def encrypt_handler(infile=None,
outfile=None,
recipient=None,
self=None,
basedir=None):
# provides a high level function to do encryption of files
# infile specifies the filename of the input file,
# if '-' or not specified it uses stdin
# outfile specifies the filename of the output file, if not specified
# it uses the same filename with '.pbp' appended
# recipient specifies the name of the recipient for using public key crypto
# self specifies the sender for signing the message using pk crypto
# basedir provides a root for the keystores needed for pk crypto
# if both self and recipient is specified pk crypto is used, otherwise symmetric
# this function also handles buffering.
fd = inputfd(infile)
outfd = outputfd(outfile or
(infile + '.pbp' if infile not in [None, '-'] else '-'))
if recipient and self:
# let's do public key encryption
key = nacl.randombytes(nacl.crypto_secretbox_KEYBYTES)
me = publickey.Identity(self, basedir=basedir)
size = struct.pack('>H', len(recipient))
# write out encrypted message key (nonce, c(key+recplen)) for each recipient
for r in recipient:
r = publickey.Identity(r, basedir=basedir, publicOnly=True)
nonce = nacl.randombytes(nacl.crypto_box_NONCEBYTES)
outfd.write(nonce)
outfd.write(nacl.crypto_box(key + size, nonce, r.cp, me.cs))
me.clear()
else:
# let's do symmetric crypto
key = getkey(nacl.crypto_secretbox_KEYBYTES)
buf = fd.read(BLOCK_SIZE)
if buf:
nonce, cipher = encrypt(buf, k=key)
outfd.write(nonce)
outfd.write(cipher)
buf = fd.read(BLOCK_SIZE)
while buf:
nonce = inc_nonce(nonce)
nonce, cipher = encrypt(buf, k=key, nonce=nonce)
outfd.write(cipher)
buf = fd.read(BLOCK_SIZE)
clearmem(key)
key = None
if fd != sys.stdin: fd.close()
if outfd != sys.stdout and isinstance(outfd, file): outfd.close()
def buffered_encrypt(self, infd,outfd):
self.load()
msg=infd.read(BLOCK_SIZE)
if msg:
cipher, nonce = self.send(msg)
outfd.write(nonce)
outfd.write(cipher)
msg=infd.read(BLOCK_SIZE)
while msg:
nonce = inc_nonce(nonce)
cipher, nonce = self.encrypt(msg, nonce)
outfd.write(cipher)
msg=infd.read(BLOCK_SIZE)
self.save()
self.clear()
def buffered_encrypt(self, infd, outfd):
self.load()
msg = infd.read(BLOCK_SIZE)
if msg:
cipher, nonce = self.send(msg)
outfd.write(nonce)
outfd.write(cipher)
msg = infd.read(BLOCK_SIZE)
while msg:
nonce = inc_nonce(nonce)
cipher, nonce = self.encrypt(msg, nonce)
outfd.write(cipher)
msg = infd.read(BLOCK_SIZE)
self.save()
self.clear()
def encrypt_handler(infile=None, outfile=None, recipient=None, self=None, basedir=None):
# provides a high level function to do encryption of files
# infile specifies the filename of the input file,
# if '-' or not specified it uses stdin
# outfile specifies the filename of the output file, if not specified
# it uses the same filename with '.pbp' appended
# recipient specifies the name of the recipient for using public key crypto
# self specifies the sender for signing the message using pk crypto
# basedir provides a root for the keystores needed for pk crypto
# if both self and recipient is specified pk crypto is used, otherwise symmetric
# this function also handles buffering.
fd = inputfd(infile)
outfd = outputfd(outfile or (infile+'.pbp' if infile not in [None,'-'] else '-'))
if recipient and self:
# let's do public key encryption
key = nacl.randombytes(nacl.crypto_secretbox_KEYBYTES)
me = publickey.Identity(self, basedir=basedir)
size = struct.pack('>H',len(recipient))
# write out encrypted message key (nonce, c(key+recplen)) for each recipient
for r in recipient:
r = publickey.Identity(r, basedir=basedir, publicOnly=True)
nonce = nacl.randombytes(nacl.crypto_box_NONCEBYTES)
outfd.write(nonce)
outfd.write(nacl.crypto_box(key+size, nonce, r.cp, me.cs))
me.clear()
else:
# let's do symmetric crypto
key = getkey(nacl.crypto_secretbox_KEYBYTES)
buf = fd.read(BLOCK_SIZE)
if buf:
nonce, cipher = encrypt(buf, k=key)
outfd.write(nonce)
outfd.write(cipher)
buf = fd.read(BLOCK_SIZE)
while buf:
nonce = inc_nonce(nonce)
nonce, cipher = encrypt(buf, k=key, nonce=nonce)
outfd.write(cipher)
buf = fd.read(BLOCK_SIZE)
clearmem(key)
key=None
if fd != sys.stdin: fd.close()
if outfd != sys.stdout and isinstance(outfd,file): outfd.close()
def buffered_decrypt(self, infd,outfd):
self.load()
blocklen=BLOCK_SIZE+(nacl.crypto_scalarmult_curve25519_BYTES*2)
if self.out_k == ('\0' * nacl.crypto_scalarmult_curve25519_BYTES):
nonce = infd.read(nacl.crypto_box_NONCEBYTES)
else:
nonce = infd.read(nacl.crypto_secretbox_NONCEBYTES)
ct = infd.read(blocklen+16)
msg = self.receive(ct,nonce)
while ct:
outfd.write(msg)
nonce = inc_nonce(nonce)
ct = infd.read(BLOCK_SIZE+16)
if ct:
msg = self.decrypt(ct,nonce)
self.save()
self.clear()
def buffered_decrypt(self, infd, outfd):
self.load()
blocklen = BLOCK_SIZE + (nacl.crypto_scalarmult_curve25519_BYTES * 2)
if self.out_k == ('\0' * nacl.crypto_scalarmult_curve25519_BYTES):
nonce = infd.read(nacl.crypto_box_NONCEBYTES)
else:
nonce = infd.read(nacl.crypto_secretbox_NONCEBYTES)
ct = infd.read(blocklen + 16)
msg = self.receive(ct, nonce)
while ct:
outfd.write(msg)
nonce = inc_nonce(nonce)
ct = infd.read(BLOCK_SIZE + 16)
if ct:
msg = self.decrypt(ct, nonce)
self.save()
self.clear()
def decrypt_handler(infile=None,
outfile=None,
self=None,
peer=None,
max_recipients=20,
basedir=None):
# provides a high level function to do decryption of files
# infile specifies the filename of the input file,
# if '-' or not specified it uses stdin
# outfile specifies the filename of the output file, if not specified
# it uses the same filename with '.pbp' appended
# self specifies the recipient of the message for using pk crypto
# basedir provides a root for the keystores needed for pk crypto
# if self is specified pk crypto is used, otherwise symmetric
# this function also handles buffering.
fd = inputfd(infile)
outfd = outputfd(outfile)
key = None
# asym
if self:
me = publickey.Identity(self, basedir=basedir)
if peer:
peer = publickey.Identity(peer, basedir=basedir, publicOnly=True)
sender = None
size = None
i = 0
while i < (max_recipients if not size else size):
i += 1
rnonce = fd.read(nacl.crypto_box_NONCEBYTES)
ct = fd.read(nacl.crypto_secretbox_KEYBYTES + 2 +
nacl.crypto_secretbox_MACBYTES)
if sender: continue
for keys in ([peer] if peer else publickey.get_public_keys(
basedir=basedir)):
try:
tmp = nacl.crypto_box_open(ct, rnonce, keys.cp, me.cs)
except ValueError:
continue
key = tmp[:nacl.crypto_secretbox_KEYBYTES]
size = struct.unpack('>H',
tmp[nacl.crypto_secretbox_KEYBYTES:])[0]
sender = keys.name
break
me.clear()
if not sender:
raise ValueError('decryption failed')
# sym
else:
pwd = getpass.getpass('Passphrase for decrypting: ')
key = scrypt.hash(pwd, scrypt_salt)[:nacl.crypto_secretbox_KEYBYTES]
sender = None
clearmem(pwd)
pwd = None
if key:
nonce = fd.read(nacl.crypto_secretbox_NONCEBYTES)
buf = fd.read(BLOCK_SIZE + nacl.crypto_secretbox_MACBYTES)
while buf:
outfd.write(decrypt((nonce, buf), k=key))
nonce = inc_nonce(nonce)
buf = fd.read(BLOCK_SIZE + nacl.crypto_secretbox_MACBYTES)
clearmem(key)
key = None
if fd != sys.stdin: fd.close()
if outfd != sys.stdout and type(outfd) == file: outfd.close()
return sender
def decrypt_handler(infile=None, outfile=None, self=None, peer=None, max_recipients = 20, basedir=None):
# provides a high level function to do decryption of files
# infile specifies the filename of the input file,
# if '-' or not specified it uses stdin
# outfile specifies the filename of the output file, if not specified
# it uses the same filename with '.pbp' appended
# self specifies the recipient of the message for using pk crypto
# basedir provides a root for the keystores needed for pk crypto
# if self is specified pk crypto is used, otherwise symmetric
# this function also handles buffering.
fd = inputfd(infile)
outfd = outputfd(outfile)
key = None
# asym
if self:
me = publickey.Identity(self, basedir=basedir)
if peer:
peer = publickey.Identity(peer, basedir=basedir, publicOnly=True)
sender = None
size = None
i=0
while i < (max_recipients if not size else size):
i+=1
rnonce = fd.read(nacl.crypto_box_NONCEBYTES)
ct = fd.read(nacl.crypto_secretbox_KEYBYTES+2+nacl.crypto_secretbox_MACBYTES)
if sender: continue
for keys in ([peer] if peer else publickey.get_public_keys(basedir=basedir)):
try:
tmp = nacl.crypto_box_open(ct, rnonce, keys.cp, me.cs)
except ValueError:
continue
key = tmp[:nacl.crypto_secretbox_KEYBYTES]
size = struct.unpack('>H',tmp[nacl.crypto_secretbox_KEYBYTES:])[0]
sender = keys.name
break
me.clear()
if not sender:
raise ValueError('decryption failed')
# sym
else:
pwd = getpass.getpass('Passphrase for decrypting: ')
key = scrypt.hash(pwd, scrypt_salt)[:nacl.crypto_secretbox_KEYBYTES]
sender = None
clearmem(pwd)
pwd=None
if key:
nonce = fd.read(nacl.crypto_secretbox_NONCEBYTES)
buf = fd.read(BLOCK_SIZE + nacl.crypto_secretbox_MACBYTES)
while buf:
outfd.write(decrypt((nonce, buf), k = key))
nonce = inc_nonce(nonce)
buf = fd.read(BLOCK_SIZE + nacl.crypto_secretbox_MACBYTES)
clearmem(key)
key = None
if fd != sys.stdin: fd.close()
if outfd != sys.stdout and type(outfd) == file: outfd.close()
return sender
