Uses SSH agent to encrypt/decrypt arbitrary data

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for psherratt from gravatar.com psherratt

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache)
  • Author: Paul Sherratt
  • Tags ssh-agent , paramiko , cipher , cloginrc , encryption , keyring , ansible , vault
Classifiers
Report project as malware

Project description

PyPI
Codecov
Build Status

sagecipher (ssh agent cipher) provides an AES cipher, whose key is obtained by signing nonce data via SSH agent. The cipher is illustrated in the diagram below.

Contents

Installation

pip install sagecipher

Usage

Before using, ssh-agent must be running with at least one ssh-key available for producing cipher key material:

$ source <(ssh-agent)
Agent pid 3710

$ ssh-add
Enter passphrase for /home/somebody/.ssh/id_rsa:
Identity added: /home/somebody/.ssh/id_rsa (/home/somebody/.ssh/id_rsa)
If ssh-agent is not available or does not have any keys available, expect to see a
sagecipher.cipher.SshAgentKeyError Exception:
>>> from sagecipher import *
>>> cfail = SshAgentCipher()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "sagecipher/cipher.py", line 101, in __init__
    signature = sign_via_agent(self.challenge, self.fingerprint)
  File "sagecipher/cipher.py", line 230, in sign_via_agent
    raise SshAgentKeyError(SshAgentKeyError.E_NO_KEYS)
sagecipher.cipher.SshAgentKeyError: SSH agent is not running or no keys are available

Using sagecipher in a Python program

>>> from sagecipher import Cipher
>>>
>>> # Encrypts using the first SSH key available from SSH agent...
>>> enc_text = Cipher.encrypt_string("hello, world")
>>> text = Cipher.decrypt_string(enc_text)
>>> text
"hello, world"

Using the cli tool to provide on-demand decryption to other tools

Check sagecipher --help for usage. By default, the ‘decrypt’ operation will create a FIFO file, and then start a loop to decrypt out to the FIFO whenever it is opened.

$ sagecipher encrypt - encfile
Key not specified.  Please select from the following...
[1] ssh-rsa AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA
Selection (1..2): [1]:
Reading from STDIN...

secret sauce
(CTRL-D)
$ sagecipher decrypt encfile
secret sauce
$ mkfifo decfile
$ sagecipher decrypt encfile decfile &
[1] 16753
$ cat decfile # decfile is just a FIFO
secret sauce
$

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for psherratt from gravatar.com psherratt

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache)
  • Author: Paul Sherratt
  • Tags ssh-agent , paramiko , cipher , cloginrc , encryption , keyring , ansible , vault
Classifiers

Release history Release notifications | RSS feed

0.7.5

0.7.4

0.7.3

0.7.2

0.7.1

This version

0.7.0

0.6.5

0.6.4

0.6.3

0.6.2

0.6.1

0.6.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sagecipher-0.7.0.tar.gz (7.8 kB view details)

Uploaded Source

File details

Details for the file sagecipher-0.7.0.tar.gz.

File metadata

  • Download URL: sagecipher-0.7.0.tar.gz
  • Upload date:
  • Size: 7.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: Python-urllib/3.6

File hashes

Hashes for sagecipher-0.7.0.tar.gz
Algorithm Hash digest
SHA256 f9b0d595c9513d64d2ea33dc232071bc563e05189012e25b413c8d2d9c5ee2e7
MD5 cae67e51aa51c03470c569086d41509f
BLAKE2b-256 a4f05a373618624fa3d41c8ec30438320615bbea63a34e820a6cb96a0305b388

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page