def test_sign_and_encrypt(self):
# Let's imagine we've just got sent the key from the key-sending side
keydata = open(self.sender_key, "rb").read()
# for some reason pgpy does not like the stray data before
# https://github.com/SecurityInnovation/PGPy/issues/218
keydata = keydata[keydata.index('-----'):]
# We find out what UIDs the sender key has
keys = get_usable_keys(homedir=self.sender_homedir)
assert_equals(1, len(keys))
key = keys[0]
uids = key.uidslist
del key
del keys
# We are the receiver and we sign the sender's key.
# This is a tuple (uid, encrypted)
uid_encrypted = list(
sign_keydata_and_encrypt(keydata,
error_cb=None,
homedir=self.receiver_homedir))
assert_equals(len(uids), len(uid_encrypted))
signatures_before = {}
signatures_after = {}
import pgpy
pgpykeys = pgpy.PGPKey.from_blob(keydata)
log.info("Loaded Keys: %r", pgpykeys)
k = pgpykeys[0]
for uid in k.userids:
# We make the UID a string, because we might not get the
# very same object back later. And I don't know whether
# the dict uses "is" or "eq" for finding members
signatures_before[u"{}".format(uid)] = uid._signatures
for plain_uid, enc_uid in zip(uids, uid_encrypted):
uid_from_signing = enc_uid[0]
signed_uid = enc_uid[1]
# The test doesn't work so well, because comments
# are not rendered :-/
# assert_in(uid.uid, [e[0] for e in uid_encrypted])
# Decrypt...
from monkeysign.gpg import Keyring
# We sent back the key to the key-sending side
kr = Keyring(homedir=self.sender_homedir)
log.info("encrypted UID: %r", enc_uid)
decrypted = kr.decrypt_data(signed_uid)
log.info("ctx out: %r", kr.context.stdout)
log.info("ctx err: %r", kr.context.stderr)
assert_true(decrypted, "Error decrypting %r" % signed_uid)
# Now we have the signed UID. We want see if it really carries a signature.
pgpykeys = pgpy.PGPKey.from_blob(decrypted)
log.info("Loaded Signed Keys: %r", pgpykeys)
k = pgpykeys[0]
# assert_equal(uid_from_signing, k.userids[0])
assert_equal(len(k.userids), 1)
uid = k.userids[0]
uidstr = u"{}".format(uid)
assert_in(uidstr, signatures_before)
# Now we have the signed UID. We want see if it really carries a signature.
signatures_after[uidstr] = uid._signatures
assert_less(len(signatures_before[uidstr]),
len(signatures_after[uidstr]))
def test_get_usable_key_no_pattern(self):
keys = get_usable_keys(homedir=self.homedir)
assert_equals(1, len(keys))
key = keys[0]
assert_equals(self.originalkey, key)
def test_get_usable_key_fpr(self):
fpr = self.originalkey.fingerprint
keys = get_usable_keys(fpr, homedir=self.homedir)
assert_equals(1, len(keys))
key = keys[0]
assert_equals(fpr, self.originalkey.fingerprint)
def test_get_empty_usable_keys():
homedir = tempfile.mkdtemp()
keys = get_usable_keys(homedir=homedir)
assert_equals(0, len(keys))