mnault000

Crude python script to create your own key

Recommended Posts

#!/usr/bin/python

 

# SHA1 encoder

import hashlib

import os

from base64 import b32encode

 

secret_to_generate = raw_input('Please Enter the name to encode for the secret: ')

hash_object = hashlib.sha1(secret_to_generate)

 

hex_dig = hash_object.hexdigest()

base32_dig = b32encode(hex_dig)

 

print 'This is the HEX Digest:              ', hex_dig

print 'This is your secret to share:  ', base32_dig

 

Note: I find this useful as I created many folders and only display the printed list on the web. From the folder name, I already know a key, so I just create the new secret remotely, assign it to my folder, and I can download whatever I need from home.

 

 

Share this post


Link to post
Share on other sites

Could you explain a bit more what that means exactly? Is a working secret creatable just by knowing the folder name or do you use a  "key" which creates a working secret?

Share this post


Link to post
Share on other sites

Hi, sorry I was a bit vague.

Here's what I mean. At home, I can host with bit torrent sync through my LAN a folder in which I can put stuff I will eventually need to download from somewhere around the world. A big advantage: the web server displaying the folder link does not host the actual data.

 

So here goes... I need to store a WinXP ISO with all related gizmos in a folder. I create the folder like WinXP_BTSync_what_is the_name_of_my_dog.

 

Once my folder is created with that name, I go to BTSync, assign that folder to sync, but instead of using the "generate secret", I use my own script in my first post, with the key --> WinXP_BTSync_Rex

So.. I'm in Europe, need to get the WinXP ISO.. I first install Bit torrent sync, then I browse my website to see which folder I need to sync (site only shows the folder name and content names). I will generate the secret from my dog's name (REX), and then the folder will sync.

 

I'm  working on having the ability to generate that secret directly from my website.

Share this post


Link to post
Share on other sites

This is what I Mean.. I created a folder named "demo_MY_DOG_NAME" for which I obviously know my dog's name.

So I'm somewhere on a computer and I need something at home in the above folder.

 

Go to my website (url below), and insert the string "demo_REX" (no quotes!!), and copy-paste the resulting secret into your bittorrent application for the folder you will sync with.

I like this approach for these reasons:

1) the data is not on the server hosting that url

2) I can prepare a multitude of directories with different password, and get anything encrypted.

 

(try my demo here --> http://redirect.imperialauriga.com:8011/base_btsync_portal/index.php )

 

For this demo, you will sync with a simple text file (.txt) I made for this proof-of-concept.

Share this post


Link to post
Share on other sites

hex_dig = hash_object.hexdigest()

base32_dig = b32encode(hex_dig)
 

 

You're converting the hex to base32 'incorrectly'. Simply if you're taking the bits from the hex and reencoding them as base32 it should be 4/5 the size of the hex. It looks like you're taking the hex as ASCII bytes and encoding that instead.

 

'Correctly' ..

Start with the string "cats" 

The SHA1 in hex is "8ebf601f8b808c32b8d2fb570c2e0fbdbb388add"

The SHA1 in base32 is "R27WAH4LQCGDFOGS7NLQYLQPXW5TRCW5"

 

Put that into BTSync and get ... cats.

 

 

NB: http://www.debath.co.uk/MakeAKey.htm ALL in javascript.

Share this post


Link to post
Share on other sites

Do you know how to make encrypted read-only secrets? I would be very interessted in having a python script to do that. It opens up so many features, you can setup encrypted inboxes where people can upload files, insecure caches, and so on.

Share this post


Link to post
Share on other sites

 

#!/usr/bin/python
 
# SHA1 encoder
import hashlib
import os
from base64 import b32encode
 
secret_to_generate = raw_input('Please Enter the name to encode for the secret: ')
hash_object = hashlib.sha1(secret_to_generate)
 
hex_dig = hash_object.hexdigest()
base32_dig = b32encode(hex_dig)
 
print 'This is the HEX Digest:              ', hex_dig
print 'This is your secret to share:  ', base32_dig
 
Note: I find this useful as I created many folders and only display the printed list on the web. From the folder name, I already know a key, so I just create the new secret remotely, assign it to my folder, and I can download whatever I need from home.

 

 

Any possible way of getting this in the form of a PHP script.

I tried wrapping my head around it, but i cant get RO keys to match from RW keys.

Share this post


Link to post
Share on other sites

I read that fast so i may have missed some info but there is a problem of security if you can generate a secret to access to a file just by knowing the name of the file. 

Share this post


Link to post
Share on other sites

Hi.. I was away for a bit. What do you mean security issue? there are none if done right.

if you create a folder, and insert in the name a clue as to what the key to encrypt that folder will be, then create the secret with that key. so in the future, just looking at the folder name will reveal that clue only to you.

I've had this for months, working flawlessly.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.