Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Scripts for encrypting sensitive vit-ss db data
- Loading branch information
1 parent
b0300b6
commit aa6ebe1
Showing
8 changed files
with
896 additions
and
0 deletions.
There are no files selected for viewing
112 changes: 112 additions & 0 deletions
112
src/event-db/historic_data/fund_2/encrypt_fund2_sensitive_data.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
import argparse | ||
import base64 | ||
from cryptography.hazmat.primitives.asymmetric import padding | ||
from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey | ||
from cryptography.hazmat.primitives import hashes, serialization | ||
import os.path | ||
import shutil | ||
import sqlite3 | ||
|
||
event_id = 2 | ||
|
||
|
||
class Encryptor: | ||
@staticmethod | ||
def from_public_key_pem_file(path: str): | ||
with open(path, "rb") as f: | ||
rsa_pk = serialization.load_pem_public_key(data=f.read()) | ||
|
||
if not isinstance(rsa_pk, RSAPublicKey): | ||
print("Invalid key type: must be a RSA key") | ||
exit(1) | ||
|
||
if rsa_pk.key_size != 4096: | ||
print("Invalid key size: must be 4096 bits") | ||
exit(1) | ||
|
||
return Encryptor(rsa_pk) | ||
|
||
def __init__(self, pk: RSAPublicKey): | ||
self.rsa_pk = pk | ||
self.encoded_rsa_pk_der = base64.b64encode( | ||
self.rsa_pk.public_bytes( | ||
serialization.Encoding.DER, | ||
serialization.PublicFormat.SubjectPublicKeyInfo, | ||
) | ||
).decode() | ||
|
||
def encrypt(self, plaintext: bytes) -> str: | ||
ciphertext = self.rsa_pk.encrypt( | ||
plaintext, | ||
padding=padding.OAEP( | ||
padding.MGF1(algorithm=hashes.SHA256()), | ||
algorithm=hashes.SHA256(), | ||
label=None, | ||
), | ||
) | ||
|
||
encoded_ciphertext = base64.b64encode(ciphertext).decode() | ||
|
||
return f"RSA:{self.encoded_rsa_pk_der}:{encoded_ciphertext}" | ||
|
||
|
||
def encrypt_proposals_sensitive_data( | ||
encryptor: Encryptor, src_con: sqlite3.Connection, dst_con: sqlite3.Connection | ||
): | ||
src_cur = src_con.cursor() | ||
dst_cur = dst_con.cursor() | ||
|
||
rows = src_cur.execute("SELECT id, proposer_contact FROM proposals").fetchall() | ||
|
||
data = [] | ||
for row in rows: | ||
id = row[0] | ||
c = row[1] | ||
|
||
data.append((id, encryptor.encrypt(bytes(c, "utf-8")))) | ||
|
||
for id, d in data: | ||
dst_cur.execute( | ||
f"UPDATE proposals SET proposer_contact = ? WHERE id = ?", (d, id) | ||
) | ||
|
||
src_cur.close() | ||
dst_cur.close() | ||
|
||
|
||
def main(): | ||
parser = argparse.ArgumentParser( | ||
description=f"Encrypt fund {event_id} sensitive data." | ||
) | ||
parser.add_argument( | ||
"--db-path", | ||
help=f"Sqlite3 Fund{event_id} file to read.", | ||
) | ||
parser.add_argument( | ||
"--public-key-path", | ||
help="PEM file path for the RSA (4096 bits) public key to use when encrypting data.", | ||
) | ||
|
||
args = parser.parse_args() | ||
|
||
(db_path_base, _) = os.path.split(args.db_path) | ||
out_filepath = os.path.join( | ||
db_path_base, f"fund{event_id}_database_encrypted.sqlite3" | ||
) | ||
|
||
shutil.copyfile(args.db_path, out_filepath) | ||
|
||
src_con = sqlite3.connect(args.db_path) | ||
dst_con = sqlite3.connect(out_filepath) | ||
|
||
encryptor = Encryptor.from_public_key_pem_file(args.public_key_path) | ||
|
||
encrypt_proposals_sensitive_data(encryptor, src_con, dst_con) | ||
|
||
src_con.close() | ||
dst_con.commit() | ||
dst_con.close() | ||
|
||
|
||
if __name__ == "__main__": | ||
main() |
112 changes: 112 additions & 0 deletions
112
src/event-db/historic_data/fund_3/encrypt_fund3_sensitive_data.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
import argparse | ||
import base64 | ||
from cryptography.hazmat.primitives.asymmetric import padding | ||
from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey | ||
from cryptography.hazmat.primitives import hashes, serialization | ||
import os.path | ||
import shutil | ||
import sqlite3 | ||
|
||
event_id = 3 | ||
|
||
|
||
class Encryptor: | ||
@staticmethod | ||
def from_public_key_pem_file(path: str): | ||
with open(path, "rb") as f: | ||
rsa_pk = serialization.load_pem_public_key(data=f.read()) | ||
|
||
if not isinstance(rsa_pk, RSAPublicKey): | ||
print("Invalid key type: must be a RSA key") | ||
exit(1) | ||
|
||
if rsa_pk.key_size != 4096: | ||
print("Invalid key size: must be 4096 bits") | ||
exit(1) | ||
|
||
return Encryptor(rsa_pk) | ||
|
||
def __init__(self, pk: RSAPublicKey): | ||
self.rsa_pk = pk | ||
self.encoded_rsa_pk_der = base64.b64encode( | ||
self.rsa_pk.public_bytes( | ||
serialization.Encoding.DER, | ||
serialization.PublicFormat.SubjectPublicKeyInfo, | ||
) | ||
).decode() | ||
|
||
def encrypt(self, plaintext: bytes) -> str: | ||
ciphertext = self.rsa_pk.encrypt( | ||
plaintext, | ||
padding=padding.OAEP( | ||
padding.MGF1(algorithm=hashes.SHA256()), | ||
algorithm=hashes.SHA256(), | ||
label=None, | ||
), | ||
) | ||
|
||
encoded_ciphertext = base64.b64encode(ciphertext).decode() | ||
|
||
return f"RSA:{self.encoded_rsa_pk_der}:{encoded_ciphertext}" | ||
|
||
|
||
def encrypt_proposals_sensitive_data( | ||
encryptor: Encryptor, src_con: sqlite3.Connection, dst_con: sqlite3.Connection | ||
): | ||
src_cur = src_con.cursor() | ||
dst_cur = dst_con.cursor() | ||
|
||
rows = src_cur.execute("SELECT id, proposal_public_key FROM proposals").fetchall() | ||
|
||
data = [] | ||
for row in rows: | ||
id = row[0] | ||
c = row[1] | ||
|
||
data.append((id, encryptor.encrypt(bytes(c, "utf-8")))) | ||
|
||
for id, d in data: | ||
dst_cur.execute( | ||
f"UPDATE proposals SET proposal_public_key = ? WHERE id = ?", (d, id) | ||
) | ||
|
||
src_cur.close() | ||
dst_cur.close() | ||
|
||
|
||
def main(): | ||
parser = argparse.ArgumentParser( | ||
description=f"Encrypt fund {event_id} sensitive data." | ||
) | ||
parser.add_argument( | ||
"--db-path", | ||
help=f"Sqlite3 Fund{event_id} file to read.", | ||
) | ||
parser.add_argument( | ||
"--public-key-path", | ||
help="PEM file path for the RSA (4096 bits) public key to use when encrypting data.", | ||
) | ||
|
||
args = parser.parse_args() | ||
|
||
(db_path_base, _) = os.path.split(args.db_path) | ||
out_filepath = os.path.join( | ||
db_path_base, f"fund{event_id}_database_encrypted.sqlite3" | ||
) | ||
|
||
shutil.copyfile(args.db_path, out_filepath) | ||
|
||
src_con = sqlite3.connect(args.db_path) | ||
dst_con = sqlite3.connect(out_filepath) | ||
|
||
encryptor = Encryptor.from_public_key_pem_file(args.public_key_path) | ||
|
||
encrypt_proposals_sensitive_data(encryptor, src_con, dst_con) | ||
|
||
src_con.close() | ||
dst_con.commit() | ||
dst_con.close() | ||
|
||
|
||
if __name__ == "__main__": | ||
main() |
112 changes: 112 additions & 0 deletions
112
src/event-db/historic_data/fund_4/encrypt_fund4_sensitive_data.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
import argparse | ||
import base64 | ||
from cryptography.hazmat.primitives.asymmetric import padding | ||
from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey | ||
from cryptography.hazmat.primitives import hashes, serialization | ||
import os.path | ||
import shutil | ||
import sqlite3 | ||
|
||
event_id = 4 | ||
|
||
|
||
class Encryptor: | ||
@staticmethod | ||
def from_public_key_pem_file(path: str): | ||
with open(path, "rb") as f: | ||
rsa_pk = serialization.load_pem_public_key(data=f.read()) | ||
|
||
if not isinstance(rsa_pk, RSAPublicKey): | ||
print("Invalid key type: must be a RSA key") | ||
exit(1) | ||
|
||
if rsa_pk.key_size != 4096: | ||
print("Invalid key size: must be 4096 bits") | ||
exit(1) | ||
|
||
return Encryptor(rsa_pk) | ||
|
||
def __init__(self, pk: RSAPublicKey): | ||
self.rsa_pk = pk | ||
self.encoded_rsa_pk_der = base64.b64encode( | ||
self.rsa_pk.public_bytes( | ||
serialization.Encoding.DER, | ||
serialization.PublicFormat.SubjectPublicKeyInfo, | ||
) | ||
).decode() | ||
|
||
def encrypt(self, plaintext: bytes) -> str: | ||
ciphertext = self.rsa_pk.encrypt( | ||
plaintext, | ||
padding=padding.OAEP( | ||
padding.MGF1(algorithm=hashes.SHA256()), | ||
algorithm=hashes.SHA256(), | ||
label=None, | ||
), | ||
) | ||
|
||
encoded_ciphertext = base64.b64encode(ciphertext).decode() | ||
|
||
return f"RSA:{self.encoded_rsa_pk_der}:{encoded_ciphertext}" | ||
|
||
|
||
def encrypt_proposals_sensitive_data( | ||
encryptor: Encryptor, src_con: sqlite3.Connection, dst_con: sqlite3.Connection | ||
): | ||
src_cur = src_con.cursor() | ||
dst_cur = dst_con.cursor() | ||
|
||
rows = src_cur.execute("SELECT id, proposal_public_key FROM proposals").fetchall() | ||
|
||
data = [] | ||
for row in rows: | ||
id = row[0] | ||
c = row[1] | ||
|
||
data.append((id, encryptor.encrypt(bytes(c, "utf-8")))) | ||
|
||
for id, d in data: | ||
dst_cur.execute( | ||
f"UPDATE proposals SET proposal_public_key = ? WHERE id = ?", (d, id) | ||
) | ||
|
||
src_cur.close() | ||
dst_cur.close() | ||
|
||
|
||
def main(): | ||
parser = argparse.ArgumentParser( | ||
description=f"Encrypt fund {event_id} sensitive data." | ||
) | ||
parser.add_argument( | ||
"--db-path", | ||
help=f"Sqlite3 Fund{event_id} file to read.", | ||
) | ||
parser.add_argument( | ||
"--public-key-path", | ||
help="PEM file path for the RSA (4096 bits) public key to use when encrypting data.", | ||
) | ||
|
||
args = parser.parse_args() | ||
|
||
(db_path_base, _) = os.path.split(args.db_path) | ||
out_filepath = os.path.join( | ||
db_path_base, f"fund{event_id}_database_encrypted.sqlite3" | ||
) | ||
|
||
shutil.copyfile(args.db_path, out_filepath) | ||
|
||
src_con = sqlite3.connect(args.db_path) | ||
dst_con = sqlite3.connect(out_filepath) | ||
|
||
encryptor = Encryptor.from_public_key_pem_file(args.public_key_path) | ||
|
||
encrypt_proposals_sensitive_data(encryptor, src_con, dst_con) | ||
|
||
src_con.close() | ||
dst_con.commit() | ||
dst_con.close() | ||
|
||
|
||
if __name__ == "__main__": | ||
main() |
Oops, something went wrong.