def test_verify_signature_bad(self):
to_sign = "this is some text.\nIt's something\n."
similar = "this is some text.\r\n.It's something\r\n."
_, detached = crypto.detached_signature_for(to_sign, self.key)
with self.assertRaises(GPGProblem):
crypto.verify_detached(similar, detached)
def test_verify_signature_bad(self):
to_sign = "this is some text.\nIt's something\n."
similar = "this is some text.\r\n.It's something\r\n."
_, detached = crypto.detached_signature_for(to_sign, self.key)
with self.assertRaises(GPGProblem):
crypto.verify_detached(similar, detached)
def test_verify_signature_good(self):
to_sign = "this is some text.\nIt's something\n."
_, detached = crypto.detached_signature_for(to_sign, self.key)
try:
crypto.verify_detached(to_sign, detached)
except GPGProblem:
raise AssertionError
def test_verify_signature_good(self):
to_sign = "this is some text.\nIt's something\n."
_, detached = crypto.detached_signature_for(to_sign, self.key)
try:
crypto.verify_detached(to_sign, detached)
except GPGProblem:
raise AssertionError
def test_verify_signature_bad(self):
to_sign = "this is some text.\nIt's something\n."
similar = "this is some text.\r\n.It's something\r\n."
with gpg.core.Context() as ctx:
_, detached = crypto.detached_signature_for(to_sign, [ctx.get_key(FPR)])
with self.assertRaises(GPGProblem):
crypto.verify_detached(similar, detached)
def test_verify_signature_bad(self):
to_sign = b"this is some text.\nIt's something\n."
similar = b"this is some text.\r\n.It's something\r\n."
with gpg.core.Context() as ctx:
_, detached = crypto.detached_signature_for(
to_sign, [ctx.get_key(FPR)])
with self.assertRaises(GPGProblem):
crypto.verify_detached(similar, detached)
def test_verify_signature_good(self):
to_sign = "this is some text.\nIt's something\n."
with gpg.core.Context() as ctx:
_, detached = crypto.detached_signature_for(to_sign, [ctx.get_key(FPR)])
try:
crypto.verify_detached(to_sign, detached)
except GPGProblem:
raise AssertionError
def test_verify_signature_good(self):
to_sign = b"this is some text.\nIt's something\n."
with gpg.core.Context() as ctx:
_, detached = crypto.detached_signature_for(
to_sign, [ctx.get_key(FPR)])
try:
crypto.verify_detached(to_sign, detached)
except GPGProblem:
raise AssertionError
def _make_signed(self):
"""Create a signed message that is multipart/signed."""
text = b'This is some text'
t = email.mime.text.MIMEText(text, 'plain', 'utf-8')
_, sig = crypto.detached_signature_for(
t.as_bytes(policy=email.policy.SMTP), self.keys)
s = email.mime.application.MIMEApplication(
sig, 'pgp-signature', email.encoders.encode_7or8bit)
m = email.mime.multipart.MIMEMultipart('signed', None, [t, s])
m.set_param('protocol', 'application/pgp-signature')
m.set_param('micalg', 'pgp-sha256')
return m
def _make_signed(self):
"""Create a signed message that is multipart/signed."""
text = b'This is some text'
t = email.mime.text.MIMEText(text, 'plain', 'utf-8')
_, sig = crypto.detached_signature_for(
t.as_bytes(policy=email.policy.SMTP), self.keys)
s = email.mime.application.MIMEApplication(
sig, 'pgp-signature', email.encoders.encode_7or8bit)
m = email.mime.multipart.MIMEMultipart('signed', None, [t, s])
m.set_param('protocol', 'application/pgp-signature')
m.set_param('micalg', 'pgp-sha256')
return m
def test_detached_signature_for(self):
to_sign = "this is some text.\nit is more than nothing.\n"
_, detached = crypto.detached_signature_for(to_sign, self.key)
with tempfile.NamedTemporaryFile(delete=False) as f:
f.write(detached)
sig = f.name
self.addCleanup(os.unlink, f.name)
with tempfile.NamedTemporaryFile(delete=False) as f:
f.write(to_sign)
text = f.name
self.addCleanup(os.unlink, f.name)
res = subprocess.check_call(['gpg', '--verify', sig, text])
self.assertEqual(res, 0)
def test_detached_signature_for(self):
to_sign = "this is some text.\nit is more than nothing.\n"
_, detached = crypto.detached_signature_for(to_sign, self.key)
with tempfile.NamedTemporaryFile(delete=False) as f:
f.write(detached)
sig = f.name
self.addCleanup(os.unlink, f.name)
with tempfile.NamedTemporaryFile(delete=False) as f:
f.write(to_sign)
text = f.name
self.addCleanup(os.unlink, f.name)
res = subprocess.check_call(['gpg', '--verify', sig, text])
self.assertEqual(res, 0)
def test_valid_signature_generated(self):
to_sign = "this is some text.\nit is more than nothing.\n"
with gpg.core.Context() as ctx:
_, detached = crypto.detached_signature_for(to_sign, [ctx.get_key(FPR)])
with tempfile.NamedTemporaryFile(delete=False) as f:
f.write(detached)
sig = f.name
self.addCleanup(os.unlink, f.name)
with tempfile.NamedTemporaryFile(delete=False) as f:
f.write(to_sign)
text = f.name
self.addCleanup(os.unlink, f.name)
res = subprocess.check_call(['gpg', '--verify', sig, text],
stdout=DEVNULL, stderr=DEVNULL)
self.assertEqual(res, 0)
def test_valid_signature_generated(self):
to_sign = b"this is some text.\nit is more than nothing.\n"
with gpg.core.Context() as ctx:
_, detached = crypto.detached_signature_for(
to_sign, [ctx.get_key(FPR)])
with tempfile.NamedTemporaryFile(delete=False) as f:
f.write(detached)
sig = f.name
self.addCleanup(os.unlink, f.name)
with tempfile.NamedTemporaryFile(delete=False) as f:
f.write(to_sign)
text = f.name
self.addCleanup(os.unlink, f.name)
res = subprocess.check_call(['gpg2', '--verify', sig, text],
stdout=DEVNULL,
stderr=DEVNULL)
self.assertEqual(res, 0)
def construct_mail(self):
"""
compiles the information contained in this envelope into a
:class:`email.Message`.
"""
# Build body text part. To properly sign/encrypt messages later on, we
# convert the text to its canonical format (as per RFC 2015).
canonical_format = self.body.encode("utf-8")
canonical_format = canonical_format.replace("\\t", " " * 4)
textpart = MIMEText(canonical_format, "plain", "utf-8")
# wrap it in a multipart container if necessary
if self.attachments:
inner_msg = MIMEMultipart()
inner_msg.attach(textpart)
# add attachments
for a in self.attachments:
inner_msg.attach(a.get_mime_representation())
else:
inner_msg = textpart
if self.sign:
plaintext = crypto.email_as_string(inner_msg)
logging.debug("signing plaintext: " + plaintext)
try:
signatures, signature_str = crypto.detached_signature_for(plaintext, self.sign_key)
if len(signatures) != 1:
raise GPGProblem(("Could not sign message " "(GPGME did not return a signature)"))
except gpgme.GpgmeError as e:
if e.code == gpgme.ERR_BAD_PASSPHRASE:
# If GPG_AGENT_INFO is unset or empty, the user just does
# not have gpg-agent running (properly).
if os.environ.get("GPG_AGENT_INFO", "").strip() == "":
raise GPGProblem(("Bad passphrase and " "GPG_AGENT_INFO not set. Please setup " "gpg-agent."))
else:
raise GPGProblem(("Bad passphrase. Is " "gpg-agent running?"))
raise GPGProblem(str(e))
micalg = crypto.RFC3156_micalg_from_algo(signatures[0].hash_algo)
outer_msg = MIMEMultipart("signed", micalg=micalg, protocol="application/pgp-signature")
# wrap signature in MIMEcontainter
signature_mime = MIMEApplication(
_data=signature_str, _subtype='pgp-signature; name="signature.asc"', _encoder=encode_7or8bit
)
signature_mime["Content-Description"] = "signature"
signature_mime.set_charset("us-ascii")
# add signed message and signature to outer message
outer_msg.attach(inner_msg)
outer_msg.attach(signature_mime)
outer_msg["Content-Disposition"] = "inline"
else:
outer_msg = inner_msg
headers = self.headers.copy()
# add Message-ID
if "Message-ID" not in headers:
headers["Message-ID"] = [email.Utils.make_msgid()]
if "User-Agent" in headers:
uastring_format = headers["User-Agent"][0]
else:
uastring_format = settings.get("user_agent").strip()
uastring = uastring_format.format(version=__version__)
if uastring:
headers["User-Agent"] = [uastring]
# copy headers from envelope to mail
for k, vlist in headers.items():
for v in vlist:
outer_msg[k] = encode_header(k, v)
return outer_msg
def construct_mail(self):
"""
compiles the information contained in this envelope into a
:class:`email.Message`.
"""
# Build body text part. To properly sign/encrypt messages later on, we
# convert the text to its canonical format (as per RFC 2015).
canonical_format = self.body.encode('utf-8')
canonical_format = canonical_format.replace('\\t', ' ' * 4)
textpart = MIMEText(canonical_format, 'plain', 'utf-8')
# wrap it in a multipart container if necessary
if self.attachments:
inner_msg = MIMEMultipart()
inner_msg.attach(textpart)
# add attachments
for a in self.attachments:
inner_msg.attach(a.get_mime_representation())
else:
inner_msg = textpart
if self.sign:
plaintext = crypto.email_as_string(inner_msg)
logging.debug('signing plaintext: ' + plaintext)
try:
signatures, signature_str = crypto.detached_signature_for(
plaintext, self.sign_key)
if len(signatures) != 1:
raise GPGProblem(("Could not sign message "
"(GPGME did not return a signature)"))
except gpgme.GpgmeError as e:
if e.code == gpgme.ERR_BAD_PASSPHRASE:
# If GPG_AGENT_INFO is unset or empty, the user just does
# not have gpg-agent running (properly).
if os.environ.get('GPG_AGENT_INFO', '').strip() == '':
msg = "Got invalid passphrase and GPG_AGENT_INFO\
not set. Please set up gpg-agent."
raise GPGProblem(msg)
else:
raise GPGProblem(("Bad passphrase. Is "
"gpg-agent running?"))
raise GPGProblem(str(e))
micalg = crypto.RFC3156_micalg_from_algo(signatures[0].hash_algo)
unencrypted_msg = MIMEMultipart('signed', micalg=micalg,
protocol=
'application/pgp-signature')
# wrap signature in MIMEcontainter
stype = 'pgp-signature; name="signature.asc"'
signature_mime = MIMEApplication(_data=signature_str,
_subtype=stype,
_encoder=encode_7or8bit)
signature_mime['Content-Description'] = 'signature'
signature_mime.set_charset('us-ascii')
# add signed message and signature to outer message
unencrypted_msg.attach(inner_msg)
unencrypted_msg.attach(signature_mime)
unencrypted_msg['Content-Disposition'] = 'inline'
else:
unencrypted_msg = inner_msg
if self.encrypt:
plaintext = crypto.email_as_string(unencrypted_msg)
logging.debug('encrypting plaintext: ' + plaintext)
try:
encrypted_str = crypto.encrypt(plaintext,
self.encrypt_keys.values())
except gpgme.GpgmeError as e:
raise GPGProblem(str(e))
outer_msg = MIMEMultipart('encrypted',
protocol='application/pgp-encrypted')
version_str = 'Version: 1'
encryption_mime = MIMEApplication(_data=version_str,
_subtype='pgp-encrypted',
_encoder=encode_7or8bit)
encryption_mime.set_charset('us-ascii')
encrypted_mime = MIMEApplication(_data=encrypted_str,
_subtype='octet-stream',
_encoder=encode_7or8bit)
encrypted_mime.set_charset('us-ascii')
outer_msg.attach(encryption_mime)
outer_msg.attach(encrypted_mime)
else:
outer_msg = unencrypted_msg
headers = self.headers.copy()
# add Message-ID
if 'Message-ID' not in headers:
headers['Message-ID'] = [email.Utils.make_msgid()]
if 'User-Agent' in headers:
uastring_format = headers['User-Agent'][0]
else:
uastring_format = settings.get('user_agent').strip()
uastring = uastring_format.format(version=__version__)
if uastring:
headers['User-Agent'] = [uastring]
# copy headers from envelope to mail
for k, vlist in headers.items():
for v in vlist:
outer_msg[k] = encode_header(k, v)
return outer_msg
def construct_mail(self):
"""
compiles the information contained in this envelope into a
:class:`email.Message`.
"""
# Build body text part. To properly sign/encrypt messages later on, we
# convert the text to its canonical format (as per RFC 2015).
canonical_format = self.body.encode('utf-8')
canonical_format = canonical_format.replace('\\t', ' ' * 4)
textpart = MIMEText(canonical_format, 'plain', 'utf-8')
# wrap it in a multipart container if necessary
if self.attachments:
inner_msg = MIMEMultipart()
inner_msg.attach(textpart)
# add attachments
for a in self.attachments:
inner_msg.attach(a.get_mime_representation())
else:
inner_msg = textpart
if self.sign:
plaintext = helper.email_as_string(inner_msg)
logging.debug('signing plaintext: ' + plaintext)
try:
signatures, signature_str = crypto.detached_signature_for(
plaintext, self.sign_key)
if len(signatures) != 1:
raise GPGProblem("Could not sign message (GPGME "
"did not return a signature)",
code=GPGCode.KEY_CANNOT_SIGN)
except gpgme.GpgmeError as e:
if e.code == gpgme.ERR_BAD_PASSPHRASE:
# If GPG_AGENT_INFO is unset or empty, the user just does
# not have gpg-agent running (properly).
if os.environ.get('GPG_AGENT_INFO', '').strip() == '':
msg = "Got invalid passphrase and GPG_AGENT_INFO\
not set. Please set up gpg-agent."
raise GPGProblem(msg, code=GPGCode.BAD_PASSPHRASE)
else:
raise GPGProblem("Bad passphrase. Is gpg-agent "
"running?",
code=GPGCode.BAD_PASSPHRASE)
raise GPGProblem(str(e), code=GPGCode.KEY_CANNOT_SIGN)
micalg = crypto.RFC3156_micalg_from_algo(signatures[0].hash_algo)
unencrypted_msg = MIMEMultipart('signed', micalg=micalg,
protocol='application/pgp-signature')
# wrap signature in MIMEcontainter
stype = 'pgp-signature; name="signature.asc"'
signature_mime = MIMEApplication(_data=signature_str,
_subtype=stype,
_encoder=encode_7or8bit)
signature_mime['Content-Description'] = 'signature'
signature_mime.set_charset('us-ascii')
# add signed message and signature to outer message
unencrypted_msg.attach(inner_msg)
unencrypted_msg.attach(signature_mime)
unencrypted_msg['Content-Disposition'] = 'inline'
else:
unencrypted_msg = inner_msg
if self.encrypt:
plaintext = helper.email_as_string(unencrypted_msg)
logging.debug('encrypting plaintext: ' + plaintext)
try:
encrypted_str = crypto.encrypt(plaintext,
self.encrypt_keys.values())
except gpgme.GpgmeError as e:
raise GPGProblem(str(e), code=GPGCode.KEY_CANNOT_ENCRYPT)
outer_msg = MIMEMultipart('encrypted',
protocol='application/pgp-encrypted')
version_str = 'Version: 1'
encryption_mime = MIMEApplication(_data=version_str,
_subtype='pgp-encrypted',
_encoder=encode_7or8bit)
encryption_mime.set_charset('us-ascii')
encrypted_mime = MIMEApplication(_data=encrypted_str,
_subtype='octet-stream',
_encoder=encode_7or8bit)
encrypted_mime.set_charset('us-ascii')
outer_msg.attach(encryption_mime)
outer_msg.attach(encrypted_mime)
else:
outer_msg = unencrypted_msg
headers = self.headers.copy()
# add Message-ID
if 'Message-ID' not in headers:
headers['Message-ID'] = [email.Utils.make_msgid()]
if 'User-Agent' in headers:
uastring_format = headers['User-Agent'][0]
else:
uastring_format = settings.get('user_agent').strip()
uastring = uastring_format.format(version=__version__)
if uastring:
headers['User-Agent'] = [uastring]
# copy headers from envelope to mail
for k, vlist in headers.items():
for v in vlist:
outer_msg[k] = encode_header(k, v)
return outer_msg
