def test_encrypt_with_multiple_recipients(self):
# create two keypairs
pub1, priv1 = utils.keygen(self.name, self.email, self.passphrase)
pub2, priv2 = utils.keygen(self.name, self.email, self.passphrase)
# encrypt file for both
encrypted = utils.encrypt(self.file, [pub1, pub2])
# check keypair one can decrypt
decrypted = utils.decrypt(encrypted, priv1, pub1, self.passphrase)
self.assertEquals(decrypted, self.message)
# check keypair two can decrypt
decrypted = utils.decrypt(encrypted, priv2, pub2, self.passphrase)
self.assertEquals(decrypted, self.message)
def export_key(self):
self.require_verification()
form = Form(self.request, schema=forms.PassphraseSchema)
if 'form.submitted' in self.request.POST and form.validate():
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.username==self.username).first()
key = session.query(Key).filter(Key.user_id==user.id, Key.name==self.key).first()
pub = base64.b64decode(key.public_key)
priv = base64.b64decode(key.private_key)
priv = utils.decrypt(priv, pub, pub, form.data['passphrase'])
filename = user.username + '.keypair.asc'
content_type, encoding = mimetypes.guess_type(filename)
logger.info('priv: %s', priv)
with utils.tmpdir() as tmpd:
tmp = os.path.join(tmpd, filename)
with open(tmp, 'wb') as tmpf:
tmpf.write('\n\n'.join((pub, priv)))
tmpf.flush()
response = FileResponse(
tmp,
request=self.request
)
return response
return dict(
form=FormRenderer(form),
username=self.username,
key=self.key
)
def test_keygen_creates_valid_priv(self):
pub, priv = utils.keygen(self.name, self.email, self.passphrase)
priv = base64.b64decode(priv)
pub = base64.b64decode(pub)
self.assertTrue(priv.startswith('-----BEGIN PGP MESSAGE-----'))
self.assertTrue(priv.endswith('-----END PGP MESSAGE-----\n'))
priv = utils.decrypt(priv, pub, pub, passphrase=self.passphrase)
self.assertTrue(priv.startswith('-----BEGIN PGP PRIVATE KEY BLOCK-----'))
self.assertTrue(priv.endswith('-----END PGP PRIVATE KEY BLOCK-----\n'))
def share_file(self):
if 'form.submitted' in self.request.POST and form.validate():
passphrase = form.data['passphrase']
query_file = os.path.join(self.storage_dir, self.username, self.filename)
share_user = self.request.params['share_user']
with utils.db_session(self.dbmaker) as session:
owner = session.query(User).filter(User.username==self.username).one()
f = session.query(File).filter(File.name==self.filename).one()
u = session.query(User).filter(User.username==share_user).first()
if u is None:
del f.shared_users[:]
else:
for key in u.keys:
f.keys.append(key)
session.add(f)
owner_pubs = [k.public_key for k in owner.keys]
owner_privs = [k.private_key for k in owner.keys]
recipients = owner_pubs + [k.public_key for k in f.keys]
with open(query_file, 'rb') as o:
data = o.read()
decrypted = utils.decrypt(data, owner_privs, owner_pubs, passwd)
with tempfile.NamedTemporaryFile() as tmp:
tmp.write(decrypted)
tmp.flush()
tmp.seek(0)
encrypted = utils.encrypt(tmp, recipients)
tmp = tempfile.NamedTemporaryFile(dir=self.storage_dir, delete=False)
tmp.write(encrypted)
os.rename(tmp.name, query_file)
self.request.session.flash(
u'successfully shared file: %s with user %s' % (self.filename, share_user)
)
return HTTPFound(location=self.request.route_url('view_files'))
with utils.db_session(self.dbmaker) as session:
sharable_users = session.query(User).filter(User.sharable==True)
sharable_users = sharable_users.filter(User.username!=self.username).all()
sharable_users = [u.username for u in sharable_users]
return dict(
username=self.username,
filename=self.filename,
sharable_users=sharable_users
)
def export_key(self):
self.require_verification()
if "form.submitted" in self.request.POST and form.validate():
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.username == self.username).first()
key = session.query(Key).filter(Key.user_id == user.id, Key.name == self.key).first()
pub = base64.b64decode(key.public_key)
priv = base64.b64decode(key.private_key)
priv = utils.decrypt(priv, pub, pub, form.data["passphrase"])
filename = user.username + ".keypair.asc"
content_type, encoding = mimetypes.guess_type(filename)
logger.info("priv: %s", priv)
with utils.tmpdir() as tmpd:
tmp = os.path.join(tmpd, filename)
with open(tmp, "wb") as tmpf:
tmpf.write("\n\n".join((pub, priv)))
tmpf.flush()
response = FileResponse(tmp, request=self.request)
return response
return dict(username=self.username, key=self.key)
def view_file(self):
if 'form.submitted' in self.request.POST and form.validate():
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.username==self.username).first()
f = session.query(File).filter(File.name==self.filename).first()
proper_key = [k for k in f.keys if k.user.username == user.username]
logger.info('owner: %s files: %s keys: %s', f.owner, user.files, f.keys)
if f.owner != user.username and len(proper_key) == 0:
self.request.session.flash(u'File not shared with you. are you a bad actor?')
return HTTPFound(location=self.request.route_url('home'))
privs = []
pubs = []
for k in proper_key:
privs.append(k.private_key)
pubs.append(k.public_key)
query_file = os.path.join(self.storage_dir, f.owner.username, self.filename)
if not os.path.isfile(query_file):
return HTTPNotFound("file %s is not a thinger" % (self.filename, ))
content_type, encoding = mimetypes.guess_type(query_file)
with open(query_file, 'rb') as o:
encrypted = o.read()
decrypted = utils.decrypt(encrypted, privs, pubs, form.data['passphrase'])
with utils.tmpdir() as tmpd:
tmp = os.path.join(tmpd, self.filename)
with open(tmp, 'wb') as tmpf:
tmpf.write(decrypted)
tmpf.flush()
response = FileResponse(
tmp,
request=self.request,
content_type=content_type,
content_encoding=encoding
)
return response
return dict(
username=self.username,
filename=self.filename
)
def test_decrypt_creates_valid_msg(self):
pub, priv = utils.keygen(self.name, self.email, self.passphrase)
encrypted = utils.encrypt(self.file, pub)
decrypted = utils.decrypt(encrypted, priv, pub, self.passphrase)
self.assertEquals(decrypted, self.message)
