def encrypt_handler(infile=None, outfile=None, recipient=None, self=None, basedir=None): # provides a high level function to do encryption of files # infile specifies the filename of the input file, # if '-' or not specified it uses stdin # outfile specifies the filename of the output file, if not specified # it uses the same filename with '.pbp' appended # recipient specifies the name of the recipient for using public key crypto # self specifies the sender for signing the message using pk crypto # basedir provides a root for the keystores needed for pk crypto # if both self and recipient is specified pk crypto is used, otherwise symmetric # this function also handles buffering. fd = inputfd(infile) outfd = outputfd(outfile or (infile + '.pbp' if infile not in [None, '-'] else '-')) if recipient and self: # let's do public key encryption key = nacl.randombytes(nacl.crypto_secretbox_KEYBYTES) me = publickey.Identity(self, basedir=basedir) size = struct.pack('>H', len(recipient)) # write out encrypted message key (nonce, c(key+recplen)) for each recipient for r in recipient: r = publickey.Identity(r, basedir=basedir, publicOnly=True) nonce = nacl.randombytes(nacl.crypto_box_NONCEBYTES) outfd.write(nonce) outfd.write(nacl.crypto_box(key + size, nonce, r.cp, me.cs)) me.clear() else: # let's do symmetric crypto key = getkey(nacl.crypto_secretbox_KEYBYTES) buf = fd.read(BLOCK_SIZE) if buf: nonce, cipher = encrypt(buf, k=key) outfd.write(nonce) outfd.write(cipher) buf = fd.read(BLOCK_SIZE) while buf: nonce = inc_nonce(nonce) nonce, cipher = encrypt(buf, k=key, nonce=nonce) outfd.write(cipher) buf = fd.read(BLOCK_SIZE) clearmem(key) key = None if fd != sys.stdin: fd.close() if outfd != sys.stdout and isinstance(outfd, file): outfd.close()
def buffered_encrypt(self, infd,outfd): self.load() msg=infd.read(BLOCK_SIZE) if msg: cipher, nonce = self.send(msg) outfd.write(nonce) outfd.write(cipher) msg=infd.read(BLOCK_SIZE) while msg: nonce = inc_nonce(nonce) cipher, nonce = self.encrypt(msg, nonce) outfd.write(cipher) msg=infd.read(BLOCK_SIZE) self.save() self.clear()
def buffered_encrypt(self, infd, outfd): self.load() msg = infd.read(BLOCK_SIZE) if msg: cipher, nonce = self.send(msg) outfd.write(nonce) outfd.write(cipher) msg = infd.read(BLOCK_SIZE) while msg: nonce = inc_nonce(nonce) cipher, nonce = self.encrypt(msg, nonce) outfd.write(cipher) msg = infd.read(BLOCK_SIZE) self.save() self.clear()
def encrypt_handler(infile=None, outfile=None, recipient=None, self=None, basedir=None): # provides a high level function to do encryption of files # infile specifies the filename of the input file, # if '-' or not specified it uses stdin # outfile specifies the filename of the output file, if not specified # it uses the same filename with '.pbp' appended # recipient specifies the name of the recipient for using public key crypto # self specifies the sender for signing the message using pk crypto # basedir provides a root for the keystores needed for pk crypto # if both self and recipient is specified pk crypto is used, otherwise symmetric # this function also handles buffering. fd = inputfd(infile) outfd = outputfd(outfile or (infile+'.pbp' if infile not in [None,'-'] else '-')) if recipient and self: # let's do public key encryption key = nacl.randombytes(nacl.crypto_secretbox_KEYBYTES) me = publickey.Identity(self, basedir=basedir) size = struct.pack('>H',len(recipient)) # write out encrypted message key (nonce, c(key+recplen)) for each recipient for r in recipient: r = publickey.Identity(r, basedir=basedir, publicOnly=True) nonce = nacl.randombytes(nacl.crypto_box_NONCEBYTES) outfd.write(nonce) outfd.write(nacl.crypto_box(key+size, nonce, r.cp, me.cs)) me.clear() else: # let's do symmetric crypto key = getkey(nacl.crypto_secretbox_KEYBYTES) buf = fd.read(BLOCK_SIZE) if buf: nonce, cipher = encrypt(buf, k=key) outfd.write(nonce) outfd.write(cipher) buf = fd.read(BLOCK_SIZE) while buf: nonce = inc_nonce(nonce) nonce, cipher = encrypt(buf, k=key, nonce=nonce) outfd.write(cipher) buf = fd.read(BLOCK_SIZE) clearmem(key) key=None if fd != sys.stdin: fd.close() if outfd != sys.stdout and isinstance(outfd,file): outfd.close()
def buffered_decrypt(self, infd,outfd): self.load() blocklen=BLOCK_SIZE+(nacl.crypto_scalarmult_curve25519_BYTES*2) if self.out_k == ('\0' * nacl.crypto_scalarmult_curve25519_BYTES): nonce = infd.read(nacl.crypto_box_NONCEBYTES) else: nonce = infd.read(nacl.crypto_secretbox_NONCEBYTES) ct = infd.read(blocklen+16) msg = self.receive(ct,nonce) while ct: outfd.write(msg) nonce = inc_nonce(nonce) ct = infd.read(BLOCK_SIZE+16) if ct: msg = self.decrypt(ct,nonce) self.save() self.clear()
def buffered_decrypt(self, infd, outfd): self.load() blocklen = BLOCK_SIZE + (nacl.crypto_scalarmult_curve25519_BYTES * 2) if self.out_k == ('\0' * nacl.crypto_scalarmult_curve25519_BYTES): nonce = infd.read(nacl.crypto_box_NONCEBYTES) else: nonce = infd.read(nacl.crypto_secretbox_NONCEBYTES) ct = infd.read(blocklen + 16) msg = self.receive(ct, nonce) while ct: outfd.write(msg) nonce = inc_nonce(nonce) ct = infd.read(BLOCK_SIZE + 16) if ct: msg = self.decrypt(ct, nonce) self.save() self.clear()
def decrypt_handler(infile=None, outfile=None, self=None, peer=None, max_recipients=20, basedir=None): # provides a high level function to do decryption of files # infile specifies the filename of the input file, # if '-' or not specified it uses stdin # outfile specifies the filename of the output file, if not specified # it uses the same filename with '.pbp' appended # self specifies the recipient of the message for using pk crypto # basedir provides a root for the keystores needed for pk crypto # if self is specified pk crypto is used, otherwise symmetric # this function also handles buffering. fd = inputfd(infile) outfd = outputfd(outfile) key = None # asym if self: me = publickey.Identity(self, basedir=basedir) if peer: peer = publickey.Identity(peer, basedir=basedir, publicOnly=True) sender = None size = None i = 0 while i < (max_recipients if not size else size): i += 1 rnonce = fd.read(nacl.crypto_box_NONCEBYTES) ct = fd.read(nacl.crypto_secretbox_KEYBYTES + 2 + nacl.crypto_secretbox_MACBYTES) if sender: continue for keys in ([peer] if peer else publickey.get_public_keys( basedir=basedir)): try: tmp = nacl.crypto_box_open(ct, rnonce, keys.cp, me.cs) except ValueError: continue key = tmp[:nacl.crypto_secretbox_KEYBYTES] size = struct.unpack('>H', tmp[nacl.crypto_secretbox_KEYBYTES:])[0] sender = keys.name break me.clear() if not sender: raise ValueError('decryption failed') # sym else: pwd = getpass.getpass('Passphrase for decrypting: ') key = scrypt.hash(pwd, scrypt_salt)[:nacl.crypto_secretbox_KEYBYTES] sender = None clearmem(pwd) pwd = None if key: nonce = fd.read(nacl.crypto_secretbox_NONCEBYTES) buf = fd.read(BLOCK_SIZE + nacl.crypto_secretbox_MACBYTES) while buf: outfd.write(decrypt((nonce, buf), k=key)) nonce = inc_nonce(nonce) buf = fd.read(BLOCK_SIZE + nacl.crypto_secretbox_MACBYTES) clearmem(key) key = None if fd != sys.stdin: fd.close() if outfd != sys.stdout and type(outfd) == file: outfd.close() return sender
def decrypt_handler(infile=None, outfile=None, self=None, peer=None, max_recipients = 20, basedir=None): # provides a high level function to do decryption of files # infile specifies the filename of the input file, # if '-' or not specified it uses stdin # outfile specifies the filename of the output file, if not specified # it uses the same filename with '.pbp' appended # self specifies the recipient of the message for using pk crypto # basedir provides a root for the keystores needed for pk crypto # if self is specified pk crypto is used, otherwise symmetric # this function also handles buffering. fd = inputfd(infile) outfd = outputfd(outfile) key = None # asym if self: me = publickey.Identity(self, basedir=basedir) if peer: peer = publickey.Identity(peer, basedir=basedir, publicOnly=True) sender = None size = None i=0 while i < (max_recipients if not size else size): i+=1 rnonce = fd.read(nacl.crypto_box_NONCEBYTES) ct = fd.read(nacl.crypto_secretbox_KEYBYTES+2+nacl.crypto_secretbox_MACBYTES) if sender: continue for keys in ([peer] if peer else publickey.get_public_keys(basedir=basedir)): try: tmp = nacl.crypto_box_open(ct, rnonce, keys.cp, me.cs) except ValueError: continue key = tmp[:nacl.crypto_secretbox_KEYBYTES] size = struct.unpack('>H',tmp[nacl.crypto_secretbox_KEYBYTES:])[0] sender = keys.name break me.clear() if not sender: raise ValueError('decryption failed') # sym else: pwd = getpass.getpass('Passphrase for decrypting: ') key = scrypt.hash(pwd, scrypt_salt)[:nacl.crypto_secretbox_KEYBYTES] sender = None clearmem(pwd) pwd=None if key: nonce = fd.read(nacl.crypto_secretbox_NONCEBYTES) buf = fd.read(BLOCK_SIZE + nacl.crypto_secretbox_MACBYTES) while buf: outfd.write(decrypt((nonce, buf), k = key)) nonce = inc_nonce(nonce) buf = fd.read(BLOCK_SIZE + nacl.crypto_secretbox_MACBYTES) clearmem(key) key = None if fd != sys.stdin: fd.close() if outfd != sys.stdout and type(outfd) == file: outfd.close() return sender