def decrypt(self, decrypt_session_func=None):
if not decrypt_session_func:
if my_keys.is_key_registered(self.recipient):
if _Debug:
lg.out(
_DebugLevel,
'message.PrivateMessage.decrypt with "%s" key' %
self.recipient)
decrypt_session_func = lambda inp: my_keys.decrypt(
self.recipient, inp)
if not decrypt_session_func:
glob_id = global_id.ParseGlobalID(self.recipient)
if glob_id['idurl'] == my_id.getLocalID():
if glob_id['key_alias'] == 'master':
if _Debug:
lg.out(
_DebugLevel,
'message.PrivateMessage.decrypt with "master" key')
decrypt_session_func = lambda inp: my_keys.decrypt(
'master', inp)
if not decrypt_session_func:
raise Exception('can not find key for given recipient: %s' %
self.recipient)
decrypted_sessionkey = decrypt_session_func(self.encrypted_session)
return key.DecryptWithSessionKey(decrypted_sessionkey,
self.encrypted_body)
def decrypt(self, decrypt_session_func=None):
if _Debug:
lg.args(_DebugLevel,
decrypt_session_func=decrypt_session_func,
recipient=self.recipient)
if not decrypt_session_func:
if my_keys.is_key_registered(self.recipient):
if _Debug:
lg.dbg(_DebugLevel,
'decrypt with registered key %r' % self.recipient)
decrypt_session_func = lambda inp: my_keys.decrypt(
self.recipient, inp)
if not decrypt_session_func:
glob_id = global_id.ParseGlobalID(self.recipient)
if glob_id['idurl'] == my_id.getIDURL():
if glob_id['key_alias'] == 'master':
if _Debug:
lg.dbg(
_DebugLevel,
'decrypt with my master key %r' % self.recipient)
decrypt_session_func = lambda inp: my_keys.decrypt(
'master', inp)
if not decrypt_session_func:
raise Exception('can not find key for given recipient: %s' %
self.recipient)
decrypted_sessionkey = decrypt_session_func(self.encrypted_session)
return key.DecryptWithSessionKey(decrypted_sessionkey,
self.encrypted_body,
session_key_type=key.SessionKeyType())
def SessionKey(self):
"""
Return original SessionKey from ``EncryptedSessionKey`` using one of the methods
depend on the type of ``DecryptKey`` parameter passed in the __init__()
+ ``crypt.key.DecryptLocalPrivateKey()`` if DecryptKey is None
+ ``my_keys.decrypt()`` if DecryptKey is a string with key_id
+ ``DecryptKey()`` if this is a callback method
"""
if callable(self.DecryptKey):
return self.DecryptKey(self.EncryptedSessionKey)
elif strng.is_text(self.DecryptKey):
return my_keys.decrypt(self.DecryptKey, self.EncryptedSessionKey)
elif strng.is_bin(self.DecryptKey):
return my_keys.decrypt(strng.to_text(self.DecryptKey),
self.EncryptedSessionKey)
return key.DecryptLocalPrivateKey(self.EncryptedSessionKey)
def SessionKey(self):
"""
Return original SessionKey from ``EncryptedSessionKey`` using
``crypt.key.DecryptLocalPrivateKey()`` method.
"""
if callable(self.DecryptKey):
return self.DecryptKey(self.EncryptedSessionKey)
elif isinstance(self.DecryptKey, basestring):
return my_keys.decrypt(self.DecryptKey, self.EncryptedSessionKey)
return key.DecryptLocalPrivateKey(self.EncryptedSessionKey)
def on_audit_key_received(newpacket, info, status, error_message):
"""
Callback will be executed when remote user would like to check if I poses given key locally.
"""
block = encrypted.Unserialize(newpacket.Payload)
if block is None:
lg.out(
2, 'key_ring.on_audit_key_received ERROR reading data from %s' %
newpacket.RemoteID)
return False
try:
raw_payload = block.Data()
json_payload = serialization.BytesToDict(raw_payload,
keys_to_text=True,
values_to_text=True)
key_id = json_payload['key_id']
json_payload['audit']
public_sample = base64.b64decode(
json_payload['audit']['public_sample'])
private_sample = base64.b64decode(
json_payload['audit']['private_sample'])
except Exception as exc:
lg.exc()
p2p_service.SendFail(newpacket, str(exc))
return False
if not my_keys.is_valid_key_id(key_id):
p2p_service.SendFail(newpacket, 'invalid key id')
return False
if not my_keys.is_key_registered(key_id, include_master=True):
p2p_service.SendFail(newpacket, 'key not registered')
return False
if public_sample:
response_payload = base64.b64encode(
my_keys.encrypt(key_id, public_sample))
p2p_service.SendAck(newpacket, response_payload)
if _Debug:
lg.info('remote user %s requested audit of public key %s' %
(newpacket.OwnerID, key_id))
return True
if private_sample:
if not my_keys.is_key_private(key_id):
p2p_service.SendFail(newpacket, 'private key not registered')
return False
response_payload = base64.b64encode(
my_keys.decrypt(key_id, private_sample))
p2p_service.SendAck(newpacket, response_payload)
if _Debug:
lg.info('remote user %s requested audit of private key %s' %
(newpacket.OwnerID, key_id))
return True
p2p_service.SendFail(newpacket, 'wrong audit request')
return False
def decrypt(self, inp, private_key=None):
"""
Decrypt `inp` data with private key provided (callable, key_id or openssh format),
or by using locally stored "master" key.
"""
if private_key is None:
return key.DecryptLocalPrivateKey(inp)
if callable(private_key):
return private_key(inp)
from crypt import my_keys
if my_keys.is_valid_key_id(private_key):
return my_keys.decrypt(private_key, inp)
return key.DecryptOpenSSHPrivateKey(private_key, inp)
