- commit
- fd072bccd21dca8ae5b5ce87ec6845d8caba19e8
- parent
- 5bec34d88270e3e0617daa78554e684909425717
- Author
- Tobias Bengfort <tobias.bengfort@posteo.de>
- Date
- 2026-03-05 14:45
drop support for pkbf2
Diffstat
| M | xikeyring/keyring.py | 18 | +----------------- |
1 files changed, 1 insertions, 17 deletions
diff --git a/xikeyring/keyring.py b/xikeyring/keyring.py
@@ -6,8 +6,6 @@ from dataclasses import dataclass 6 6 import argon2 7 7 from cryptography.fernet import Fernet 8 8 from cryptography.fernet import InvalidToken9 -1 from cryptography.hazmat.primitives import hashes10 -1 from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC11 9 12 10 from .kernel_keyring import KernelKey 13 11 from .prompt import PinentryPrompt as Prompt @@ -36,18 +34,6 @@ class Crypt: 36 34 def __init__(self, password: bytes): 37 35 self.password = KernelKey(password) 38 3639 -1 def get_pkbf2(self, salt: bytes, iterations: int) -> bytes:40 -1 if iterations < 100_000:41 -1 raise ValueError('Too few iterations')42 -1 kdf = PBKDF2HMAC(43 -1 algorithm=hashes.SHA256(),44 -1 length=32,45 -1 salt=salt,46 -1 iterations=iterations,47 -1 )48 -1 key = kdf.derive(self.password.value)49 -1 return base64.urlsafe_b64encode(key)50 -151 37 def get_argon2( 52 38 self, 53 39 salt: bytes, @@ -85,9 +71,7 @@ class Crypt: 85 71 algo, salt, *params, content = data.split(b'$') 86 72 salt = base64.urlsafe_b64decode(salt) 87 73 params = [int(p, 10) for p in params]88 -1 if algo == b'fernet' and len(params) == 1:89 -1 key = self.get_pkbf2(salt, *params)90 -1 elif algo == b'fernet-argon2' and len(params) == 3:-1 74 if algo == b'fernet-argon2' and len(params) == 3: 91 75 key = self.get_argon2(salt, *params) 92 76 else: 93 77 raise TypeError('Unknown encryption algorithm')