def encrypt(plaintext, fingerprints, output=None):
# Verify the output path
if output:
store.verify(output)
if not isinstance(fingerprints, (list, tuple)):
fingerprints = [
fingerprints,
]
# Remove any spaces from provided fingerprints GPG outputs fingerprints
# with spaces for readability, but requires the spaces to be removed when
# using fingerprints to specify recipients.
fingerprints = [fpr.replace(' ', '') for fpr in fingerprints]
if not _is_stream(plaintext):
plaintext = _make_binary_stream(plaintext, "utf_8")
out = gpg.encrypt(plaintext,
*fingerprints,
output=output,
always_trust=True,
armor=False)
if out.ok:
return out.data
else:
raise CryptoException(out.stderr)
def test_signature_verification_clearsign(self):
"""Test verfication of an embedded signature."""
key = self.generate_key("Johan Borst", "rijnda.el")
message = "You're *still* using AES? Really?"
sig = self.gpg.sign(message, default_key=key.fingerprint,
passphrase='johanborst')
self.assertTrue(sig, "Good passphrase should succeed")
try:
file = _util._make_binary_stream(sig.data, self.gpg._encoding)
verified = self.gpg.verify_file(file)
except UnicodeDecodeError: #happens in Python 2.6
verified = self.gpg.verify_file(io.BytesIO(sig.data))
if key.fingerprint != verified.fingerprint:
log.warn("key fingerprint: %r", key.fingerprint)
log.warn("verified fingerprint: %r", verified.fingerprint)
self.assertEqual(key.fingerprint, verified.fingerprint)
def test_signature_verification_clearsign(self):
"""Test verfication of an embedded signature."""
key = self.generate_key("Johan Borst", "rijnda.el")
message = "You're *still* using AES? Really?"
sig = self.gpg.sign(message,
default_key=key.fingerprint,
passphrase='johanborst')
self.assertTrue(sig, "Good passphrase should succeed")
try:
file = _util._make_binary_stream(sig.data, self.gpg._encoding)
verified = self.gpg.verify_file(file)
except UnicodeDecodeError: #happens in Python 2.6
verified = self.gpg.verify_file(io.BytesIO(sig.data))
if key.fingerprint != verified.fingerprint:
log.warn("key fingerprint: %r", key.fingerprint)
log.warn("verified fingerprint: %r", verified.fingerprint)
self.assertEqual(key.fingerprint, verified.fingerprint)
def verify(self, data, pubkey, detached_sig=None):
"""
Verify signed C{data} with C{pubkey}, eventually using
C{detached_sig}.
:param data: The data to be verified.
:type data: str
:param pubkey: The public key to be used on verification.
:type pubkey: OpenPGPKey
:param detached_sig: A detached signature. If given, C{data} is
verified against this detached signature.
:type detached_sig: str
:return: The ascii-armored signed data.
:rtype: str
"""
leap_assert_type(pubkey, OpenPGPKey)
leap_assert(pubkey.private is False)
with self._temporary_gpgwrapper(pubkey) as gpg:
result = None
if detached_sig is None:
result = gpg.verify(data)
else:
# to verify using a detached sig we have to use
# gpg.verify_file(), which receives the data as a binary
# stream and the name of a file containing the signature.
sf, sfname = tempfile.mkstemp()
with os.fdopen(sf, 'w') as sfd:
sfd.write(detached_sig)
with closing(_make_binary_stream(data, gpg._encoding)) as df:
result = gpg.verify_file(df, sig_file=sfname)
gpgpubkey = gpg.list_keys().pop()
valid = result.valid
rfprint = result.fingerprint
kfprint = gpgpubkey['fingerprint']
# raise in case sig is invalid
if valid is False or rfprint != kfprint:
raise errors.InvalidSignature(
'Failed to verify signature '
'with key %s.' % gpgpubkey['keyid'])
return True
def encrypt(plaintext, fingerprints, output=None):
# Verify the output path
if output:
store.verify(output)
if not isinstance(fingerprints, (list, tuple)):
fingerprints = [fingerprints, ]
# Remove any spaces from provided fingerprints GPG outputs fingerprints
# with spaces for readability, but requires the spaces to be removed when
# using fingerprints to specify recipients.
fingerprints = [fpr.replace(' ', '') for fpr in fingerprints]
if not _is_stream(plaintext):
plaintext = _make_binary_stream(plaintext, "utf_8")
out = gpg.encrypt(plaintext,
*fingerprints,
output=output,
always_trust=True,
armor=False)
if out.ok:
return out.data
else:
raise CryptoException(out.stderr)