def test_gnupg_encrypt_decrypt(self):
"""
Tests GnuPG encryption and decryption
"""
# test for unicode input
ciphertext_for_unicode = gpgme_encrypt(
message=self.rnd_password_unicode,
recipient_key_id=self.recipient_key_id)
ciphertext_for_unicode2 = gpgme_encrypt(
message=self.rnd_password_unicode,
recipient_key_id=self.recipient_key_id)
# test for bytestring input
ciphertext_for_str = gpgme_encrypt(
message=self.rnd_password_str,
recipient_key_id=self.recipient_key_id)
# test for decrypt of unicode
self.assertEqual(self.rnd_password_unicode,
gpgme_decrypt(ciphertext_for_unicode).decode('utf-8'),
'Unicode string not properly decrypted')
# test decrypt for bytesstring
self.assertEqual(self.rnd_password_str,
gpgme_decrypt(ciphertext_for_str),
'Bytestring not properly decrypted')
# theoretical and HIGHLY improbable chance for failure
# when GnuPG and the OS work properly
# The same input encrypted twice should NOT result
# in identical ciphertext
self.assertNotEqual(ciphertext_for_unicode, ciphertext_for_unicode2,
'Weak cryptography')
self.assertEqual(gpgme_decrypt(ciphertext_for_unicode),
gpgme_decrypt(ciphertext_for_unicode2),
'Identical input should result in identical decrypt')
def test_gnupg_encrypt_decrypt(self):
"""
Tests GnuPG encryption and decryption
"""
# test for unicode input
ciphertext_for_unicode = gpgme_encrypt(
message=self.rnd_password_unicode, recipient_key_id=self.recipient_key_id
)
ciphertext_for_unicode2 = gpgme_encrypt(
message=self.rnd_password_unicode, recipient_key_id=self.recipient_key_id
)
# test for bytestring input
ciphertext_for_str = gpgme_encrypt(message=self.rnd_password_str, recipient_key_id=self.recipient_key_id)
# test for decrypt of unicode
self.assertEqual(
self.rnd_password_unicode,
gpgme_decrypt(ciphertext_for_unicode).decode("utf-8"),
"Unicode string not properly decrypted",
)
# test decrypt for bytesstring
self.assertEqual(self.rnd_password_str, gpgme_decrypt(ciphertext_for_str), "Bytestring not properly decrypted")
# theoretical and HIGHLY improbable chance for failure
# when GnuPG and the OS work properly
# The same input encrypted twice should NOT result
# in identical ciphertext
self.assertNotEqual(ciphertext_for_unicode, ciphertext_for_unicode2, "Weak cryptography")
self.assertEqual(
gpgme_decrypt(ciphertext_for_unicode),
gpgme_decrypt(ciphertext_for_unicode2),
"Identical input should result in identical decrypt",
)
def test_add_message(entity, gpg_key, gpg_data):
tag = 'some-tag'
payload = gpgme_encrypt(message='not encrypted, but who cares',
recipient_key_id=gpg_key)
row = gpg_data.add_message(entity.entity_id, tag, gpg_key, payload)
assert row['message_id'] > 0
assert (row['entity_id'], row['tag'], row['recipient'],
row['message']) == (entity.entity_id, tag, gpg_key, payload)
def encrypt_message(self, tag, plaintext):
"""
Encrypt a plaintext for each recipient for a given tag.
:param tag: message tag
:param plaintext: the raw data to encrypt
:return:
a generator that yields tuples with:
(tag, recipient, encrypted message)
"""
for recipient in self.get_recipients(tag):
encrypted = gpgme_encrypt(message=plaintext,
recipient_key_id=recipient)
yield tag, recipient, encrypted
def gpg_message(database, entity, gpg_key, gpg_data):
tag = 'some-unique-tag-ea7e7b0bb82c825f'
payload = gpgme_encrypt(message='a super secret message',
recipient_key_id=gpg_key)
orig = gpg_data.add_message(entity.entity_id, tag, gpg_key, payload)
# manipulate the message so it looks a bit older
database.execute(
"""
UPDATE
[:table schema=cerebrum name=entity_gpg_data]
SET created = :ts
WHERE message_id = :msgid
""", {
'msgid': orig['message_id'],
'ts': datetime.datetime.now() - datetime.timedelta(days=1),
})
return dict(gpg_data.get_message_by_id(orig['message_id']))
def add_gpg_data(self, tag, data):
"""Add GPG encrypted data for the current entity.
:param str tag: Data tag
:param str data: Raw payload
:returns: The saved message IDs, if any
:rtype: list of ints or empty list
"""
message_ids = []
recipients = self._tag_to_recipients.get(tag, None)
if recipients is None:
raise ValueError("Unknown GPG data tag {!r}".format(tag))
for recipient in recipients:
message = gpgme_encrypt(message=data,
recipient_key_id=recipient)
message_id = self.add_gpg_message(tag=tag,
recipient=recipient,
message=message)
message_ids.append(message_id)
return message_ids
def test_get_message_by_id(entity, gpg_key, gpg_data):
tag = 'some-tag'
payload = gpgme_encrypt(message='secret message', recipient_key_id=gpg_key)
row = gpg_data.add_message(entity.entity_id, tag, gpg_key, payload)
fetched = gpg_data.get_message_by_id(row['message_id'])
assert dict(fetched) == dict(row)
