Python Keepass Login Setup

In [11]:
# Allows passwords to be input without revealing them
import getpass

# Tool to encrypt text (passwords) // not designed for encrypt, just result matching
from passlib.hash import pbkdf2_sha256

# Tool to encrypt/decrypt text (Keepass passwords)
# pip install pycryptodome
from Crypto.Cipher import AES

# Tool to read/write config text files
try:
    from configparser import ConfigParser
except ImportError:
    from ConfigParser import ConfigParser  # ver. < 3.0

In [15]:

def createini(password, username):
    ini_file_name = 'kp_config.ini' 
    hash_name = username + "_hash"
    
    # instantiate
    config = ConfigParser()
    
    # parse existing file
    with open(ini_file_name, 'w') as configfile:
        config.write(configfile)

    # parse existing file
    config.read(ini_file_name)

    # add a new section and some values
    config.add_section('ENTRY 1')
    config.set('ENTRY 1', hash_name, password)
    #config.set('ENTRY 1', 'user1', username)

    with open(ini_file_name, 'w') as configfile:
        config.write(configfile)

def verify_username(username):
    hash_name = username + "_hash"
    
    # instantiate
    config = ConfigParser()
    
    # parse existing file
    config.read('kp_config.ini')
    
    # check if user exists
    i = 0
    while ((config.has_option('ENTRY 1', hash_name) == False) & (i < 5)):
        print("\nUsername incorrect, please try again.")
        hash_name = input("Confirm your username: ") + "_hash"
        i += 1
    
    if (config.has_option('ENTRY 1', hash_name) == True):
        print("\n\nUsername accepted.")
    else: 
        print("Too many tries. Please start over.")
        sys.exit()
        
def verify(username):
    pw_verify = getpass.getpass("Confirm your password: ")
    hash_name = username + "_hash"
    
    # instantiate
    config = ConfigParser()
    
    # parse existing file
    config.read('kp_config.ini')
    
    # read values from a section
    read_hash = config.get('ENTRY 1', hash_name)
    #read_user = config.get('ENTRY 1', 'user1')
    #int_val = config.getint('section_a', 'int_val')
    #float_val = config.getfloat('section_a', 'pi_val')
    i = 0
    while ((pbkdf2_sha256.verify(pw_verify, read_hash) == False) & (i < 5)):
        print("\nUsername or password incorrect, please try again.")
        pw_verify = getpass.getpass("Confirm your password: ")
        i += 1
        #while (pbkdf2_sha256.verify(pw_verify, read_hash) == False):
    if (pbkdf2_sha256.verify(pw_verify, read_hash) == True):       
        print("\nThanks " + username + ", your password was successful.")
    else:
        print("Too many tries. Please start over.")
        
def login(username, password):
    hash_name = username + "_hash"
    
    # instantiate
    config = ConfigParser()
    
    # parse existing file
    config.read('kp_config.ini')
    
    # read values from a section
    read_hash = config.get('ENTRY 1', hash_name)
    #read_user = config.get('ENTRY 1', 'user1')
    
    i = 0
    while ((pbkdf2_sha256.verify(password, read_hash) == False) & (i < 5)):
        print("\nUsername or password incorrect, please try again.")
        password = getpass.getpass("Confirm your password: ")
        i += 1
        #while (pbkdf2_sha256.verify(pw_verify, read_hash) == False):
    
    if (pbkdf2_sha256.verify(password, read_hash) == True):       
        print("\n\nThanks " + username + " -- login successful.")
    else:
        print("Too many tries. Please start over.")
        
def main():
    user = input("What is your username?")
    password = getpass.getpass("What is your password?")
    hash = pbkdf2_sha256.hash(password, rounds=500000, salt_size=16)
    createini(hash, user)
    verify(user)

In [16]:
main()

What is your username? ben1
What is your password? ····
Confirm your password:  ····



Thanks ben1, your password was successful.


In [17]:
login_user = input("Username: ")
verify_username(login_user)
login_pw = getpass.getpass("Password: ")
login(login_user, login_pw)

Username:  ben



Username incorrect, please try again.


Confirm your username:  ben



Username incorrect, please try again.


Confirm your username:  ben



Username incorrect, please try again.


Confirm your username:  ben



Username incorrect, please try again.


Confirm your username:  ben



Username incorrect, please try again.


Confirm your username:  ben


Too many tries. Please start over.


Password:  ····


NoOptionError: No option 'ben_hash' in section: 'ENTRY 1'

## Basic (non-python) format to pass to CMD to start KeePass

**DB using Key:** SHELLCOMMAND "KeePassPath + KeePassFileName.exe" "DBpath + DBfileName" " - preselect:" + "DBKeyPath + DBKeyFileName.key"

**DB normal:** SHELLCOMMAND "KeePassPath + KeePassFileName.exe" "DBpath + DBfileName"

---------------------------------------------
**Plain copy from VBS script:**
- wshshell.run (chr(34) + KPLocation + KPFileName + chr(34) + chr(34) + path + file + chr(34) + " -preselect:" + chr(34) + key_path + key_file + chr(34))

## Below is an example of AES encoding of the text
- I will probably use this for encoding the KeePass passwords
- Example from: https://stackoverflow.com/questions/27335726/how-do-i-encrypt-and-decrypt-a-string-in-python
- More info: https://stackoverflow.com/questions/20852664/python-pycrypto-encrypt-decrypt-text-files-with-aes

In [11]:
# WHOLE EXAMPLE TEXT FROM WEBSITE:

# obj = AES.new('This is a key123', AES.MODE_CFB, 'This is an IV456')
# message = "The answer is no"
# ciphertext = obj.encrypt(message)
# ciphertext
# '\xd6\x83\x8dd!VT\x92\xaa`A\x05\xe0\x9b\x8b\xf1'
# obj2 = AES.new('This is a key123', AES.MODE_CFB, 'This is an IV456')
# obj2.decrypt(ciphertext)
# 'The answer is no'

In [15]:
# FUNCTIONING EXAMPLE PART 1

obj = AES.new('This is a key123', AES.MODE_CFB, 'This is an IV456')
message = "The answer is no"
ciphertext = obj.encrypt(message)
ciphertext

b'\xd9\xfe_<d<\xfa\x0f\xfbo%\x17\x99\x001\x1f'

In [16]:
# FUNCTIONING EXAMPLE PART 2

obj2 = AES.new('This is a key123', AES.MODE_CFB, 'This is an IV456')
obj2.decrypt(ciphertext)

b'The answer is no'