def test_gpg_export_pubkey(self):
""" export a public key and make sure the parameters are the right ones:
since there's very little we can do to check rsa key parameters are right
we pre-exported the public key to an ssh key, which we can load with
cryptography for the sake of comparison """
# export our gpg key, using our functions
key_data = gpg_export_pubkey(self.default_keyid,
homedir=self.gnupg_home)
our_exported_key = dsa_create_pubkey(key_data)
# load the equivalent ssh key, and make sure that we get the same RSA key
# parameters
ssh_key_basename = "{}.ssh".format(self.default_keyid)
ssh_key_path = os.path.join(self.gnupg_home, ssh_key_basename)
with open(ssh_key_path, "rb") as fp:
keydata = fp.read()
ssh_key = serialization.load_ssh_public_key(keydata,
backends.default_backend())
self.assertEquals(ssh_key.public_numbers().y,
our_exported_key.public_numbers().y)
self.assertEquals(
ssh_key.public_numbers().parameter_numbers.g,
our_exported_key.public_numbers().parameter_numbers.g)
self.assertEquals(
ssh_key.public_numbers().parameter_numbers.q,
our_exported_key.public_numbers().parameter_numbers.q)
self.assertEquals(
ssh_key.public_numbers().parameter_numbers.p,
our_exported_key.public_numbers().parameter_numbers.p)
def test_gpg_sign_and_verify_object_with_default_key(self):
"""Create a signature using the default key on the keyring """
test_data = b'test_data'
wrong_data = b'something malicious'
signature = gpg_sign_object(test_data, homedir=self.gnupg_home)
key_data = gpg_export_pubkey(self.default_keyid, homedir=self.gnupg_home)
self.assertTrue(gpg_verify_signature(signature, key_data, test_data))
self.assertFalse(gpg_verify_signature(signature, key_data, wrong_data))
def test_gpg_export_pubkey(self):
""" export a public key and make sure the parameters are the right ones:
since there's very little we can do to check rsa key parameters are right
we pre-exported the public key to an ssh key, which we can load with
cryptography for the sake of comparison """
# export our gpg key, using our functions
key_data = gpg_export_pubkey(self.default_keyid,
homedir=self.gnupg_home)
our_exported_key = rsa_create_pubkey(key_data)
# load the equivalent ssh key, and make sure that we get the same RSA key
# parameters
ssh_key_basename = "{}.ssh".format(self.default_keyid)
ssh_key_path = os.path.join(self.gnupg_home, ssh_key_basename)
with open(ssh_key_path, "rb") as fp:
keydata = fp.read()
ssh_key = serialization.load_ssh_public_key(keydata,
backends.default_backend())
self.assertEquals(ssh_key.public_numbers().n,
our_exported_key.public_numbers().n)
self.assertEquals(ssh_key.public_numbers().e,
our_exported_key.public_numbers().e)
subkey_keyids = list(key_data["subkeys"].keys())
# We export the whole master key bundle which must contain the subkeys
self.assertTrue(self.signing_subkey_keyid.lower() in subkey_keyids)
# Currently we do not exclude encryption subkeys
self.assertTrue(self.encryption_subkey_keyid.lower() in subkey_keyids)
# However we do exclude subkeys, whose algorithm we do not support
self.assertFalse(
self.unsupported_subkey_keyid.lower() in subkey_keyids)
# When passing the subkey keyid we also export the whole keybundle
key_data2 = gpg_export_pubkey(self.signing_subkey_keyid,
homedir=self.gnupg_home)
self.assertDictEqual(key_data, key_data2)
def test_gpg_sign_and_verify_object_default_keyring(self):
"""Sign/verify using keyring from envvar. """
test_data = b'test_data'
gnupg_home_backup = os.environ.get("GNUPGHOME")
os.environ["GNUPGHOME"] = self.gnupg_home
signature = gpg_sign_object(test_data, keyid=self.default_keyid)
key_data = gpg_export_pubkey(self.default_keyid)
self.assertTrue(gpg_verify_signature(signature, key_data, test_data))
# Reset GNUPGHOME
if gnupg_home_backup:
os.environ["GNUPGHOME"] = gnupg_home_backup
else:
del os.environ["GNUPGHOME"]