add try-luks-from-kdbx.py

Signed-off-by: Martin Matous <m@matous.dev>
2023-09-24 02:24:34 +02:00 · 2023-09-24 02:24:34 +02:00 · 5f17d90c7b
commit 5f17d90c7b
parent 12bb69a61c
2 changed files with 40 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -131,4 +131,17 @@ Status: one-off

 Dependencies: apparmor

-Usage: `sync-apparmor.py <src> <dst>`
+Usage: `sync-apparmor.py <src> <dst>`
+
+
+## try-luks-from-kdbx.py
+Retrieve known password for a LUKS volume from a KeePass DB.
+
+For those moments when you forget the name of or
+mislabel your DB entry.
+
+Status: one-off
+
+Dependencies: pykeepass
+
+Usage: `try-luks-from-kdbx.py /path/to/kdbx /path/to/block-device`
--- a/try-luks-from-kdbx.py
+++ b/try-luks-from-kdbx.py
@ -0,0 +1,26 @@
+#!/usr/bin/env python3
+
+import getpass
+import subprocess
+import sys
+
+from pykeepass import PyKeePass
+
+if len(sys.argv) < 3:
+	print(f'Usage: {sys.argv[0]} /path/to/kdbx /path/to/block-device\n')
+
+pwd = getpass.getpass('Enter database password:\n')
+kp = PyKeePass(sys.argv[1], password=pwd)
+cmd = ['cryptsetup', 'open', '--test-passphrase', sys.argv[2]]
+for entry in kp.entries:
+	res = subprocess.run(
+		cmd,
+		stdout=subprocess.DEVNULL,
+		stderr=subprocess.DEVNULL,
+		input=entry.password.encode()  # input accepts bytes, not str
+		)
+	if res.returncode == 0:
+		print(f'Password found: {entry.title}\npw: {entry.password}')
+		break
+	else:
+		print(f'Entry "{entry.title}" not a match')