gbkomi 0.1.0__tar.gz

gbkomi-0.1.0/PKG-INFO

@@ -0,0 +1,26 @@
+Metadata-Version: 2.4
+Name: gbkomi
+Version: 0.1.0
+Summary: Secure encrypted token storage for Python
+Author-email: Your Name <qqqwwweeeshah@gmail.com>
+License: MIT
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: cryptography>=42.0.0
+Requires-Dist: argon2-cffi>=23.1.0
+
+# gbkomi
+
+Secure encrypted token storage for Python using Argon2id + AES-256-GCM.
+
+## Features
+
+- Store secrets in encrypted `.gbkomi` files
+- Password-based encryption
+- CLI for managing secrets
+- Authenticated encryption with AES-GCM
+- Strong key derivation with Argon2id
+
+## Install
+```bash
+pip install gbkomi

gbkomi-0.1.0/README.md

@@ -0,0 +1,15 @@
+# gbkomi
+
+Secure encrypted token storage for Python using Argon2id + AES-256-GCM.
+
+## Features
+
+- Store secrets in encrypted `.gbkomi` files
+- Password-based encryption
+- CLI for managing secrets
+- Authenticated encryption with AES-GCM
+- Strong key derivation with Argon2id
+
+## Install
+```bash
+pip install gbkomi

gbkomi-0.1.0/pyproject.toml

@@ -0,0 +1,27 @@
+[build-system]
+requires = ["setuptools>=68", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "gbkomi"
+version = "0.1.0"
+description = "Secure encrypted token storage for Python"
+readme = "README.md"
+requires-python = ">=3.9"
+license = { text = "MIT" }
+authors = [
+  { name = "Your Name", email = "qqqwwweeeshah@gmail.com" }
+]
+dependencies = [
+  "cryptography>=42.0.0",
+  "argon2-cffi>=23.1.0"
+]
+
+[project.scripts]
+gbkomi = "gbkomi.cli:main"
+
+[tool.setuptools]
+package-dir = {"" = "src"}
+
+[tool.setuptools.packages.find]
+where = ["src"]

gbkomi-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

gbkomi-0.1.0/src/gbkomi/__init__.py

@@ -0,0 +1,2 @@
+__all__ = ["create_vault", "load_vault"]
+__version__ = "0.1.0"

gbkomi-0.1.0/src/gbkomi/cli.py

@@ -0,0 +1,65 @@
+import argparse
+import getpass
+import sys
+
+from .vault import create_vault, set_secret, get_secret, delete_secret, list_secrets
+
+
+def prompt_password(confirm: bool = False) -> str:
+    pwd = getpass.getpass("Password: ")
+    if confirm:
+        pwd2 = getpass.getpass("Confirm password: ")
+        if pwd != pwd2:
+            print("Passwords do not match.", file=sys.stderr)
+            sys.exit(1)
+    return pwd
+
+
+def main():
+    parser = argparse.ArgumentParser(prog="gbkomi")
+    sub = parser.add_subparsers(dest="command", required=True)
+
+    p_init = sub.add_parser("init")
+    p_init.add_argument("path")
+
+    p_set = sub.add_parser("set")
+    p_set.add_argument("path")
+    p_set.add_argument("key")
+    p_set.add_argument("value")
+
+    p_get = sub.add_parser("get")
+    p_get.add_argument("path")
+    p_get.add_argument("key")
+
+    p_list = sub.add_parser("list")
+    p_list.add_argument("path")
+
+    p_del = sub.add_parser("delete")
+    p_del.add_argument("path")
+    p_del.add_argument("key")
+
+    args = parser.parse_args()
+
+    if args.command == "init":
+        pwd = prompt_password(confirm=True)
+        create_vault(args.path, pwd)
+        print(f"Vault created: {args.path}")
+
+    elif args.command == "set":
+        pwd = prompt_password()
+        set_secret(args.path, pwd, args.key, args.value)
+        print(f"Saved: {args.key}")
+
+    elif args.command == "get":
+        pwd = prompt_password()
+        print(get_secret(args.path, pwd, args.key))
+
+    elif args.command == "list":
+        pwd = prompt_password()
+        for key in list_secrets(args.path, pwd):
+            print(key)
+
+    elif args.command == "delete":
+        pwd = prompt_password()
+        delete_secret(args.path, pwd, args.key)
+        print(f"Deleted: {args.key}")

gbkomi-0.1.0/src/gbkomi/crypto.py

@@ -0,0 +1,33 @@
+import os
+from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+from cryptography.hazmat.primitives.kdf.argon2 import Argon2id
+
+
+def derive_key(password: str, salt: bytes) -> bytes:
+    kdf = Argon2id(
+        salt=salt,
+        length=32,
+        iterations=3,
+        lanes=4,
+        memory_cost=65536,
+    )
+    return kdf.derive(password.encode("utf-8"))
+
+
+def encrypt_bytes(data: bytes, password: str) -> dict:
+    salt = os.urandom(16)
+    nonce = os.urandom(12)
+    key = derive_key(password, salt)
+    aesgcm = AESGCM(key)
+    ciphertext = aesgcm.encrypt(nonce, data, None)
+    return {
+        "salt": salt,
+        "nonce": nonce,
+        "ciphertext": ciphertext,
+    }
+
+
+def decrypt_bytes(salt: bytes, nonce: bytes, ciphertext: bytes, password: str) -> bytes:
+    key = derive_key(password, salt)
+    aesgcm = AESGCM(key)
+    return aesgcm.decrypt(nonce, ciphertext, None)

gbkomi-0.1.0/src/gbkomi/exceptions.py

@@ -0,0 +1,10 @@
+class GBKomiError(Exception):
+    """Base exception for gbkomi."""
+
+
+class VaultDecryptionError(GBKomiError):
+    """Raised when vault decryption fails."""
+
+
+class VaultFormatError(GBKomiError):
+    """Raised when vault format is invalid."""

gbkomi-0.1.0/src/gbkomi/vault.py

@@ -0,0 +1,79 @@
+import json
+import base64
+from pathlib import Path
+
+from .crypto import encrypt_bytes, decrypt_bytes
+from .exceptions import VaultDecryptionError, VaultFormatError
+
+
+MAGIC = "GBK1"
+
+
+def _b64e(data: bytes) -> str:
+    return base64.b64encode(data).decode("utf-8")
+
+
+def _b64d(data: str) -> bytes:
+    return base64.b64decode(data.encode("utf-8"))
+
+
+def create_vault(path: str, password: str) -> None:
+    payload = {}
+    save_vault(path, payload, password)
+
+
+def load_vault(path: str, password: str) -> dict:
+    p = Path(path)
+    raw = json.loads(p.read_text(encoding="utf-8"))
+
+    if raw.get("magic") != MAGIC:
+        raise VaultFormatError("Invalid vault file format.")
+
+    try:
+        plaintext = decrypt_bytes(
+            _b64d(raw["salt"]),
+            _b64d(raw["nonce"]),
+            _b64d(raw["ciphertext"]),
+            password,
+        )
+    except Exception as e:
+        raise VaultDecryptionError("Unable to decrypt vault. Wrong password or corrupted file.") from e
+
+    return json.loads(plaintext.decode("utf-8"))
+
+
+def save_vault(path: str, data: dict, password: str) -> None:
+    plaintext = json.dumps(data, ensure_ascii=False, separators=(",", ":")).encode("utf-8")
+    encrypted = encrypt_bytes(plaintext, password)
+
+    payload = {
+        "magic": MAGIC,
+        "version": 1,
+        "salt": _b64e(encrypted["salt"]),
+        "nonce": _b64e(encrypted["nonce"]),
+        "ciphertext": _b64e(encrypted["ciphertext"]),
+    }
+
+    Path(path).write_text(json.dumps(payload, indent=2), encoding="utf-8")
+
+
+def set_secret(path: str, password: str, key: str, value: str) -> None:
+    data = load_vault(path, password)
+    data[key] = value
+    save_vault(path, data, password)
+
+
+def get_secret(path: str, password: str, key: str) -> str:
+    data = load_vault(path, password)
+    return data[key]
+
+
+def delete_secret(path: str, password: str, key: str) -> None:
+    data = load_vault(path, password)
+    data.pop(key, None)
+    save_vault(path, data, password)
+
+
+def list_secrets(path: str, password: str) -> list[str]:
+    data = load_vault(path, password)
+    return sorted(data.keys())

gbkomi-0.1.0/src/gbkomi.egg-info/PKG-INFO

@@ -0,0 +1,26 @@
+Metadata-Version: 2.4
+Name: gbkomi
+Version: 0.1.0
+Summary: Secure encrypted token storage for Python
+Author-email: Your Name <qqqwwweeeshah@gmail.com>
+License: MIT
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: cryptography>=42.0.0
+Requires-Dist: argon2-cffi>=23.1.0
+
+# gbkomi
+
+Secure encrypted token storage for Python using Argon2id + AES-256-GCM.
+
+## Features
+
+- Store secrets in encrypted `.gbkomi` files
+- Password-based encryption
+- CLI for managing secrets
+- Authenticated encryption with AES-GCM
+- Strong key derivation with Argon2id
+
+## Install
+```bash
+pip install gbkomi

gbkomi-0.1.0/src/gbkomi.egg-info/SOURCES.txt

@@ -0,0 +1,13 @@
+README.md
+pyproject.toml
+src/gbkomi/__init__.py
+src/gbkomi/cli.py
+src/gbkomi/crypto.py
+src/gbkomi/exceptions.py
+src/gbkomi/vault.py
+src/gbkomi.egg-info/PKG-INFO
+src/gbkomi.egg-info/SOURCES.txt
+src/gbkomi.egg-info/dependency_links.txt
+src/gbkomi.egg-info/entry_points.txt
+src/gbkomi.egg-info/requires.txt
+src/gbkomi.egg-info/top_level.txt

gbkomi-0.1.0/src/gbkomi.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

gbkomi-0.1.0/src/gbkomi.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+gbkomi = gbkomi.cli:main

gbkomi-0.1.0/src/gbkomi.egg-info/requires.txt

@@ -0,0 +1,2 @@
+cryptography>=42.0.0
+argon2-cffi>=23.1.0

gbkomi-0.1.0/src/gbkomi.egg-info/top_level.txt

@@ -0,0 +1 @@
+gbkomi