def test_parse_encrypted(self): rawdata = self.load_data("v4_secret_encrypted.gpg") data = BinaryData(rawdata) packets = list(data.packets()) self.assertEqual(7, len(packets)) subs_seen = 0 for packet in packets: self.assertFalse(packet.new) if isinstance(packet, SecretSubkeyPacket): subs_seen += 1 if subs_seen == 1: # elg packet self.assertEqual("elg", packet.pub_algorithm_type) self.assertEqual(254, packet.s2k_id) self.assertEqual("Iterated and Salted S2K", packet.s2k_type) self.assertEqual("8d 89 bd df 01 0e 22 cd", packet.s2k_iv) elif subs_seen == 2: # rsa packet self.assertEqual("rsa", packet.pub_algorithm_type) self.assertEqual(254, packet.s2k_id) self.assertEqual("Iterated and Salted S2K", packet.s2k_type) self.assertEqual("09 97 6b f5 d4 28 41 1d", packet.s2k_iv) elif isinstance(packet, SecretKeyPacket): self.assertEqual("dsa", packet.pub_algorithm_type) self.assertEqual(254, packet.s2k_id) self.assertEqual("Iterated and Salted S2K", packet.s2k_type) self.assertEqual("CAST5", packet.s2k_cipher) self.assertEqual("SHA1", packet.s2k_hash) self.assertEqual("c3 87 eb ca 9b ce bc 78", packet.s2k_iv)
def test_parse_linus_binary(self): with open('linus.gpg', 'rb') as keyfile: rawdata = keyfile.read() data = BinaryData(rawdata) packets = list(data.packets()) self.assertEqual(44, len(packets)) seen = 0 for packet in packets: # all 44 packets are of the known 'old' variety self.assertFalse(packet.new) if isinstance(packet, SignaturePacket): # a random signature plucked off the key if packet.key_id == 0xE7BFC8EC95861109: seen += 1 self.check_sig_packet(packet, 540, 4, 0x10, 1319560576, 0xE7BFC8EC95861109, 1, 8) self.assertEqual(2, len(packet.subpackets)) # a particularly dastardly sig- a ton of hashed sub parts, # this is the "positive certification packet" elif packet.key_id == 0x79BE3E4300411886 and \ packet.raw_sig_type == 0x13: seen += 1 self.check_sig_packet(packet, 312, 4, 0x13, 1316554898, 0x79BE3E4300411886, 1, 2) self.assertEqual(8, len(packet.subpackets)) # another sig from key above, the "subkey binding sig" elif packet.key_id == 0x79BE3E4300411886 and \ packet.raw_sig_type == 0x18: seen += 1 self.check_sig_packet(packet, 287, 4, 0x18, 1316554898, 0x79BE3E4300411886, 1, 2) self.assertEqual(3, len(packet.subpackets)) self.assertEqual(3, seen)
def test_parse_v3_pubkeys(self): '''Two older version 3 public keys.''' rawdata = self.load_data('v3pubkeys.gpg') data = BinaryData(rawdata) packets = list(data.packets()) self.assertEqual(2, len(packets)) packet = packets[0] self.assertTrue(isinstance(packet, PublicKeyPacket)) self.assertEqual(1, packet.raw_pub_algorithm) self.assertEqual("rsa", packet.pub_algorithm_type) self.assertEqual(944849149, packet.raw_creation_time) self.assertIsNone(packet.expiration_time) self.assertIsNotNone(packet.modulus) self.assertEqual(2048, packet.modulus_bitlen) self.assertIsNotNone(packet.exponent) self.assertEqual(b"3FC0BF6B", packet.key_id) self.assertEqual(b"7D263C88A1AB7737E31150CB4F3A211A", packet.fingerprint) packet = packets[1] self.assertTrue(isinstance(packet, PublicKeyPacket)) self.assertEqual(1, packet.raw_pub_algorithm) self.assertEqual("rsa", packet.pub_algorithm_type) self.assertEqual(904151571, packet.raw_creation_time) self.assertIsNone(packet.expiration_time) self.assertIsNotNone(packet.modulus) self.assertEqual(1024, packet.modulus_bitlen) self.assertIsNotNone(packet.exponent) self.assertEqual(b"3DDE776D", packet.key_id) self.assertEqual(b"48A4F9F891F093019BC7FC532A3C5692", packet.fingerprint)
def signature(self): try: data = b64decode(self.pgp_signature) except TypeError: return None data = BinaryData(data) packets = list(data.packets()) return packets[0]
def test_parse_partial_length(self): '''This file contains an encrypted message with a Partial Body Length header Reference: http://tools.ietf.org/html/rfc4880#section-4.2.2.4 ''' rawdata = self.load_data('partial_length.gpg') data = BinaryData(rawdata) packets = list(data.packets()) self.assertEqual(2, len(packets))
def signature(self): try: data = b64decode(self.pgp_signature.encode('utf-8')) except TypeError: return None if not data: return None data = BinaryData(data) packets = list(data.packets()) return packets[0]
def test_parse_plain(self): """ The raw values below were extracted from the c version of pgpdump. The hex strings it outputs were converted to base 10 by running the following function over the hex strings: def to_int(x): return int(x.replace(' ', ''), 16) """ rawdata = self.load_data("v4_secret_plain.gpg") data = BinaryData(rawdata) packets = list(data.packets()) self.assertEqual(7, len(packets)) subs_seen = 0 for packet in packets: self.assertFalse(packet.new) if isinstance(packet, SecretSubkeyPacket): subs_seen += 1 if subs_seen == 1: # elg packet self.assertEqual("elg", packet.pub_algorithm_type) self.assertEqual(0, packet.s2k_id) self.assertEqual(None, packet.s2k_type) self.assertEqual(None, packet.s2k_iv) self.assertEqual( 245799026332407193298181926223748572866928987611495184689013385965880161244176879821250061522687647728L, packet.exponent_x, ) elif subs_seen == 2: # rsa packet self.assertEqual("rsa", packet.pub_algorithm_type) self.assertEqual(0, packet.s2k_id) self.assertEqual(None, packet.s2k_type) self.assertEqual(None, packet.s2k_iv) self.assertEqual( 107429307998432888320715351604215972074903508478185926034856042440678824041847327442082101397552291647796540657257050768251344941490371163761048934745124363183224819621105784780195398083026664006729876758821509430352212953204518272377415915285011886868211417421097179985188014641310204357388385968166040278287L, packet.multiplicative_inverse, ) self.assertEqual( 139930219416447408374822893460828502304441966752753468842648203646336195082149424690339775194932419616945814365656771053789999508162542355224095838373016952414720809190039261860912609841054241835835137530162417625471114503804567967161522096406622711734972153324109508774000862492521907132111400296639152885151L, packet.prime_p, ) self.assertEqual( 141774976438365791329330227605232641244334061384594969589427240157587195987726021563323880620442249788289724672124037112182500862823754846020398652238714637523098123565121790819658975965315629614215592460191153065569430777288475743983312129144619017542854009503581558744199305796137178366407180728113362644607L, packet.prime_q, ) self.assertEqual( 5830467418164177455383939797360032476940913805978768568081128075462505586965694225559897974113088818228809697270431492119090365699278285350171676334156873270109344274747057694689185206358606371235913423003163252354603704380371252575866102476793736443620998412227609599802054206292004785471167177881398711806191315950196087041018693839148033680564198494910540148825273531803832541184563811332315506727878483469747798396155096313345751606322830230368849084875744911041500024805242117661173352379509490605300753957220916597285056567409410296154792321206401452887335121085203916552891062930596871199021743741984622581173L, packet.exponent_d, ) elif isinstance(packet, SecretKeyPacket): self.assertEqual("dsa", packet.pub_algorithm_type) self.assertEqual(254, packet.s2k_id) self.assertEqual("GnuPG S2K", packet.s2k_type) self.assertEqual("CAST5", packet.s2k_cipher) self.assertEqual("SHA1", packet.s2k_hash) self.assertEqual(None, packet.s2k_iv)
def test_parse_linus_binary(self): rawdata = self.load_data("linus.gpg") data = BinaryData(rawdata) packets = list(data.packets()) self.assertEqual(44, len(packets)) seen = 0 for packet in packets: # all 44 packets are of the known 'old' variety self.assertFalse(packet.new) if isinstance(packet, SignaturePacket): # a random signature plucked off the key if packet.key_id == b"E7BFC8EC95861109": seen += 1 self.check_sig_packet(packet, 540, 4, 0x10, 1319560576, b"E7BFC8EC95861109", 1, 8) self.assertEqual(2, len(packet.subpackets)) # a particularly dastardly sig- a ton of hashed sub parts, # this is the "positive certification packet" elif packet.key_id == b"79BE3E4300411886" and packet.raw_sig_type == 0x13: seen += 1 self.check_sig_packet(packet, 312, 4, 0x13, 1316554898, b"79BE3E4300411886", 1, 2) self.assertEqual(8, len(packet.subpackets)) # another sig from key above, the "subkey binding sig" elif packet.key_id == b"79BE3E4300411886" and packet.raw_sig_type == 0x18: seen += 1 self.check_sig_packet(packet, 287, 4, 0x18, 1316554898, b"79BE3E4300411886", 1, 2) self.assertEqual(3, len(packet.subpackets)) elif isinstance(packet, PublicSubkeyPacket): seen += 1 self.assertEqual(4, packet.pubkey_version) self.assertEqual(1316554898, packet.raw_creation_time) self.assertEqual(1, packet.raw_pub_algorithm) self.assertIsNotNone(packet.modulus) self.assertEqual(65537, packet.exponent) self.assertEqual(b"012F54CA", packet.fingerprint[32:]) elif isinstance(packet, PublicKeyPacket): seen += 1 self.assertEqual(4, packet.pubkey_version) self.assertEqual(1316554898, packet.raw_creation_time) self.assertEqual(1, packet.raw_pub_algorithm) self.assertEqual("RSA Encrypt or Sign", packet.pub_algorithm) self.assertIsNotNone(packet.modulus) self.assertEqual(65537, packet.exponent) self.assertEqual(b"ABAF11C65A2970B130ABE3C479BE3E4300411886", packet.fingerprint) self.assertEqual(b"79BE3E4300411886", packet.key_id) elif isinstance(packet, UserIDPacket): seen += 1 self.assertEqual("Linus Torvalds", packet.user_name) self.assertEqual("*****@*****.**", packet.user_email) self.assertEqual(6, seen)
def test_parse_single_sig_packet(self): base64_sig = b"iEYEABECAAYFAk6A4a4ACgkQXC5GoPU6du1ATACgodGyQne3Rb7"\ b"/eHBMRdau1KNSgZYAoLXRWt2G2wfp7haTBjJDFXMGsIMi" sig = base64.b64decode(base64_sig) data = BinaryData(sig) packets = list(data.packets()) self.assertEqual(1, len(packets)) sig_packet = packets[0] self.assertFalse(sig_packet.new) self.check_sig_packet(sig_packet, 70, 4, 0, 1317069230, 0x5C2E46A0F53A76ED, 17, 2) self.assertEqual(2, len(sig_packet.subpackets))
def test_parse_single_sig_packet(self): base64_sig = ( b"iEYEABECAAYFAk6A4a4ACgkQXC5GoPU6du1ATACgodGyQne3Rb7" b"/eHBMRdau1KNSgZYAoLXRWt2G2wfp7haTBjJDFXMGsIMi" ) sig = base64.b64decode(base64_sig) data = BinaryData(sig) packets = list(data.packets()) self.assertEqual(1, len(packets)) sig_packet = packets[0] self.assertFalse(sig_packet.new) self.check_sig_packet(sig_packet, 70, 4, 0, 1317069230, b"5C2E46A0F53A76ED", 17, 2) self.assertEqual(2, len(sig_packet.subpackets)) self.assertEqual(["Signature Creation Time", "Issuer"], [sp.name for sp in sig_packet.subpackets])
def test_parse_plain(self): '''The raw values below were extracted from the C version of pgpdump. The hex strings it outputs were converted to base 10 by running the following function over the hex strings: def to_int(x): return int(x.replace(' ', ''), 16) ''' rawdata = self.load_data('v4_secret_plain.gpg') data = BinaryData(rawdata) packets = list(data.packets()) self.assertEqual(7, len(packets)) subs_seen = 0 for packet in packets: self.assertFalse(packet.new) if isinstance(packet, SecretSubkeyPacket): subs_seen += 1 if subs_seen == 1: # elg packet self.assertEqual("elg", packet.pub_algorithm_type) self.assertEqual(0, packet.s2k_id) self.assertEqual(None, packet.s2k_type) self.assertEqual(None, packet.s2k_iv) self.assertEqual( 245799026332407193298181926223748572866928987611495184689013385965880161244176879821250061522687647728, packet.exponent_x) elif subs_seen == 2: # rsa packet self.assertEqual("rsa", packet.pub_algorithm_type) self.assertEqual(0, packet.s2k_id) self.assertEqual(None, packet.s2k_type) self.assertEqual(None, packet.s2k_iv) self.assertEqual( 107429307998432888320715351604215972074903508478185926034856042440678824041847327442082101397552291647796540657257050768251344941490371163761048934745124363183224819621105784780195398083026664006729876758821509430352212953204518272377415915285011886868211417421097179985188014641310204357388385968166040278287, packet.multiplicative_inverse) self.assertEqual( 139930219416447408374822893460828502304441966752753468842648203646336195082149424690339775194932419616945814365656771053789999508162542355224095838373016952414720809190039261860912609841054241835835137530162417625471114503804567967161522096406622711734972153324109508774000862492521907132111400296639152885151, packet.prime_p) self.assertEqual( 141774976438365791329330227605232641244334061384594969589427240157587195987726021563323880620442249788289724672124037112182500862823754846020398652238714637523098123565121790819658975965315629614215592460191153065569430777288475743983312129144619017542854009503581558744199305796137178366407180728113362644607, packet.prime_q) self.assertEqual( 5830467418164177455383939797360032476940913805978768568081128075462505586965694225559897974113088818228809697270431492119090365699278285350171676334156873270109344274747057694689185206358606371235913423003163252354603704380371252575866102476793736443620998412227609599802054206292004785471167177881398711806191315950196087041018693839148033680564198494910540148825273531803832541184563811332315506727878483469747798396155096313345751606322830230368849084875744911041500024805242117661173352379509490605300753957220916597285056567409410296154792321206401452887335121085203916552891062930596871199021743741984622581173, packet.exponent_d) elif isinstance(packet, SecretKeyPacket): self.assertEqual("dsa", packet.pub_algorithm_type) self.assertEqual(254, packet.s2k_id) self.assertEqual("GnuPG S2K", packet.s2k_type) self.assertEqual("CAST5", packet.s2k_cipher) self.assertEqual("SHA1", packet.s2k_hash) self.assertEqual(None, packet.s2k_iv)
def test_parse_compressed_zlib(self): msg = """-----BEGIN PGP MESSAGE----- Version: GnuPG v2 owFtUm1MFEcY5lAqnqJFWhpSautCLJiL7OzOfh0FQkREEpq0igk0hO7szh4b8A5u Dw6KJxVo09ZrKicSCfEDpY39OisfLUHx40RA6I8SiBJBw5Wm1ZqmVtQE0dI5Yn80 6fyZzDvP87zP884ciFoWFmnqSq0uGfAfHDGN3kFh+dOfZNdSyKHWUNZaqhQvbZpu t2FnuVO3uygrJSIRsRwCAmA4qCBOExTIiQJELIsEkRcVKGOJVWTKQpU4jBCDyCDZ wJt1B6mRQ7Gukur/4EuXLmhAA5UDKo8ZVeB5GUmMLAIWI8hptKoAXsYy0qAoIZZX BEaBDFQlUeGJMRmyEpKJJB2Sq1ySU0UNA5HVOCRigWWgxIsSQIQgYZljgRQCGthp l3djgsY12KA8FsqJqxylOJTe0G3EsEFZ36E0GWq0BgCrMowmYVrUGEmRNValaRIB KSwgM8Eaq/CIE1SORoBhaZ4BCGgc4ACmNaqIaJNuVbqyJP6sq013lVSi/zrZUWnP cstOLeTGVVMeKrkxKn5GLka6XSXvQjhV2GnoDjtlBQSpuPQQG0BIc4DnedFC4epy 3YmL9RCCE3iRJstClZOERJJRMcnEsyrkJGkHpoGmkbliBQqiKkPA8owkYh7IZO4s hwHLMrKEVU5RJcjQSMIiFcpTYXcQcZ4YlW1ElIzMLrsqnZjymD8Oj18eZooMey4i PPS5wswrn//3x9n+Wvs0LuVE58tNvQH3QHSPmrpxT3Fc3dbmrd4X824UDqQZD2yZ /uZXN0UYK5CFH0WzZzz3evCDfeKjvJgLP0/J6zK+f9LWbkmKXr5YdDjq7aj1bwze HdGyPTFfwc9d4depF8qy/f11/fPxPza2FYy4rNsZJ13ts+3sLqxKNL6JSF7XXHra tOFR+5aEnC+LzJe3rCnsSh27P6tuHM2AhV/jyT2DjcOb83OCC2m5Aw87UJWBRKbf slpYOHJjavxsVr69bY5POnHz+M2zq7tNuV3Tvp41H8xN1KavF7tX/nSfS8w8Op7R EhtpvxLu+9S9atuZg7u8rRvoU+dj9z6p9Fa044TJnDv+3EbvqXs9vcHb1oHjecN1 EzU1wYbUBcfv+eefPh57vW94U+rutILeIT144AvX+MmoCPO191v6Cs/d/kNYFWzy vXYp/d2p2bjrnuls3GX0ZczOBYINJ+Ojf6gv+0xKTI/wnTvUnvDRpWNN11plxuQU vA3s4K/bFnuZkk6rqe+XwOSQ/5Zrxu+r8L55eu8R2H+V+a7irYkCU3jcsg8TLPv3 /xk7XpqyMzZqJjC06DF12t6Lhe6W+bWBqytcHY230i/+lpKdMhSTOGMeeSmt9e5F 68N54XJHpuKG6VmPDx0ucfHJo/Vw7NvEC0fNenlu574rrzQl/e0pC9Tvoqe3e5PF fwA= =3Snw -----END PGP MESSAGE-----""".encode() data = AsciiData(msg) packets = list(data.packets()) self.assertEqual(packets[0].raw_compression_algo, 1) newpackets = list(BinaryData(packets[0].decompressed_data).packets()) self.assertEqual(len(newpackets), 3)
def test_parse_mode_1002(self): rawdata = self.load_data('secret_key_mode_1002.bin') data = BinaryData(rawdata) packets = list(data.packets()) self.assertEqual(7, len(packets)) for packet in packets: self.assertFalse(packet.new) if isinstance(packet, SecretKeyPacket): # this block matches both top-level and subkeys self.assertEqual("rsa", packet.pub_algorithm_type) self.assertEqual(255, packet.s2k_id) self.assertEqual("GnuPG S2K", packet.s2k_type) self.assertEqual("Plaintext or unencrypted", packet.s2k_cipher) self.assertEqual("Unknown", packet.s2k_hash) self.assertEqual(None, packet.s2k_iv)
def test_parse_junio(self): '''This key has a single user attribute packet, which also uses the new size format on the outer packet, which is rare.''' rawdata = self.load_data('junio.gpg') data = BinaryData(rawdata) packets = list(data.packets()) self.assertEqual(13, len(packets)) # 3 user ID packets self.assertEqual(4, sum(1 for p in packets if p.raw == 13)) # 4 signature packets self.assertEqual(6, sum(1 for p in packets if p.raw == 2)) # 1 public subkey packet self.assertEqual(1, sum(1 for p in packets if p.raw == 14)) # 1 user attribute packet self.assertEqual(1, sum(1 for p in packets if p.raw == 17)) # check the user attribute packet ua_packet = [p for p in packets if p.raw == 17][0] self.assertEqual("jpeg", ua_packet.image_format) self.assertEqual(1513, len(ua_packet.image_data))
def test_parse_encrypted(self): rawdata = self.load_data('v4_secret_encrypted.gpg') data = BinaryData(rawdata) packets = list(data.packets()) self.assertEqual(7, len(packets)) subs_seen = 0 for packet in packets: self.assertFalse(packet.new) if isinstance(packet, SecretSubkeyPacket): subs_seen += 1 if subs_seen == 1: # elg packet self.assertEqual("elg", packet.pub_algorithm_type) self.assertEqual(254, packet.s2k_id) self.assertEqual("Iterated and Salted S2K", packet.s2k_type) self.assertEqual( bytearray(b"\x8d\x89\xbd\xdf\x01\x0e\x22\xcd"), packet.s2k_iv) elif subs_seen == 2: # rsa packet self.assertEqual("rsa", packet.pub_algorithm_type) self.assertEqual(254, packet.s2k_id) self.assertEqual("Iterated and Salted S2K", packet.s2k_type) self.assertEqual( bytearray(b"\x09\x97\x6b\xf5\xd4\x28\x41\x1d"), packet.s2k_iv) elif isinstance(packet, SecretKeyPacket): self.assertEqual("dsa", packet.pub_algorithm_type) self.assertEqual(254, packet.s2k_id) self.assertEqual("Iterated and Salted S2K", packet.s2k_type) self.assertEqual("CAST5", packet.s2k_cipher) self.assertEqual("SHA1", packet.s2k_hash) self.assertEqual( bytearray(b"\xc3\x87\xeb\xca\x9b\xce\xbc\x78"), packet.s2k_iv)
def test_parse_dan(self): '''This key has DSA and ElGamal keys, which Linus' does not have.''' rawdata = self.load_data('dan.gpg') data = BinaryData(rawdata) packets = list(data.packets()) self.assertEqual(9, len(packets)) # 3 user ID packets self.assertEqual(3, sum(1 for p in packets if p.raw == 13)) # 4 signature packets self.assertEqual(4, sum(1 for p in packets if p.raw == 2)) seen = 0 for packet in packets: self.assertFalse(packet.new) if isinstance(packet, PublicSubkeyPacket): seen += 1 self.assertEqual(16, packet.raw_pub_algorithm) self.assertEqual("elg", packet.pub_algorithm_type) self.assertIsNotNone(packet.prime) self.assertIsNone(packet.group_order) self.assertIsNotNone(packet.group_gen) self.assertIsNotNone(packet.key_value) self.assertEqual(b"C3751D38", packet.fingerprint[32:]) elif isinstance(packet, PublicKeyPacket): seen += 1 self.assertEqual(17, packet.raw_pub_algorithm) self.assertEqual("dsa", packet.pub_algorithm_type) self.assertIsNotNone(packet.prime) self.assertIsNotNone(packet.group_order) self.assertIsNotNone(packet.group_gen) self.assertIsNotNone(packet.key_value) self.assertEqual(b"A5CA9D5515DC2CA73DF748CA5C2E46A0F53A76ED", packet.fingerprint) self.assertEqual(2, seen)
def parse_signature(sig_data: bytes) -> Signature: date = None keyid = None try: parsed = BinaryData(sig_data) except PgpdumpException as e: raise SigError(e) for x in parsed.packets(): if x.raw == 2: for sub in x.subpackets: if sub.subtype == 2: date = datetime.utcfromtimestamp( struct.unpack('>I', sub.data)[0]) if sub.subtype == 16: keyid = binascii.hexlify(sub.data).decode() if keyid is None: raise SigError("keyid missing") if date is None: raise SigError("date missing") return Signature(keyid, date)
def decrypt(request): if request.method != "POST": return HttpResponseNotAllowed(["POST"]) uploaded_file = request.FILES.get('file') if not uploaded_file: return HttpResponseBadRequest("Please supply a file upload.") # parse file for key id file_contents = uploaded_file.read() try: parsed_file = AsciiData(file_contents) except PgpdumpException: try: parsed_file = BinaryData(file_contents) except PgpdumpException: return HttpResponseBadRequest("Can't parse PGP file.") public_key_packet = next( packet for packet in parsed_file.packets() if type(packet) == PublicKeyEncryptedSessionKeyPacket) elgamal_key_id = public_key_packet.key_id # get key try: keypair = KeyPair.objects.get(elgamal_key_id=elgamal_key_id) except KeyPair.DoesNotExist: return HttpResponseBadRequest("No key was found matching this file.") if not keypair.private_key_file: return HttpResponseBadRequest( "We do not yet have a private key to decrypt this file (release date %s)." % keypair.release_date_display()) # decrypt output = gpg_decrypt(keypair.private_key_file, file_contents) if not output.ok: return HttpResponseBadRequest("Unable to decrypt file.") # deliver if output.data_filename: output_name = output.data_filename else: output_name = uploaded_file.name if output_name.endswith('.gpg'): output_name = output_name[:-4] return deliver_file(output.data, 'application/octet-stream', output_name)
def main(keyfile, expert): passphrase = None print("\nNitroinit - Create and import GnuPG keys to the Nitrokey\n") # No keyfile was given, thus create a new key and import this one if keyfile is None: print("No keyfile was provided. We create a new key, back it up and then import it to " + \ "the Nitrokey.") print("You can provide an existing key via '--keyfile' flag. Please use '--help' for " + \ "more information.") print("We start key creation now...\n") keyfile = create_key(expert) else: # get passphrase passphrase = getpass.getpass("Please provide passphrase of the key or hit enter if no " + \ "passphrase is used: ") # open key file and parse it to get the key packets with open(keyfile, 'rb') as f: if keyfile.endswith('.asc') or keyfile.endswith('.txt'): data = AsciiData(f.read(), secret_keys=True, passphrase=passphrase) else: data = BinaryData(f.read(), secret_keys=True, passphrase=passphrase) userid, keys = parse_packets(data.packets()) # TODO add test case for this keys = check_keys(keys) print_summary(userid, keys) # Do not import, dry-run only if dry: sys.exit(0) input("\nPlease press enter to start importing... (Ctrl-C otherwise)\n") import_keys(keys) print("\nImport successful.\n")
def signature(self): if not self.signature_bytes: return None data = BinaryData(self.signature_bytes) packets = list(data.packets()) return packets[0]
def signature(self): if not self.signature_bytes: return None data = BinaryData(self.signature_bytes) packets = list(data.packets()) return SignatureWrapper(packets[0])
def test_parse_exception(self): with self.assertRaises(Exception): BinaryData(None)
def get_pubkey_id_from_binary(data): generator = BinaryData(data) for packet in generator.packets(): if packet.raw == 6: return packet.key_id
def test_parse_linus_binary(self): rawdata = self.load_data('linus.gpg') data = BinaryData(rawdata) packets = list(data.packets()) self.assertEqual(44, len(packets)) seen = 0 for packet in packets: # all 44 packets are of the known 'old' variety self.assertFalse(packet.new) if isinstance(packet, SignaturePacket): # a random signature plucked off the key if packet.key_id == b"E7BFC8EC95861109": seen += 1 self.check_sig_packet(packet, 540, 4, 0x10, 1319560576, b"E7BFC8EC95861109", 1, 8) self.assertEqual(2, len(packet.subpackets)) # a particularly dastardly sig- a ton of hashed sub parts, # this is the "positive certification packet" elif packet.key_id == b"79BE3E4300411886" and \ packet.raw_sig_type == 0x13: seen += 1 self.check_sig_packet(packet, 312, 4, 0x13, 1316554898, b"79BE3E4300411886", 1, 2) self.assertEqual(8, len(packet.subpackets)) # another sig from key above, the "subkey binding sig" elif packet.key_id == b"79BE3E4300411886" and \ packet.raw_sig_type == 0x18: seen += 1 self.check_sig_packet(packet, 287, 4, 0x18, 1316554898, b"79BE3E4300411886", 1, 2) self.assertEqual(3, len(packet.subpackets)) elif isinstance(packet, PublicSubkeyPacket): seen += 1 self.assertEqual(4, packet.pubkey_version) self.assertEqual(1316554898, packet.raw_creation_time) self.assertEqual(1, packet.raw_pub_algorithm) self.assertIsNotNone(packet.modulus) self.assertEqual(2048, packet.modulus_bitlen) self.assertEqual(65537, packet.exponent) self.assertEqual(b"012F54CA", packet.fingerprint[32:]) elif isinstance(packet, PublicKeyPacket): seen += 1 self.assertEqual(4, packet.pubkey_version) self.assertEqual(1316554898, packet.raw_creation_time) self.assertEqual(1, packet.raw_pub_algorithm) self.assertEqual("RSA Encrypt or Sign", packet.pub_algorithm) self.assertIsNotNone(packet.modulus) self.assertEqual(2048, packet.modulus_bitlen) self.assertEqual(65537, packet.exponent) self.assertEqual(b"ABAF11C65A2970B130ABE3C479BE3E4300411886", packet.fingerprint) self.assertEqual(b"79BE3E4300411886", packet.key_id) elif isinstance(packet, UserIDPacket): seen += 1 self.assertEqual("Linus Torvalds", packet.user_name) self.assertEqual("*****@*****.**", packet.user_email) self.assertEqual(6, seen)