def test_rsa_en_decrypt(self):
msg = "really secret message"
private_key, public_key = RSAEncryption.generate_keys()
encrypted = RSAEncryption.encrypt(msg, public_key)
decrypted = RSAEncryption.decrypt(encrypted, private_key)
self.assertEqual(decrypted, msg)
def test_rsa_en_decrypt_real_world(self):
msg = "fdslkjsad320234rnjdlsfjsda£$£$$%////"
private_key, public_key = RSAEncryption.generate_keys()
encrypted = RSAEncryption.encrypt(msg, public_key)
decrypted = RSAEncryption.decrypt(encrypted, private_key)
self.assertEqual(decrypted, msg)
def test_rsa_en_decrypt_random(self):
msg = os.urandom(180)
private_key, public_key = RSAEncryption.generate_keys()
encrypted = RSAEncryption.encrypt(msg, public_key)
decrypted = RSAEncryption.decrypt(encrypted, private_key,
OutputType.BYTES)
self.assertEqual(decrypted, msg)
def test_user_encryption_keys_basic_working(self):
user = StaticTestMethods.generate_test_user()
keys = StaticTestMethods.generate_user_encryption_keys(user)
message = "hello there"
encrypted = RSAEncryption.encrypt(message, keys.public_key)
decrypted = RSAEncryption.decrypt(encrypted, keys.private_key)
self.assertEqual(message, decrypted)
def test_user_encryption_keys_from_database_working(self):
user = StaticTestMethods.generate_test_user()
StaticTestMethods.generate_user_encryption_keys(user)
keys = UserEncryptionKeys.objects.get(user=user)
message = "hello there"
encrypted = RSAEncryption.encrypt(message, keys.public_key)
decrypted = RSAEncryption.decrypt(encrypted, keys.private_key)
self.assertEqual(message, decrypted)
def generate_keys(self) -> None:
from apps.api.models.rlc_encryption_keys import RlcEncryptionKeys
from apps.api.models.users_rlc_keys import UsersRlcKeys
# safety return
if RlcEncryptionKeys.objects.filter(rlc__pk=self.pk).exists():
return
# generate some keys
aes_key = AESEncryption.generate_secure_key()
private, public = RSAEncryption.generate_keys()
# create encryption key for rlc
rlc_encryption_keys = RlcEncryptionKeys(rlc=self,
encrypted_private_key=private,
public_key=public)
rlc_encryption_keys.encrypt(aes_key)
rlc_encryption_keys.save()
# create encryption keys for users to be able to decrypt rlc private key with users private key
# the aes key is encrypted with the users public key, but only the user's private key can decrypt
# the encrypted aes key
for user in self.rlc_members.all():
UsersRlcKeys.objects.filter(user=user, rlc=self).delete()
user_rlc_keys = UsersRlcKeys(user=user,
rlc=self,
encrypted_key=aes_key)
user_rlc_keys.encrypt(user.get_public_key())
user_rlc_keys.save()
def generate_user_encryption_keys(user):
private, public = RSAEncryption.generate_keys()
keys = UserEncryptionKeys(user=user,
private_key=private,
public_key=public)
keys.save()
return keys
def generate_new_user_encryption_keys(self):
from apps.api.models.user_encryption_keys import UserEncryptionKeys
UserEncryptionKeys.objects.filter(user=self).delete()
private, public = RSAEncryption.generate_keys()
user_keys = UserEncryptionKeys(user=self, private_key=private, public_key=public)
user_keys.save()
def update(self, request, *args, **kwargs):
instance = self.get_object()
data = {
**request.data, 'processed_by': request.user.id,
'processed_on': timezone.now()
}
serializer = self.get_serializer(instance, data=data, partial=True)
serializer.is_valid(raise_exception=True)
if serializer.validated_data['state'] == "gr":
private_key_user = request.user.get_private_key(request=request)
try:
record_key = instance.record.get_aes_key(
user=request.user, private_key_user=private_key_user)
except ObjectDoesNotExist:
raise PermissionDenied(
'You have no access to this record. Therefore you can not allow access to this record.'
)
public_key_user = instance.requested_by.get_public_key()
encrypted_record_key = RSAEncryption.encrypt(
record_key, public_key_user)
data = {
'user': instance.requested_by,
'record': instance.record,
'key': encrypted_record_key,
}
if not RecordEncryptionNew.objects.filter(
user=data['user'], record=data['record']).exists():
RecordEncryptionNew.objects.create(**data)
elif serializer.validated_data['state'] == "de":
pass
serializer.save()
return Response(serializer.data)
def decrypt(self, private_key_rlc: str = None) -> None:
key = RSAEncryption.decrypt(self.encrypted_client_key, private_key_rlc)
super().decrypt(key)
def encrypt(self, public_key_rlc: bytes) -> None:
key = AESEncryption.generate_secure_key()
self.encrypted_client_key = RSAEncryption.encrypt(key, public_key_rlc)
super().encrypt(key)
def test_generate_10_keys_hazmat():
for i in range(10):
RSAEncryption.generate_keys()