def decrypt(self, decrypt_session_func=None): if not decrypt_session_func: if my_keys.is_key_registered(self.recipient): if _Debug: lg.out( _DebugLevel, 'message.PrivateMessage.decrypt with "%s" key' % self.recipient) decrypt_session_func = lambda inp: my_keys.decrypt( self.recipient, inp) if not decrypt_session_func: glob_id = global_id.ParseGlobalID(self.recipient) if glob_id['idurl'] == my_id.getLocalID(): if glob_id['key_alias'] == 'master': if _Debug: lg.out( _DebugLevel, 'message.PrivateMessage.decrypt with "master" key') decrypt_session_func = lambda inp: my_keys.decrypt( 'master', inp) if not decrypt_session_func: raise Exception('can not find key for given recipient: %s' % self.recipient) decrypted_sessionkey = decrypt_session_func(self.encrypted_session) return key.DecryptWithSessionKey(decrypted_sessionkey, self.encrypted_body)
def decrypt(self, decrypt_session_func=None): if _Debug: lg.args(_DebugLevel, decrypt_session_func=decrypt_session_func, recipient=self.recipient) if not decrypt_session_func: if my_keys.is_key_registered(self.recipient): if _Debug: lg.dbg(_DebugLevel, 'decrypt with registered key %r' % self.recipient) decrypt_session_func = lambda inp: my_keys.decrypt( self.recipient, inp) if not decrypt_session_func: glob_id = global_id.ParseGlobalID(self.recipient) if glob_id['idurl'] == my_id.getIDURL(): if glob_id['key_alias'] == 'master': if _Debug: lg.dbg( _DebugLevel, 'decrypt with my master key %r' % self.recipient) decrypt_session_func = lambda inp: my_keys.decrypt( 'master', inp) if not decrypt_session_func: raise Exception('can not find key for given recipient: %s' % self.recipient) decrypted_sessionkey = decrypt_session_func(self.encrypted_session) return key.DecryptWithSessionKey(decrypted_sessionkey, self.encrypted_body, session_key_type=key.SessionKeyType())
def SessionKey(self): """ Return original SessionKey from ``EncryptedSessionKey`` using one of the methods depend on the type of ``DecryptKey`` parameter passed in the __init__() + ``crypt.key.DecryptLocalPrivateKey()`` if DecryptKey is None + ``my_keys.decrypt()`` if DecryptKey is a string with key_id + ``DecryptKey()`` if this is a callback method """ if callable(self.DecryptKey): return self.DecryptKey(self.EncryptedSessionKey) elif strng.is_text(self.DecryptKey): return my_keys.decrypt(self.DecryptKey, self.EncryptedSessionKey) elif strng.is_bin(self.DecryptKey): return my_keys.decrypt(strng.to_text(self.DecryptKey), self.EncryptedSessionKey) return key.DecryptLocalPrivateKey(self.EncryptedSessionKey)
def SessionKey(self): """ Return original SessionKey from ``EncryptedSessionKey`` using ``crypt.key.DecryptLocalPrivateKey()`` method. """ if callable(self.DecryptKey): return self.DecryptKey(self.EncryptedSessionKey) elif isinstance(self.DecryptKey, basestring): return my_keys.decrypt(self.DecryptKey, self.EncryptedSessionKey) return key.DecryptLocalPrivateKey(self.EncryptedSessionKey)
def on_audit_key_received(newpacket, info, status, error_message): """ Callback will be executed when remote user would like to check if I poses given key locally. """ block = encrypted.Unserialize(newpacket.Payload) if block is None: lg.out( 2, 'key_ring.on_audit_key_received ERROR reading data from %s' % newpacket.RemoteID) return False try: raw_payload = block.Data() json_payload = serialization.BytesToDict(raw_payload, keys_to_text=True, values_to_text=True) key_id = json_payload['key_id'] json_payload['audit'] public_sample = base64.b64decode( json_payload['audit']['public_sample']) private_sample = base64.b64decode( json_payload['audit']['private_sample']) except Exception as exc: lg.exc() p2p_service.SendFail(newpacket, str(exc)) return False if not my_keys.is_valid_key_id(key_id): p2p_service.SendFail(newpacket, 'invalid key id') return False if not my_keys.is_key_registered(key_id, include_master=True): p2p_service.SendFail(newpacket, 'key not registered') return False if public_sample: response_payload = base64.b64encode( my_keys.encrypt(key_id, public_sample)) p2p_service.SendAck(newpacket, response_payload) if _Debug: lg.info('remote user %s requested audit of public key %s' % (newpacket.OwnerID, key_id)) return True if private_sample: if not my_keys.is_key_private(key_id): p2p_service.SendFail(newpacket, 'private key not registered') return False response_payload = base64.b64encode( my_keys.decrypt(key_id, private_sample)) p2p_service.SendAck(newpacket, response_payload) if _Debug: lg.info('remote user %s requested audit of private key %s' % (newpacket.OwnerID, key_id)) return True p2p_service.SendFail(newpacket, 'wrong audit request') return False
def decrypt(self, inp, private_key=None): """ Decrypt `inp` data with private key provided (callable, key_id or openssh format), or by using locally stored "master" key. """ if private_key is None: return key.DecryptLocalPrivateKey(inp) if callable(private_key): return private_key(inp) from crypt import my_keys if my_keys.is_valid_key_id(private_key): return my_keys.decrypt(private_key, inp) return key.DecryptOpenSSHPrivateKey(private_key, inp)