Commits

Jason R. Coombs  committed 8751161

Added a prefix to the plaintext to better detect incorrect passwords and trap those errors in _unlock.
Fixed _check_file so it now properly detects the existence of a proper file.

  • Participants
  • Parent commits 1cf1b06

Comments (0)

Files changed (1)

File keyring/backend.py

         config = ConfigParser.RawConfigParser()
         config.read(self.file_path)
         try:
-            config.get('keyring-setting', 'password reference')
+            config.get(
+                escape_for_ini('keyring-setting'),
+                escape_for_ini('password reference'),
+            )
         except (ConfigParser.NoSectionError, ConfigParser.NoOptionError):
             return False
         return True
         """
         self.keyring_key = self._getpass(
             'Please enter password for encrypted keyring: ')
-        ref_pw = self.get_password('keyring-setting', 'password reference')
-        if ref_pw != 'password reference value':
+        try:
+            ref_pw = self.get_password('keyring-setting', 'password reference')
+            assert ref_pw == 'password reference value'
+        except AssertionError:
             self._lock()
-            raise ValueError("Incorrect password")
+            raise ValueError("Incorrect Password")
 
     def _lock(self):
         """
         from Crypto.Cipher import AES
         IV = get_random_bytes(AES.block_size)
         cipher = self._create_cipher(self.keyring_key, salt, IV)
-        password_encrypted = cipher.encrypt(password)
+        password_encrypted = cipher.encrypt('pw:' + password)
         # Serialize the salt, IV, and encrypted password in a secure format
         data = dict(
             salt=salt, IV=IV, password_encrypted=password_encrypted,
             data[key] = data[key].decode('base64')
         cipher = self._create_cipher(self.keyring_key, data['salt'],
             data['IV'])
-        return cipher.decrypt(data['password_encrypted'])
+        plaintext = cipher.decrypt(data['password_encrypted'])
+        assert plaintext.startswith('pw:')
+        return plaintext[3:]
 
     def _convert_old_keyring(self, keyring_password=None):
         """Convert keyring to new format.