使用Python 2.7。我有两个python文件。一个文件输入密码,另一个文件输入密码并运行一个脚本,该脚本将ssh到多个主机中。问题是我的pynacl代码的编写方式将提示输入密码以使用它们作为密钥,而我希望它作为cronjob运行。 pynacl最简单的方法是什么?
我提供了我下面尝试的详细脚本。
#!/usr/bin/env python2.7
# -*- coding: utf-8 -*-
import nacl.secret
import nacl.utils
import base64
from pyblake2 import blake2b
import getpass
print "### ENCRYPTION"
# Fill password input into a blake2b key
# and use 32 byte as Salsa20 key
key = blake2b(digest_size=16)
key.update(getpass.getpass("Password to lock key:"))
key = key.hexdigest()
print "key: %s" % key
# This is your safe, you can use it to encrypt or decrypt messages
box = nacl.secret.SecretBox(key)
# This is our message to send, it must be a bytestring as SecretBox will
# treat is as just a binary blob of data.
msg = getpass.getpass("LDAP Password is:")
#msg = b"whohooäööppöööo"
print "LDAP Password to be sent: %s" % msg
nonce = nacl.utils.random(nacl.secret.SecretBox.NONCE_SIZE)
print "nonce: %s" % nacl.encoding.HexEncoder.encode(nonce)
encrypted = box.encrypt(msg, nonce, encoder=nacl.encoding.HexEncoder)
print "cipher: %s " % encrypted
print "### DECRYPTION"
key = blake2b(digest_size=16)
key.update(getpass.getpass("Password to retrieve key:"))
key = key.hexdigest()
nonce = None
print "nonce: %s" % nonce
print "key: %s" % key
box = nacl.secret.SecretBox(key)
msg = encrypted
print "msg: %s" % msg
ldappassword = box.decrypt(ciphertext=msg,encoder=nacl.encoding.HexEncoder)
print "ldap password is: %s" % ldappassword
我希望无需输入密码就可以解密,但我不想对它进行硬编码,这样黑客就可以看到它。