Encfs script returns different password in tagged/published version than on master

[karelbilek]

I am using encfs script from here to encrypt my backups

https://github.com/trezor/python-trezor/blob/master/tools/encfs_aes_getpass.py

When using version from master, encfs shows error about wrong password (on a file encrypted by the older, previously installed version, from python repository). When using version from latest tag, it works. I did not investigate further cause of the issue.

[jonathancross]

Hi Karel, was nice to meet you briefly at 34C3.
Would be good to have the exact error message for this.
Seems that this script writes the encrypted password to password.dat file, so you can check if that file exists, then compare the values being returned from the Trezor in the 2 different versions of the library.

[karelbilek]

Sorry for late reply.

Hm. Master fails, on new volume, with this

Traceback (most recent call last):
  File "/home/g/dev/python-trezor/tools/encfs_aes_getpass.py", line 128, in <module>
    main()
  File "/home/g/dev/python-trezor/tools/encfs_aes_getpass.py", line 113, in main
    json.dump(data, open(passw_file, 'wb'))
  File "/usr/lib/python3.6/json/__init__.py", line 180, in dump
    fp.write(chunk)
TypeError: a bytes-like object is required, not 'str'
fatal: zero-length passwords are not allowed

v0.7.16 (newest tagged at the time of writing this issue) fails with

Traceback (most recent call last):
  File "/home/g/dev/python-trezor/tools/encfs_aes_getpass.py", line 18, in <module>
    from trezorlib.client import TrezorClient
ImportError: No module named trezorlib.client
fatal: zero-length passwords are not allowed

But that might be because I have new version already installed.

But when I install old python-trezor version with pip2, I get the same error.

And when I just run python2 repl, I get this

python2
Python 2.7.14 (default, Sep 23 2017, 22:06:14) 
[GCC 7.2.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from trezorlib.client import TrezorClient
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "trezorlib/client.py", line 31, in <module>
    from mnemonic import Mnemonic
ImportError: No module named mnemonic
>>> 

[karelbilek]

Hm, not sure how to install module mnemonic for python2.

pip2 says

Requirement already satisfied: mnemonic in /usr/local/lib/python3.6/dist-packages
Requirement already satisfied: pbkdf2 in /usr/local/lib/python3.6/dist-packages (from mnemonic)

even when I specifically install with pip2. However python2 then does not see the packages.

[karelbilek]

I did, but pip2 kept on installing things just for python3 :( I needed to force-reinstall pip2.

Anyway, everything started working (even the original issue), when I forcibly rewrote the first line of tools/encfs_aes_getpass.py from python3 to python2, and I installed everything under python2 and not python3.

[matejcik]

AFAICT, the problem is that the encfs script doesn't work with python 3 (and python-trezor master doesn't work with python 2)

i'll post a patch later and we'll see whether that fixes the problem

[prusnak]

Yes, let's deprecate Py2 completely and port all scripts to Py3- only syntax.

[karelbilek]

I can confirm. With existing encfs volumes encrypted with the script, python2 (with 0.9.0) works and python3 doesn't and says Error decoding volume key, password incorrect

With new volumes, python3 is not able to create them.

To reproduce:

encfs --standard --extpass=/path/to/python-trezor/tools/encfs_aes_getpass.py /path/to/encrypted /path/to/decrypted

encfs is in apt, although it shows this ugly warning on instal

[matejcik]

I think the commit I just sent fixes this.
But please try again with master and reopen if that's not the case.

[matejcik]

uhhhhhh nope the debug messages should really really go away o_O

[matejcik]

fixed in 688fe06

[karelbilek]

Hm. I tried it now and it shows "password incorrect", with current master and latest pip version.

I will try to hunt down the bug again.

[karelbilek]

When I

• downgrade trezor in pip to 0.9.0
• get 0.9.0 in python-trezor
• use trezor 1
• change python from python3 to python2 in the encfs tools

... it works. When I use everyhing from master and latest pip, it breaks

[karelbilek]

Please reopen. I cannot find where the issue is since I don't really understand all the python2/python3/bytes/hex thing

[matejcik]

current master is broken

[matejcik]

encfs script is again fixed in master, and contains a library version guard that should ensure that people don't mix-and-match