t_crypt.py
Overview
t_crypt.py is a utility script designed to perform RSA-based encryption of input text strings. It reads a public RSA key from a PEM file, encodes the input string in base64, encrypts the base64-encoded string using the RSA public key with PKCS#1 v1.5 padding, and returns the encrypted data as a base64-encoded string. The script also supports command-line usage, enabling users to encrypt a password or any text string passed as an argument and print both the encrypted and decrypted values.
This file is part of a larger system that handles cryptographic operations, most likely within the InfiniFlow project, and relies on helper modules such as api.utils for decryption and file management utilities.
Detailed Description of Components
Imports
base64: For encoding and decoding data in base64 format.
os: For file path manipulations.
sys: For accessing command-line arguments.
Cryptodome.PublicKey.RSA: To import and handle RSA keys.
Cryptodome.Cipher.PKCS1_v1_5: To perform RSA encryption with PKCS#1 v1.5 padding.
api.utils.decrypt: A utility function (external) to decrypt the encrypted data.
api.utils.file_utils: A utility module (external) used to get the base directory of the project.
Function: crypt(line)
def crypt(line):
Purpose:
Encrypts a given string line using RSA public key encryption with PKCS#1 v1.5 padding.
Parameters:
line(str): The plaintext string to be encrypted.
Returns:
str: A base64-encoded string representing the RSA-encrypted input.
Description:
Key Loading:
Constructs the file path to the RSA public key located at
<project_base_directory>/conf/public.pem.Reads and imports the RSA public key using a password
"Welcome". (Note: Using a hardcoded password is generally discouraged for security reasons.)
Base64 Encoding:
Encodes the input plaintext string in UTF-8 and then base64-encodes it. This double encoding step ensures the input is in a suitable format for encryption.
Encryption:
Uses the RSA public key to create a cipher object with PKCS#1 v1.5 padding.
Encrypts the base64-encoded password.
Output Encoding:
The encrypted binary data is then base64-encoded again to produce a string safe for transport or storage.
Usage Example:
encrypted = crypt("my_secret_password")
print(encrypted) # Prints the base64-encoded encrypted password
Command-Line Interface
if __name__ == "__main__":
passwd = crypt(sys.argv[1])
print(passwd)
print(decrypt(passwd))
When executed directly, this script expects one command-line argument: the plaintext string to encrypt.
It prints the encrypted password.
Then, it calls the
decryptfunction (imported fromapi.utils) to decrypt the encrypted string and prints the decrypted result to verify correctness.
Important Implementation Details
RSA Key Handling:
The RSA public key is password-protected with the passphrase
"Welcome".The key is expected to be stored in PEM format under the
confdirectory relative to the project base directory.
Double Base64 Encoding:
The plaintext is first base64-encoded before encryption.
After encryption, the ciphertext is base64-encoded again.
This approach standardizes input for encryption and output for storage/transmission.
Encryption Scheme:
Uses
PKCS1_v1_5padding, a common RSA encryption padding scheme, which provides compatibility with many external systems but is less secure than OAEP padding.
External Dependencies:
The script assumes the presence of
api.utils.decryptfor decryption.It also depends on
api.utils.file_utils.get_project_base_directory()to locate the project root path.
Interaction with Other System Components
api.utils.decrypt:The complementary decryption function is used to verify the encrypted output.
This function is external and not defined in this file, indicating that
t_crypt.pyis part of a cryptographic utilities module.
api.utils.file_utils:Provides environment-specific file path resolution.
Ensures that the public key file is dynamically located relative to the project structure, improving portability.
Project Configuration:
The public key file
public.pemmust be present in theconffolder at the root of the project.The key is password protected, and the password is hardcoded here, suggesting a development/testing environment or a need for enhanced security measures.
Visual Diagram
Below is a class/function flowchart illustrating the main function crypt and its interaction with the external utilities for key retrieval and decryption.
flowchart TD
A[Start: Input string] --> B[crypt(line)]
B --> C{Get project base directory}
C --> D[Locate public.pem in conf/]
D --> E[Import RSA public key with password]
E --> F[Base64 encode input string]
F --> G[Encrypt base64 string with RSA PKCS1_v1_5]
G --> H[Base64 encode encrypted data]
H --> I[Return encrypted string]
subgraph External Utilities
C
J[decrypt(encrypted_string)]
end
I --> J
J --> K[Output decrypted string]
classDef extUtil fill:#f9f,stroke:#333,stroke-width:1px,color:#000
class C,J extUtil
Summary
t_crypt.pyprovides a straightforward RSA encryption utility for strings.It reads a password-protected RSA public key from a known configuration path.
Uses PKCS#1 v1.5 padding for encryption after base64-encoding the input.
Outputs the encrypted data as a base64 string.
Supports command-line usage for quick encryption and verification.
Relies on external utilities for project path resolution and decryption.
Recommendations
Security:
Avoid hardcoding the RSA key password in the source code.
Consider migrating from PKCS#1 v1.5 padding to OAEP padding (
PKCS1_OAEP) for better security.
Error Handling:
Add error handling for file I/O, key import failures, and encryption exceptions.
Testing:
Ensure the
decryptfunction is compatible with this encryption method.
Key Management:
Document the process of generating and protecting the RSA key pair.
This documentation should provide sufficient context for developers and maintainers working with t_crypt.py within the InfiniFlow system.