def backend_example():
backend = OSXKeychainKeysBackend(
key_type=OSXKeychainKeyType.RSA,
key_size_in_bits=4096,
is_permanent=True,
use_secure_enclave=False,
access_group=None,
is_extractable=True,
)
private_key = rsa.generate_private_key(public_exponent=65537,
key_size=4096,
backend=default_backend())
# noinspection PyTypeChecker
pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption(),
)
key = backend.set_password(service='pasten.com',
username='******',
password=pem)
assert isinstance(key, RSAPrivateKey)
matching_keys = backend.get_password(service='pasten.com',
username='******')
assert len(matching_keys) == 1
assert isinstance(matching_keys[0], RSAPrivateKey)
backend.delete_password(service='pasten.com', username='******')
def test_key_passphrase(self):
backend = OSXKeychainKeysBackend(key_type=OSXKeychainKeyType.RSA)
service, username = str(uuid4()), 'dany74q'
backend.key_password = '******'
current_dir = os.path.dirname(__file__)
with open(os.path.join(current_dir, 'des_encrypted.key'), 'rb') as f:
des_encrypted_key = f.read()
backend.set_password(
service=service, username=username, password=des_encrypted_key
)
backend.delete_password(service=service, username=username)
with open(os.path.join(current_dir, '3des_encrypted.key'), 'rb') as f:
triple_des_encrypted_key = f.read()
backend.set_password(
service=service, username=username, password=triple_des_encrypted_key
)
backend.delete_password(service=service, username=username)
# Non DES encryptions are not supported
with open(os.path.join(current_dir, 'aes_128_encrypted.key'), 'rb') as f:
aes_encrypted_key = f.read()
with self.assertRaises(KeyringError):
backend.set_password(
service=service, username=username, password=aes_encrypted_key
)
def test_key_permanence(self):
backend = OSXKeychainKeysBackend(
key_type=OSXKeychainKeyType.RSA, is_permanent=True
)
service, username = str(uuid4()), 'dany74q'
backend.set_password(service=service, username=username, password=None)
try:
res = backend.get_password(service=service, username=username)
self.assertIsNotNone(res, 'Expected a result for permanent-stored key')
finally:
backend.delete_password(service=service, username=username)
def test_non_extractable_keys_cant_be_retrieved(self):
backend = OSXKeychainKeysBackend(
key_type=OSXKeychainKeyType.RSA, is_permanent=True, is_extractable=False
)
service, username = str(uuid4()), 'dany74q'
res = backend.set_password(service=service, username=username, password=None)
try:
self.assertIsNone(
res,
f'Expected None result when is_extractable is False, but got: {res}',
)
with self.assertRaises(KeyringError):
# We should not be able to retrieve the data of non-extractable keys
backend.get_password(service=service, username=username)
finally:
backend.delete_password(service=service, username=username)