From 041690134d8274a0a1957c3c253838a58fed834a Mon Sep 17 00:00:00 2001
From: sz <sz@galacticicecube.com>
Date: Mon, 10 Feb 2020 22:25:01 -0600
Subject: [PATCH] This was sloppy -- changing the name will disable
 deduplication against ...

... existing backups, but now is the time to improve this.
---
 README.md         |  2 +-
 pog/pog.py        |  4 ++--
 setup.py          |  2 +-
 tests/test_pog.py | 22 +++++++++++-----------
 4 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 421f75d..9397479 100644
--- a/README.md
+++ b/README.md
@@ -51,7 +51,7 @@ python setup.py install
 	* the `.mfn` can be thought of as the dictionary for the archive.
 	* blobs *can* be decrypted without the manifest, *IF* the blob order is correct. However, only the file contents are stored in the blobs. The original file name and file metadata will not survive the trip.
 
-* blobs are named by urlsafe base64(sha256(secret + sha256(content)). The "secret" is derived from the encryption key.
+* blobs are named by urlsafe base64(sha256(sha256(secret) + sha256(content)). The "secret" is derived from the encryption key.
 	* the goal is to pseudo-randomize the names of the blobs, while still keeping them consistent for backups run with the same key.
 	* we want to "leak" the content hash only to the extent it's necessary to save work on successive backups (e.g. "I don't need to reupload blob X, it already exists")
 	* because we use the content hash for this purpose, we can achieve some amount of file de-duplication.
diff --git a/pog/pog.py b/pog/pog.py
index be00c83..8a4a379 100644
--- a/pog/pog.py
+++ b/pog/pog.py
@@ -153,7 +153,7 @@ def get_secret(keyfile=None):
 class Encryptor():
     def __init__(self, secret, crypto_box=None, chunk_size=100000000, compresslevel=3, store_absolute_paths=False,
                  blob_store=None):
-        self.secret = secret
+        self.secret = sha256(secret).digest()
         self.index_box = nacl_SecretBox(secret)
         self.box = crypto_box or self.index_box
         self.chunk_size = chunk_size
@@ -370,7 +370,7 @@ def decrypt(self, *inputs):
 
 
 def main():
-    args = docopt(__doc__, version='Pog 0.1.0')
+    args = docopt(__doc__, version='Pog 0.1.1')
     chunk_size = parse_size(args.get('--chunk-size', '100MB'))
     compresslevel = int(args.get('--compresslevel', '3'))
     store_absolute_paths = args.get('--store-absolute-paths')
diff --git a/setup.py b/setup.py
index 72613ed..1ef36d4 100644
--- a/setup.py
+++ b/setup.py
@@ -5,7 +5,7 @@
     name='pogcli',
     license='MIT',
     url='https://github.com/sz3/pog',
-    version='0.1.0',
+    version='0.1.1',
 
     entry_points={
         'console_scripts': [
diff --git a/tests/test_pog.py b/tests/test_pog.py
index b5df343..e7379b3 100644
--- a/tests/test_pog.py
+++ b/tests/test_pog.py
@@ -43,8 +43,8 @@ class KeyfileTest(TestDirMixin, TestCase):
     encryption_flag = f'--keyfile={POG_ROOT}/tests/samples/only_for_testing.encrypt'
     decryption_flag = encryption_flag
 
-    tiny_sample_blobname = 'Fx1xB8L8L1cRPdBzkr-L8mzPusnzEBjhrQseB3DaCU4='
-    another_sample_blobname = 'vyGFr38Y8A0xhonhxuiZXkjS8vIVjY6VDH0-BiLJuXo='
+    tiny_sample_blobname = 'BvbQeMboxw1jFDXe_ed5QsDWay5kvtlZ_qx7buz_z2M='
+    another_sample_blobname = 'vuWyVoUolWk2qRZ-48mvEoTuR5_SuzrN8uO6qusRZSE='
 
     consistency_mfn = 'keyfile-sample.mfn'
     consistency_blobname = 'US-1DnY1AVF1huiGj10G9SEGwCHa4GVxJcBnaCuAcXk='
@@ -196,8 +196,8 @@ class AsymmetricCryptoTest(KeyfileTest):
     encryption_flag = f'--encryption-keyfile={POG_ROOT}/tests/samples/only_for_testing.encrypt'
     decryption_flag = f'--decryption-keyfile={POG_ROOT}/tests/samples/only_for_testing.decrypt'
 
-    tiny_sample_blobname = 'p6VsgAeMwIwCGbnuZ7lZqRPX-Ur0pT3nwsoKX2mp3Bo='
-    another_sample_blobname = '1k05nlUe9UNx1-MDASPQgwAX0jKZwY4aaQvowhgUv1Q='
+    tiny_sample_blobname = 'Fx1xB8L8L1cRPdBzkr-L8mzPusnzEBjhrQseB3DaCU4='
+    another_sample_blobname = 'vyGFr38Y8A0xhonhxuiZXkjS8vIVjY6VDH0-BiLJuXo='
 
     consistency_mfn = 'asymmetric-sample.mfn'
     consistency_blobname = 'hq3mhX2mG_i_aVy2wv6jMGC5DjlerpvJ8O1Y_iayfPY='
@@ -233,8 +233,8 @@ def test_with_keyfile(self):
         # encrypt our sample file
         enc = self.run_command(f'--keyfile={POG_ROOT}/tests/samples/only_for_testing.encrypt', BigFileTest.big_sample)
         self.assertEqual(enc, [
-            'RiOpsEQbQpxrBvXL1s047hq54EhFXxWqwag-vMuiRfc=',
-            'YdK86P4e2191CxVBhZwvvPtwOLU6Ve1NzMhwLjxVXqg=',
+            'xyQWj-UXXZpwWXPF2c5_MsBm3cTfZFXayUVLLMlkt4Y=',
+            'HXBJ_N4EM2rywLdOWT02hccp4c_oLk0QyD2lc3vUttw=',
         ])
 
         # check that the manifest looks good
@@ -262,8 +262,8 @@ def test_with_asymmetric(self):
         enc = self.run_command(f'--encryption-keyfile={POG_ROOT}/tests/samples/only_for_testing.encrypt',
                                BigFileTest.big_sample)
         self.assertEqual(enc, [
-            'Yb5MnLUD6aV9EOd2F7WEYzil6ephYyVeantK0uzcSPo=',
-            'Ry2498AqCRLDQQj506moBXRiBLPd3ecTl-y5vvnGO0s=',
+            'RiOpsEQbQpxrBvXL1s047hq54EhFXxWqwag-vMuiRfc=',
+            'YdK86P4e2191CxVBhZwvvPtwOLU6Ve1NzMhwLjxVXqg=',
         ])
 
         # check that the manifest looks good
@@ -298,9 +298,9 @@ def test_smaller_chunk_size(self):
             '--chunk-size=50MB'
         )
         self.assertEqual(enc, [
-            'vC5TqoeAz94lQ2Lnaiq55XdfMWQGPI4TZ1XeykVFXkI=',
-            '_eqO1xjkc1mvww7iLkF_AAlZUAWw3yojKMD4EqQhU7Q=',
-            'Ry2498AqCRLDQQj506moBXRiBLPd3ecTl-y5vvnGO0s=',
+            'PURfe1ei1aqpPRarpAfKkcKPRSHdo5hPH-bvfYND2KM=',
+            'nnL4ta-BChpb36CIFeZUG4lJLiz8l0YVv94IaABcgyU=',
+            'YdK86P4e2191CxVBhZwvvPtwOLU6Ve1NzMhwLjxVXqg=',
         ])
 
         # check that the manifest looks good