suffix' ] + str (id ), safe = '~()*!\' ' ).encode ()
152+ plaintext = key + '#' . encode () + quote (self .config ['remember_suffix' ] + str (id ), safe = '~()*!\' ' ).encode ()
153153 # plaintext must be padded to be a multiple of 16 bytes
154154 plaintext_padded = pad (plaintext , 16 , style = 'pkcs7' )
155155 ciphertext = cipher .encrypt (plaintext_padded )
@@ -195,20 +195,28 @@ def __encrypt_content__(self, content, base_path, encryptcontent_path, encryptco
195195 obfuscate = 0
196196 uname = 0
197197 obfuscate_password = None
198+ encryptcontent_id = ''
198199
199200 if encryptcontent ['type' ] == 'password' :
200201 # get 32-bit AES-256 key from password_keystore
201202 key = encryptcontent ['key' ]
202- encryptcontent_keystore = self .setup ['password_keystore' ][encryptcontent ['password' ]]['store' ]
203+ keystore = self .setup ['password_keystore' ][encryptcontent ['password' ]]
204+ encryptcontent_id = quote (self .config ['remember_suffix' ] + str (keystore ['id' ]), safe = '~()*!\' ' )
205+ encryptcontent_keystore = keystore ['store' ]
203206 elif encryptcontent ['type' ] == 'level' :
207+ # get 32-bit AES-256 key from password_keystore
204208 key = encryptcontent ['key' ]
205- encryptcontent_keystore = self .setup ['level_keystore' ][encryptcontent ['level' ]]['store' ]
206- if self .setup ['level_keystore' ][encryptcontent ['level' ]].get ('uname' ):
209+ keystore = self .setup ['level_keystore' ][encryptcontent ['level' ]]
210+ encryptcontent_id = quote (self .config ['remember_suffix' ] + str (keystore ['id' ]), safe = '~()*!\' ' )
211+ encryptcontent_keystore = keystore ['store' ]
212+ if keystore .get ('uname' ):
207213 uname = 1
208214 elif encryptcontent ['type' ] == 'obfuscate' :
209215 # get 32-bit AES-256 key from password_keystore
210216 key = encryptcontent ['key' ]
211- encryptcontent_keystore = self .setup ['obfuscate_keystore' ][encryptcontent ['obfuscate' ]]['store' ]
217+ keystore = self .setup ['obfuscate_keystore' ][encryptcontent ['obfuscate' ]]
218+ encryptcontent_id = quote (self .config ['remember_suffix' ] + str (keystore ['id' ]), safe = '~()*!\' ' )
219+ encryptcontent_keystore = keystore ['store' ]
212220 obfuscate = 1
213221 obfuscate_password = encryptcontent ['obfuscate' ]
214222
@@ -234,6 +242,7 @@ def __encrypt_content__(self, content, base_path, encryptcontent_path, encryptco
234242 'ciphertext_bundle' : ';' .join (ciphertext_bundle ),
235243 'js_libraries' : js_libraries ,
236244 'base_path' : base_path ,
245+ 'encryptcontent_id' : encryptcontent_id ,
237246 'encryptcontent_path' : encryptcontent_path ,
238247 'encryptcontent_keystore' : json .dumps (encryptcontent_keystore ),
239248 'inject_something' : inject_something ,
@@ -408,6 +417,7 @@ def on_config(self, config, **kwargs):
408417 for level in self .config ['password_inventory' ].keys ():
409418 new_entry = {}
410419 self .keystore_id += 1
420+ new_entry ['id' ] = self .keystore_id
411421 new_entry ['key' ] = get_random_bytes (32 )
412422 credentials = self .config ['password_inventory' ][level ]
413423 if isinstance (credentials , list ):
@@ -429,7 +439,8 @@ def on_config(self, config, **kwargs):
429439 new_entry ['store' ].append (';' .join (keystore + (userhash ,)))
430440 else :
431441 keystore = self .__encrypt_key__ (new_entry ['key' ], credentials , self .setup ['kdf_iterations' ], self .keystore_id )
432- new_entry ['store' ] = ';' .join (keystore )
442+ new_entry ['store' ] = []
443+ new_entry ['store' ].append (';' .join (keystore ))
433444 self .setup ['level_keystore' ][level ] = new_entry
434445
435446 if self .config ['sign_files' ]:
@@ -586,8 +597,11 @@ def on_page_markdown(self, markdown, page, config, **kwargs):
586597 if encryptcontent ['password' ] not in self .setup ['password_keystore' ]:
587598 new_entry = {}
588599 self .keystore_id += 1
600+ new_entry ['id' ] = self .keystore_id
589601 new_entry ['key' ] = get_random_bytes (32 )
590- new_entry ['store' ] = ';' .join (self .__encrypt_key__ (new_entry ['key' ], encryptcontent ['password' ], self .setup ['kdf_iterations' ], self .keystore_id ))
602+ keystore = self .__encrypt_key__ (new_entry ['key' ], encryptcontent ['password' ], self .setup ['kdf_iterations' ], self .keystore_id )
603+ new_entry ['store' ] = []
604+ new_entry ['store' ].append (';' .join (keystore ))
591605 self .setup ['password_keystore' ][encryptcontent ['password' ]] = new_entry
592606 encryptcontent ['type' ] = 'password'
593607 encryptcontent ['key' ] = self .setup ['password_keystore' ][encryptcontent ['password' ]]['key' ]
@@ -599,8 +613,12 @@ def on_page_markdown(self, markdown, page, config, **kwargs):
599613 elif encryptcontent .get ('obfuscate' ):
600614 if encryptcontent ['obfuscate' ] not in self .setup ['obfuscate_keystore' ]:
601615 new_entry = {}
616+ self .keystore_id += 1
617+ new_entry ['id' ] = self .keystore_id
602618 new_entry ['key' ] = get_random_bytes (32 )
603- new_entry ['store' ] = ';' .join (self .__encrypt_key__ (new_entry ['key' ], encryptcontent ['obfuscate' ], 1 , 0 ))
619+ keystore = self .__encrypt_key__ (new_entry ['key' ], encryptcontent ['obfuscate' ], 1 , self .keystore_id )
620+ new_entry ['store' ] = []
621+ new_entry ['store' ].append (';' .join (keystore ))
604622 self .setup ['obfuscate_keystore' ][encryptcontent ['obfuscate' ]] = new_entry
605623 encryptcontent ['type' ] = 'obfuscate'
606624 encryptcontent ['key' ] = self .setup ['obfuscate_keystore' ][encryptcontent ['obfuscate' ]]['key' ]
0 commit comments