是否可以在不提供主密码的情况下访问Windows中的密钥环? [英] Is there a way to access the keyring in Windows without giving a master password?

问题描述

我正在与一位同事一起开发脚本，该脚本涉及连接到数据库.我们希望使代码独立于我们中的哪个人使用它，同时将我们的密码保密，而不必在工作日内一遍又一遍地进行身份验证.经过一番搜索(我们都是Python的新手)之后，看来我们可以为此使用密钥环，因此我从pip(基于我对安装日期的记忆，很可能是该库的1.2.2版)中安装了它. /p>

问题是，当我尝试访问存储的密码时，系统会提示我设置一个主密码来访问密钥环，如下所示(来自IDLE):

>>> import keyring
>>> keyring.set_password('Service', 'MyUsername', 'MyPassword')

Warning (from warnings module):
  File "C:\Python27\lib\getpass.py", line 92
  return fallback_getpass(prompt, stream)
GetPassWarning: Can not control echo on the terminal.
Warning: Password input may be echoed.
Please enter password for encrypted keyring:

设置密码后，我可以轻松获取和设置密码，直到重新启动外壳程序为止.现在，我必须再次输入主密码:

>>> ================================ RESTART ================================
>>> import keyring
>>> print keyring.get_password('Service', 'MyUsername')

Warning (from warnings module):
  File "C:\Python27\lib\getpass.py", line 92
    return fallback_getpass(prompt, stream)
GetPassWarning: Can not control echo on the terminal.
Warning: Password input may be echoed.
Please enter password for encrypted keyring:

输入主密码后，此身份验证仅在当前会话期间/重启之间持续存在.从命令行运行脚本时，情况更糟-每次运行脚本时，我都必须进行身份验证.在这一点上，密匙环并不能节省我的时间或精力，而且我怀疑它使我的密码比起记忆和手动输入更加安全.

在寻找解决方案之后，如果主密码与用户帐户的密码相同，则看起来像是密匙环将在Unix上自动进行身份验证，但这在Windows上对我不起作用.

我是不是试图让钥匙圈去做一些本来不应该做的事情，或者我的实现中只是一个错误?

我的经验似乎与另一位用户的说法相抵触，该用户声称当应用程序尝试访问相关问题解决方案

您正在使用哪个后端?检查使用:

>>> from keyring import get_keyring
>>> get_keyring()
[... what is output here?]

如果输出以下内容:

<keyring.backends.file.EncryptedKeyring object at 0x.....>

这就是为什么它要求输入密码.该模块找不到要使用的任何平台特定的密钥环，因此它只是使用主密码对密码进行加密，然后将其放入普通文件中.

就我个人而言，脚本无人看管比密码安全对我来说更重要，因此我编写了此函数:

def configureKeyring():
    """
    EncryptedKeyring requires a master password to unlock it, which is not ideal
    for our scripts since we want them to run unattended. So if we're using
    EncryptedKeyring, automatically swap to a PlaintextKeyring instead.

    If we're using something else, say WinVaultKeyring, then that's more secure
    than PlaintextKeyring without being any less convenient, so we'll use it.
    """
    from keyring               import get_keyring, set_keyring
    from keyring.backends.file import EncryptedKeyring, PlaintextKeyring

    if isinstance(get_keyring(), EncryptedKeyring):
        set_keyring(PlaintextKeyring())

在使用keyring到set_password或get_password之前，请运行此功能configureKeyring()，如果您像我一样，认为不需要插入主密码就可以保护密码安全.在执行此操作之前，请了解以明文形式存储密码的安全隐患.

一个更好的长期解决方案是可能研究所有其他可用的后端并安装适当的前提条件，以便可以使用其他前提条件(如果存在不需要输入主密码且只需输入密码的情况).登录就足够了.

I'm developing a script with a co-worker that involves connecting to a database. We want to keep the code independent of which one of us uses it, while keeping our passwords private and not having to authenticate over and over during the workday. After some searching (we are both novices in Python) it seems that we can use keyring for this purpose, so I installed it from pip (most likely version 1.2.2 of the library, based on my memory of the installation date).

The problem is that when I try to access my stored passwords, I am prompted to set a master password to access the keyring, as shown here (from IDLE):

>>> import keyring
>>> keyring.set_password('Service', 'MyUsername', 'MyPassword')

Warning (from warnings module):
  File "C:\Python27\lib\getpass.py", line 92
  return fallback_getpass(prompt, stream)
GetPassWarning: Can not control echo on the terminal.
Warning: Password input may be echoed.
Please enter password for encrypted keyring:

After setting the password, I can get and set passwords easily, until I restart the shell. Now I have to enter the master password again:

>>> ================================ RESTART ================================
>>> import keyring
>>> print keyring.get_password('Service', 'MyUsername')

Warning (from warnings module):
  File "C:\Python27\lib\getpass.py", line 92
    return fallback_getpass(prompt, stream)
GetPassWarning: Can not control echo on the terminal.
Warning: Password input may be echoed.
Please enter password for encrypted keyring:

After entering the master password, this authentication persists only during the current session/between restarts. When running scripts from the command line, it's even worse - I have to authenticate every time the script is run. At this point, keyring is not saving me any time or effort, and I doubt it's making my password any more secure vs. memorization and manual entry.

After searching for solutions, it looks like keyring will automatically authenticate on Unix if the master password is the same as the password for the user account, but this didn't work for me on Windows.

Am I trying to get keyring to do something it's not meant to do, or is there just an error in my implementation?

My experience seems to conflict with that reported by another user who claims (s)he is not prompted for a password when an application tries to access the keyring in the related question, How does python-keyring work on Windows?

解决方案

Which backend are you using? Check using:

>>> from keyring import get_keyring
>>> get_keyring()
[... what is output here?]

If it outputs this:

<keyring.backends.file.EncryptedKeyring object at 0x.....>

Then that's why it's requesting a password. The module failed to find any platform specific keyring to use, so it's instead just encrypting your passwords using a master password and placing them into an ordinary file.

Personally, it's more important to me that my scripts run unattended than that my passwords are secure, so I wrote this function:

def configureKeyring():
    """
    EncryptedKeyring requires a master password to unlock it, which is not ideal
    for our scripts since we want them to run unattended. So if we're using
    EncryptedKeyring, automatically swap to a PlaintextKeyring instead.

    If we're using something else, say WinVaultKeyring, then that's more secure
    than PlaintextKeyring without being any less convenient, so we'll use it.
    """
    from keyring               import get_keyring, set_keyring
    from keyring.backends.file import EncryptedKeyring, PlaintextKeyring

    if isinstance(get_keyring(), EncryptedKeyring):
        set_keyring(PlaintextKeyring())

Before you use keyring to set_password or get_password, run this function configureKeyring(), if you, like me, value not needing to insert a master password over keeping your passwords safe. Please understand the security implications that you are storing your passwords in plaintext before doing this.

A better long term solution is to probably investigate all the other available backends and install the proper pre-reqs so that a different one can be used, if one exists where you don't need to input a master password and simply being logged in is sufficient.

这篇关于是否可以在不提供主密码的情况下访问Windows中的密钥环?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！