AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 19:04:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

WIP: Allow decrypting logins/credentials via the API

Browse Source
This commit is contained in:
wrongecho
2024-08-25 12:31:15 +01:00
parent a6113dc371
commit d37bdcdbcb
5 changed files with 211 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
functions.php
View File

@@ -382,7 +382,7 @@ function encryptLoginEntry($login_password_cleartext)
function apiDecryptLoginEntry($login_ciphertext, $api_key_decrypt_hash, $api_key_decrypt_password)
{
// TODO: try marking $api_key_decrypt_password as sensitive
// TODO: try marking $api_key_decrypt_password as sensitive - new in PHP 8.2
// Split the login entry (username/password) into IV and Ciphertext
$login_iv = substr($login_ciphertext, 0, 16);
@@ -395,6 +395,19 @@ function apiDecryptLoginEntry($login_ciphertext, $api_key_decrypt_hash, $api_key
return openssl_decrypt($login_ciphertext, 'aes-128-cbc', $site_encryption_master_key, 0, $login_iv);
}
function apiEncryptLoginEntry($credential_cleartext, $api_key_decrypt_hash, $api_key_decrypt_password)
{
$iv = randomString();
// Decrypt the api hash to get the master key
$site_encryption_master_key = decryptUserSpecificKey($api_key_decrypt_hash, $api_key_decrypt_password);
// Encrypt the credential using the master key
$ciphertext = openssl_encrypt($credential_cleartext, 'aes-128-cbc', $site_encryption_master_key, 0, $iv);
return $iv . $ciphertext;
}
// Get domain general info (whois + NS/A/MX records)
function getDomainRecords($name)
{