def test_parse_compressed_zlib(self): msg = """-----BEGIN PGP MESSAGE----- Version: GnuPG v2 owFtUm1MFEcY5lAqnqJFWhpSautCLJiL7OzOfh0FQkREEpq0igk0hO7szh4b8A5u Dw6KJxVo09ZrKicSCfEDpY39OisfLUHx40RA6I8SiBJBw5Wm1ZqmVtQE0dI5Yn80 6fyZzDvP87zP884ciFoWFmnqSq0uGfAfHDGN3kFh+dOfZNdSyKHWUNZaqhQvbZpu t2FnuVO3uygrJSIRsRwCAmA4qCBOExTIiQJELIsEkRcVKGOJVWTKQpU4jBCDyCDZ wJt1B6mRQ7Gukur/4EuXLmhAA5UDKo8ZVeB5GUmMLAIWI8hptKoAXsYy0qAoIZZX BEaBDFQlUeGJMRmyEpKJJB2Sq1ySU0UNA5HVOCRigWWgxIsSQIQgYZljgRQCGthp l3djgsY12KA8FsqJqxylOJTe0G3EsEFZ36E0GWq0BgCrMowmYVrUGEmRNValaRIB KSwgM8Eaq/CIE1SORoBhaZ4BCGgc4ACmNaqIaJNuVbqyJP6sq013lVSi/zrZUWnP cstOLeTGVVMeKrkxKn5GLka6XSXvQjhV2GnoDjtlBQSpuPQQG0BIc4DnedFC4epy 3YmL9RCCE3iRJstClZOERJJRMcnEsyrkJGkHpoGmkbliBQqiKkPA8owkYh7IZO4s hwHLMrKEVU5RJcjQSMIiFcpTYXcQcZ4YlW1ElIzMLrsqnZjymD8Oj18eZooMey4i PPS5wswrn//3x9n+Wvs0LuVE58tNvQH3QHSPmrpxT3Fc3dbmrd4X824UDqQZD2yZ /uZXN0UYK5CFH0WzZzz3evCDfeKjvJgLP0/J6zK+f9LWbkmKXr5YdDjq7aj1bwze HdGyPTFfwc9d4depF8qy/f11/fPxPza2FYy4rNsZJ13ts+3sLqxKNL6JSF7XXHra tOFR+5aEnC+LzJe3rCnsSh27P6tuHM2AhV/jyT2DjcOb83OCC2m5Aw87UJWBRKbf slpYOHJjavxsVr69bY5POnHz+M2zq7tNuV3Tvp41H8xN1KavF7tX/nSfS8w8Op7R EhtpvxLu+9S9atuZg7u8rRvoU+dj9z6p9Fa044TJnDv+3EbvqXs9vcHb1oHjecN1 EzU1wYbUBcfv+eefPh57vW94U+rutILeIT144AvX+MmoCPO191v6Cs/d/kNYFWzy vXYp/d2p2bjrnuls3GX0ZczOBYINJ+Ojf6gv+0xKTI/wnTvUnvDRpWNN11plxuQU vA3s4K/bFnuZkk6rqe+XwOSQ/5Zrxu+r8L55eu8R2H+V+a7irYkCU3jcsg8TLPv3 /xk7XpqyMzZqJjC06DF12t6Lhe6W+bWBqytcHY230i/+lpKdMhSTOGMeeSmt9e5F 68N54XJHpuKG6VmPDx0ucfHJo/Vw7NvEC0fNenlu574rrzQl/e0pC9Tvoqe3e5PF fwA= =3Snw -----END PGP MESSAGE-----""".encode() data = AsciiData(msg) packets = list(data.packets()) self.assertEqual(packets[0].raw_compression_algo, 1) newpackets = list(BinaryData(packets[0].decompressed_data).packets()) self.assertEqual(len(newpackets), 3)
def check_proof(s, kblock): data = AsciiData(kblock) for packet in data.packets(): if packet.tag() == 17: packet.parse() print "User Attribute found: ", packet return 1
def test_parse_v3_elgamal_pk(self): '''Two older version 3 public keys.''' rawdata = self.load_data('v3elgpk.asc') data = AsciiData(rawdata) packets = list(data.packets()) self.assertEqual(3, len(packets)) packet = packets[0] self.assertTrue(isinstance(packet, PublicKeyPacket)) self.assertEqual(16, packet.raw_pub_algorithm) self.assertEqual("elg", packet.pub_algorithm_type) self.assertEqual(888716291, packet.raw_creation_time) self.assertIsNone(packet.expiration_time) self.assertIsNone(packet.modulus) self.assertIsNone(packet.modulus_bitlen) self.assertIsNone(packet.exponent) self.assertIsNotNone(packet.prime) self.assertIsNotNone(packet.group_gen) self.assertEqual(b"FF570A03", packet.key_id) self.assertEqual(b"7C4529FB11669ACA567BD53972000594", packet.fingerprint) self.assertTrue(isinstance(packets[1], UserIDPacket)) packet = packets[2] self.assertTrue(isinstance(packet, SignaturePacket)) self.assertEqual(16, packet.raw_pub_algorithm) self.assertEqual(888716292, packet.raw_creation_time)
def test_parse_sessionkey_elg(self): '''This file contains a public key and message encrypted with an ElGamal Encrypt-Only key.''' asc_data = self.load_data('sessionkey_elg.asc') data = AsciiData(asc_data) packets = list(data.packets()) self.assertEqual(2, len(packets)) session_key = packets[0] self.assertEqual(3, session_key.session_key_version) self.assertEqual(b"B705D3A4C3751D38", session_key.key_id) self.assertEqual(16, session_key.raw_pub_algorithm) self.assertEqual("ElGamal Encrypt-Only", session_key.pub_algorithm)
def test_parse_sessionkey_rsa(self): '''This file contains a public key and message encrypted with a RSA Encrypt or Sign key.''' asc_data = self.load_data('sessionkey_rsa.asc') data = AsciiData(asc_data) packets = list(data.packets()) self.assertEqual(2, len(packets)) session_key = packets[0] self.assertEqual(3, session_key.session_key_version) self.assertEqual(b"1C39A7BD114BFFA5", session_key.key_id) self.assertEqual(1, session_key.raw_pub_algorithm) self.assertEqual("RSA Encrypt or Sign", session_key.pub_algorithm)
def generate_public_key_file(self): if self.public_key_file: return identity = "Time capsule key for %s (%s)" % (self.release_date_display(), json.dumps(self.get_gpg_info())) self.public_key_file, self.temp_private_key_file = generate_public_elgamal_key(self.p, self.g, self.y, identity) # get key id parsed_key = AsciiData(self.public_key_file) elgamal_packet = next(packet for packet in parsed_key.packets() if type(packet)==PublicSubkeyPacket) self.elgamal_key_id = elgamal_packet.key_id self.save()
def partIsEncrypted(self, part): """ determine if a part is encrypted or not """ try: data = AsciiData(part.get_payload(decode=True)) packets = list() for pkt in data.packets(): packets.append(pkt) log("valid pgp message with {} packets".format(len(packets))) return len(packets) > 0 except: return False
def get_pgp_key_data(armored_key): try: ascii_data = AsciiData(armored_key.encode()) except PgpdumpException as err: # It's all bouncy castles fault (or pgpdump). we need to insert an additional newline if "BCPG" in armored_key: position = armored_key.find("BCPG") newline = armored_key.find("\n", position) new_armored_key = armored_key[0:newline] + "\n" + armored_key[ newline:] ascii_data = AsciiData(new_armored_key.encode()) else: raise err return ascii_data
def decrypt(request): if request.method != "POST": return HttpResponseNotAllowed(["POST"]) uploaded_file = request.FILES.get('file') if not uploaded_file: return HttpResponseBadRequest("Please supply a file upload.") # parse file for key id file_contents = uploaded_file.read() try: parsed_file = AsciiData(file_contents) except PgpdumpException: try: parsed_file = BinaryData(file_contents) except PgpdumpException: return HttpResponseBadRequest("Can't parse PGP file.") public_key_packet = next( packet for packet in parsed_file.packets() if type(packet) == PublicKeyEncryptedSessionKeyPacket) elgamal_key_id = public_key_packet.key_id # get key try: keypair = KeyPair.objects.get(elgamal_key_id=elgamal_key_id) except KeyPair.DoesNotExist: return HttpResponseBadRequest("No key was found matching this file.") if not keypair.private_key_file: return HttpResponseBadRequest( "We do not yet have a private key to decrypt this file (release date %s)." % keypair.release_date_display()) # decrypt output = gpg_decrypt(keypair.private_key_file, file_contents) if not output.ok: return HttpResponseBadRequest("Unable to decrypt file.") # deliver if output.data_filename: output_name = output.data_filename else: output_name = uploaded_file.name if output_name.endswith('.gpg'): output_name = output_name[:-4] return deliver_file(output.data, 'application/octet-stream', output_name)
def test_parse_ascii_clearsign(self): '''This is a clearsigned document with an expiring signature, so tests both the ignore pattern in AsciiData as well as additional signature subpackets.''' asc_data = self.load_data('README.asc') data = AsciiData(asc_data) packets = list(data.packets()) self.assertEqual(1, len(packets)) sig_packet = packets[0] self.assertFalse(sig_packet.new) self.assertEqual(3, len(sig_packet.subpackets)) self.check_sig_packet(sig_packet, 76, 4, 1, 1332874080, b"5C2E46A0F53A76ED", 17, 2) # raw expires time is in seconds from creation date self.assertEqual(345600, sig_packet.raw_expiration_time) expires = datetime(2012, 3, 31, 18, 48, 00) self.assertEqual(expires, sig_packet.expiration_time)
def test_parse_ascii_sig_packet(self): asc_data = b''' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEABECAAYFAk6neOwACgkQXC5GoPU6du23AQCgghWjIFgBazXWIZNj4PGnkuYv gMsAoLGOjudliDT9u0UqxN9KeJ22Jdne =KYol -----END PGP SIGNATURE-----''' data = AsciiData(asc_data) packets = list(data.packets()) self.assertEqual(1, len(packets)) sig_packet = packets[0] self.assertFalse(sig_packet.new) self.check_sig_packet(sig_packet, 70, 4, 0, 1319598316, b"5C2E46A0F53A76ED", 17, 2) self.assertEqual(2, len(sig_packet.subpackets))
def test_parse_v3_sig(self): asc_data = b''' -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iD8DBQBPWDfGXC5GoPU6du0RAq6XAKC3TejpiBsu3pGF37Q9Id/vPzoFlwCgtwXE E/GGdt/Cn5Rr1G933H9nwxo= =aJ6u -----END PGP SIGNATURE-----''' data = AsciiData(asc_data) packets = list(data.packets()) self.assertEqual(1, len(packets)) sig_packet = packets[0] self.assertFalse(sig_packet.new) self.check_sig_packet(sig_packet, 63, 3, 0, 1331181510, b"5C2E46A0F53A76ED", 17, 2) self.assertEqual(b'\xae\x97', sig_packet.hash2) self.assertEqual(0, len(sig_packet.subpackets))
def main(keyfile, expert): passphrase = None print("\nNitroinit - Create and import GnuPG keys to the Nitrokey\n") # No keyfile was given, thus create a new key and import this one if keyfile is None: print("No keyfile was provided. We create a new key, back it up and then import it to " + \ "the Nitrokey.") print("You can provide an existing key via '--keyfile' flag. Please use '--help' for " + \ "more information.") print("We start key creation now...\n") keyfile = create_key(expert) else: # get passphrase passphrase = getpass.getpass("Please provide passphrase of the key or hit enter if no " + \ "passphrase is used: ") # open key file and parse it to get the key packets with open(keyfile, 'rb') as f: if keyfile.endswith('.asc') or keyfile.endswith('.txt'): data = AsciiData(f.read(), secret_keys=True, passphrase=passphrase) else: data = BinaryData(f.read(), secret_keys=True, passphrase=passphrase) userid, keys = parse_packets(data.packets()) # TODO add test case for this keys = check_keys(keys) print_summary(userid, keys) # Do not import, dry-run only if dry: sys.exit(0) input("\nPlease press enter to start importing... (Ctrl-C otherwise)\n") import_keys(keys) print("\nImport successful.\n")
from pgpdump import AsciiData file = open('AliceMsgtxt.asc', 'rb') asc_data = file.read() data = AsciiData(asc_data) packets = list(data.packets()) datastr = str(packets[0].sig_data) databytes = packets[0].data x = '' # for byte_s in databytes: # print(''.join('{:02x}'.format(byte_s))) # x += ''.join('{:02x}'.format(byte_s)) # # print(len(databytes)) r = '0x' s = '0x' for i in range(len(databytes)): # print(i) # print(''.join('{:02x}'.format(databytes[i]))) x += ''.join('{:02x}'.format(databytes[i])) if i > 39 and i <= 59: r += ''.join('{:02x}'.format(databytes[i])) if i > 61: s += ''.join('{:02x}'.format(databytes[i])) print('x:' + x)
from pgpdump import AsciiData from pgpdump.packet import ( PublicKeyPacket, PublicSubkeyPacket, SignaturePacket, UserIDPacket, ) from pgpdump.utils import crc24 import base64 import struct import sys data = [] keys = [] has_uid = False for packet in AsciiData(open(sys.argv[1]).read().encode('ascii')).packets(): # RFC 4880, 4.2.1 length = struct.pack('>i', packet.length).lstrip(b'\0') length_type = { 1: 0, 2: 1, 4: 2, }.get(len(length)) if length_type is None: print('Cannot encode a packet of length {}'.format(packet.length), file=sys.stderr) sys.exit(1) # Only keep the first uid, self-signatures, and public keys/subkeys if isinstance(packet, UserIDPacket): if has_uid:
from pgpdump import AsciiData from base64 import b64encode, encodebytes, standard_b64encode import binascii from pgp.pgpFileHelper import writePrivateKeyASC from pgp.pgpManipulateKeyfile_helper import printDSAKeyPaket keyfile = open('bob-dsa-private-keyasc.sec', 'rb') keyasc_data = keyfile.read() keydata = AsciiData(keyasc_data) keypackets = list(keydata.packets()) keydatabytes = keypackets[0].data privatekeypaket = '' j = len(keydatabytes) # From keydatabytes to privatekeypacket which is string # Privatekeypaket is String and used for replacing the private key while j > 0: privatekeypaket += ''.join('{:02x}'.format(keydatabytes[len(keydatabytes) - j])) j -= 1 #print('keydatabytes: ' + privatekeypaket) # Analyzes the DSA key paket and prints all relevant data # If Checksum doesn't fit the conditions there will be a new one calculated and returned printDSAKeyPaket(keydatabytes) print('OLD_keydatabytes: ' + privatekeypaket)
def lambda_handler(event, context): """ :param event: :param context: :return: INFO: pgpdump has problem on parse expiration_time. """ public_key_content = event.get('public_key_content', '').encode('utf-8') filename = event['filename'] if filename != '0A.asc' and filename[1] == 'A': encrypt_content = event['encrypt_content'].encode('utf-8') encrypt_file_key_id_list = [] for pkeskp in list(AsciiData(encrypt_content).packets()): encrypt_file_key_id = getattr(pkeskp, 'key_id', '')[-8:].upper().decode('utf-8') if encrypt_file_key_id: encrypt_file_key_id_list.append(encrypt_file_key_id) if len(encrypt_file_key_id_list) != 2: return { 'status': 403, 'message': '403 Forbidden: PublicKeyCountError' } encrypt_file_key_id_list.remove(PUBLIC_KEY_ID) public_key_file_key_id = encrypt_file_key_id_list[0] dynamo = boto3.resource('dynamodb').Table(DYNAMODB_TABLE) response = dynamo.get_item( Key={ 'email': public_key_file_key_id, 'type': 'reverse-apply-account-at-exam.yueh-cake.com' }) item = response.get('Item', {}) if not item: return { 'status': 403, 'message': '403 Forbidden: PublicKeyID DoesNotExist' } email = item.get('public_key_id_email', '') if not email: return { 'status': 403, 'message': '403 Forbidden: EmailDoesNotExist' } s3 = boto3.client('s3') _key = '%s/%s-%s/%s' % (S3_LOCATION, email, public_key_file_key_id, filename) try: s3.head_object(Bucket=S3_BUCKET, Key=_key) except: response = s3.put_object( ACL='public-read', Body=encrypt_content, Bucket=S3_BUCKET, ContentType='text/plain', Key=_key, StorageClass='STANDARD', ) send_notice(email=email, filename=filename) return {'status': 200, 'message': filename} else: return {'status': 403, 'message': filename + ' was exist'} elif filename == '0A.asc': ad = AsciiData(public_key_content) adps = list(ad.packets()) pub_algorithm_type = adps[0].pub_algorithm_type.lower() raw_pub_algorithm = adps[0].raw_pub_algorithm user_name = adps[1].user_name.lower() user_email = adps[1].user_email.lower() public_key_file_key_id = adps[3].key_id[-8:].upper().decode('utf-8') if pub_algorithm_type != 'rsa' or raw_pub_algorithm != 1: return { 'status': 403, 'message': '403 Forbidden: PublicKey TypeError' } if re.sub('(applicants|[ \(\)])', '', user_name): return { 'status': 403, 'message': '403 Forbidden: PublicKey UserNameError, It should be "applicants (applicants) <%s>"' % user_email } dynamo = boto3.resource('dynamodb').Table(DYNAMODB_TABLE) response = dynamo.get_item( Key={ 'email': user_email, 'type': 'apply-account-at-exam.yueh-cake.com' }) item = response.get('Item', {}) if not item: return { 'status': 403, 'message': '403 Forbidden: PublicKey EmailAddressDoesNotExist' } elif (int(item['timestamp']) + 86400) < int(time()): return { 'status': 403, 'message': '403 Forbidden: EmailAddressExpiration' } elif item.get('public_key_id', ''): return { 'status': 403, 'message': '403 Forbidden: PublicKeyAlreadyExist' } encrypt_content = event['encrypt_content'].encode('utf-8') encrypt_file_key_id_list = [] for pkeskp in list(AsciiData(encrypt_content).packets()): encrypt_file_key_id = getattr(pkeskp, 'key_id', '')[-8:].upper() if encrypt_file_key_id: encrypt_file_key_id_list.append( encrypt_file_key_id.decode('utf-8')) if len(encrypt_file_key_id_list) != 2: return { 'status': 403, 'message': '403 Forbidden: PublicKeyCountError' } elif PUBLIC_KEY_ID not in encrypt_file_key_id_list or public_key_file_key_id not in encrypt_file_key_id_list: return { 'status': 403, 'message': '403 Forbidden: PublicKeyUsageError' } s3 = boto3.client('s3') response = s3.get_object(Bucket=S3_BUCKET, Key='%s/index.html' % S3_LOCATION) index_html = response['Body'].read().decode('utf-8') user_directory = '%s/%s-%s' % (S3_LOCATION, user_email, public_key_file_key_id) index_html = re.sub( '<div id="build_version">.*</div>', '<div id="create_time">Create Time at {}</div>'.format( datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S+UTC')), index_html) index_html = re.sub( '(<textarea[^>]+name="public_key_content")></textarea>', '\\1 readonly="readonly" style="background-color : #d1d1d1;">{}</textarea>' .format(public_key_content), index_html) index_html = re.sub('<li[^>]+id="0A"[^>]+>', '<li id="0A">', index_html) response = s3.put_object( ACL='public-read', Body=index_html, Bucket=S3_BUCKET, ContentType='text/html', Key='%s/index.html' % user_directory, StorageClass='STANDARD', ) response = s3.put_object( ACL='public-read', Body=public_key_content, Bucket=S3_BUCKET, ContentType='text/plain', Key='%s/public_key.asc' % user_directory, StorageClass='STANDARD', ) response = s3.put_object( ACL='public-read', Body=encrypt_content, Bucket=S3_BUCKET, ContentType='text/plain', Key='%s/0A.asc' % user_directory, StorageClass='STANDARD', ) dynamo.update_item( Key={ 'email': user_email, 'type': 'apply-account-at-exam.yueh-cake.com' }, UpdateExpression="set public_key_id = :public_key_id", ExpressionAttributeValues={ ":public_key_id": public_key_file_key_id }, ReturnValues="UPDATED_NEW", ) dynamo.put_item( Item={ "timestamp": int(time()), "email": public_key_file_key_id, "public_key_id_email": user_email, "type": 'reverse-apply-account-at-exam.yueh-cake.com' }) Q1 = encrypt_text(random_q1(), public_keys=[ PUBLIC_KEY_CONTENT, public_key_content.decode('utf-8') ]) response = s3.put_object( ACL='public-read', Body=Q1, Bucket=S3_BUCKET, ContentType='text/plain', Key='%s/1Q.asc' % user_directory, StorageClass='STANDARD', ) filename += " and 1Q.asc" send_notice(email=user_email, filename=filename) return {'status': 200, 'message': user_directory} else: return {'status': 403, 'message': 'FilenameError'}
def test_parse_linus_ascii(self): with open('linus.asc', 'rb') as keyfile: rawdata = keyfile.read() data = AsciiData(rawdata) packets = list(data.packets()) self.assertEqual(44, len(packets))
def test_parse_linus_ascii(self): rawdata = self.load_data('linus.asc') data = AsciiData(rawdata) packets = list(data.packets()) self.assertEqual(44, len(packets))