def decrypt_entry(self, identity=None, passphrase=None, card_slot=None):
####################################################################
"""Decrypt this password entry for a particular identity
(usually the user)"""
####################################################################
try:
recipient_entry = self.recipients[identity["name"]]
except KeyError as err:
raise NotARecipientError(
f"Identity '{identity}' is not on the recipient list for password '{self.metadata['name']}'"
) from err
try:
# support old yaml format
return pk_decrypt_string(
recipient_entry["encrypted_secret"],
recipient_entry["derived_key"],
identity,
passphrase,
card_slot,
)
except KeyError:
try:
# support rsa
if "key" in identity and identity["key"]:
for _, value in recipient_entry["encrypted_secrets"].items():
return pk_decrypt_string(
value["encrypted_secret"],
value["derived_key"],
identity,
passphrase,
)
else:
cert_key = get_card_fingerprint(card_slot=card_slot)
return pk_decrypt_string(
recipient_entry["encrypted_secrets"][cert_key][
"encrypted_secret"
],
recipient_entry["encrypted_secrets"][cert_key]["derived_key"],
identity,
passphrase,
card_slot,
)
except DecryptionError as err:
msg = create_error_message(recipient_entry["timestamp"], card_slot)
raise DecryptionError(
f"Error decrypting password named '{self.metadata['name']}'. {msg}"
) from err
except KeyError as err:
raise DecryptionError(
f"Error decrypting password named '{self.metadata['name']}'. Appropriate private key not found"
) from err
except DecryptionError as err:
msg = create_error_message(recipient_entry["timestamp"], card_slot)
raise DecryptionError(
f"Error decrypting password named '{self.metadata['name']}'. {msg}"
) from err
def decrypt_entry(self, identity=None, passphrase=None, card_slot=None):
""" Decrypt this password entry for a particular identity
(usually the user) """
#######################################################################
try:
recipient_entry = self.recipients[identity['uid']]
except KeyError:
raise NotARecipientError(
"Identity '%s' is not on the recipient list for password '%s'" %
(identity['uid'], self.metadata['name']))
try:
# support old yaml format
return crypto.pk_decrypt_string(
recipient_entry['encrypted_secret'],
recipient_entry['derived_key'],
identity,
passphrase,
card_slot)
except KeyError:
try:
# support rsa
if 'key_path' in identity.keys():
for _, value in recipient_entry['encrypted_secrets'].items():
return crypto.pk_decrypt_string(
value['encrypted_secret'],
value['derived_key'],
identity,
passphrase
)
else:
cert_key = crypto.get_card_fingerprint()
return crypto.pk_decrypt_string(
recipient_entry['encrypted_secrets'][cert_key]['encrypted_secret'],
recipient_entry['encrypted_secrets'][cert_key]['derived_key'],
identity,
passphrase,
card_slot)
except DecryptionError:
msg = create_error_message(recipient_entry['timestamp'], card_slot)
raise DecryptionError(
"Error decrypting password named '%s'. %s" %
(self.metadata['name'], msg))
except KeyError:
raise DecryptionError(
"Error decrypting password named '%s'. Appropriate private key not found" %
self.metadata['name'])
except DecryptionError:
msg = create_error_message(recipient_entry['timestamp'], card_slot)
raise DecryptionError("Error decrypting password named '%s'. %s" %
(self.metadata['name'], msg))
def test_encrypt_string(self):
"""Test encrypting a string"""
results = []
for _, identity in self.identities.iddb.items():
results.append(crypto.pk_encrypt_string(self.plaintext, identity['certs'][0]['cert_bytes']))
self.assertTrue(results[0] != results[1])
# Encrypt/Decrypt strings for all test identities and make sure we get back what we put in
for _, identity in self.identities.iddb.items():
(ciphertext, derived_key) = crypto.pk_encrypt_string(
self.plaintext, identity['certs'][0]['cert_bytes'])
plaintext = crypto.pk_decrypt_string(
ciphertext, derived_key, identity, None)
self.assertEqual(self.plaintext, plaintext)
def test_encrypt_string(self):
"""Test encrypting a string"""
results = []
for identity in self.session.query(Recipient).all():
cert = (self.session.query(Cert).filter(
Cert.recipients.contains(identity)).first())
results.append(pk_encrypt_string(self.plaintext, cert.cert_bytes))
self.assertTrue(results[0] != results[1])
# Encrypt/Decrypt strings for all test identities and make sure we get back what we put in
for identity in self.session.query(Recipient).all():
cert = (self.session.query(Cert).filter(
Cert.recipients.contains(identity)).first())
(ciphertext,
derived_key) = pk_encrypt_string(self.plaintext, cert.cert_bytes)
plaintext = pk_decrypt_string(ciphertext, derived_key,
dict(identity), None)
self.assertEqual(self.plaintext, plaintext)
def decrypt_entry(self, identity=None, passphrase=None, card_slot=None):
""" Decrypt this password entry for a particular identity (usually the user) """
#######################################################################
try:
recipient_entry = self.recipients[identity['uid']]
except KeyError:
raise NotARecipientError(
"Identity '%s' is not on the recipient list for password '%s'"
% (identity['uid'], self.metadata['name']))
try:
return crypto.pk_decrypt_string(
recipient_entry['encrypted_secret'],
recipient_entry['derived_key'], identity, passphrase,
card_slot)
except DecryptionError:
raise DecryptionError(
"Error decrypting password named '%s'. Perhaps a bad pin/passphrase?"
% self.metadata['name'])