shaytan/rdgen
1
0
Fork 1
mirror of https://github.com/bryangerlach/rdgen.git synced 2026-03-04 12:55:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

encryption stuff testing

Browse Source
This commit is contained in:
Bryan Gerlach
2026-01-11 10:55:11 -06:00
parent 50bfe2a996
commit c062b45957
1 changed files with 39 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
.github/workflows/generator-windows.yml vendored
View File

@@ -99,30 +99,48 @@ jobs:
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import padding
private_key = serialization.load_pem_private_key(
os.environ['PRIVATE_KEY'].encode(),
password=None
)
encrypted_key_bytes = base64.b64decode(os.environ['ENCRYPTED_KEY'])
session_key = private_key.decrypt(
encrypted_key_bytes,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None
try:
# 1. Load Private Key
private_key_raw = os.environ.get('PRIVATE_KEY', '')
private_key = serialization.load_pem_private_key(
private_key_raw.encode(),
password=None
)
)
fernet = Fernet(session_key)
decrypted_json = fernet.decrypt(os.environ['ENCRYPTED_DATA'].encode()).decode('utf-8')
data = json.loads(decrypted_json)
# 2. Decrypt the Session Key
# Ensure we strip any accidental whitespace
encrypted_key_b64 = os.environ.get('ENCRYPTED_KEY', '').strip()
encrypted_key_bytes = base64.b64decode(encrypted_key_b64)
session_key = private_key.decrypt(
encrypted_key_bytes,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None
)
)
with open(os.environ['GITHUB_ENV'], 'a') as f:
for key, value in data.items():
# This prevents the value from appearing in ANY logs
print(f"::add-mask::{value}")
f.write(f"{key}={value}\n")
# 3. Decrypt the Data Bundle
# Fernet keys must be the exact bytes we decrypted
fernet = Fernet(session_key)
encrypted_data_str = os.environ.get('ENCRYPTED_DATA', '').strip()
# Convert string back to bytes for Fernet
decrypted_json = fernet.decrypt(encrypted_data_str.encode()).decode('utf-8')
data = json.loads(decrypted_json)
with open(os.environ['GITHUB_ENV'], 'a') as f:
for key, value in data.items():
print(f"::add-mask::{value}")
f.write(f"VAR_{key.upper()}={value}\n")
except Exception as e:
print(f"Decryption failed! Error: {str(e)}")
# Print the first 10 chars of data to see if it's empty/malformed (safe)
print(f"Data snippet: {os.environ.get('ENCRYPTED_DATA', '')[:10]}...")
exit(1)
- name: Export GitHub Actions cache environment variables
uses: actions/github-script@v6