def encrypt(self, message_body, encrypt_session_func=None): if _Debug: lg.args(_DebugLevel, encrypt_session_func=encrypt_session_func, recipient=self.recipient) new_sessionkey = key.NewSessionKey(session_key_type=key.SessionKeyType()) if not encrypt_session_func: if my_keys.is_key_registered(self.recipient): if _Debug: lg.dbg(_DebugLevel, 'with registered key %r' % self.recipient) encrypt_session_func = lambda inp: my_keys.encrypt(self.recipient, inp) if not encrypt_session_func: glob_id = global_id.NormalizeGlobalID(self.recipient) if glob_id['key_alias'] == 'master': if glob_id['idurl'] == my_id.getIDURL(): lg.warn('making encrypted message addressed to me ?') encrypt_session_func = lambda inp: my_keys.encrypt('master', inp) else: remote_identity = identitycache.FromCache(glob_id['idurl']) if not remote_identity: raise Exception('remote identity is not cached yet, not able to encrypt the message') if _Debug: lg.dbg(_DebugLevel, 'with remote identity public key %r' % glob_id['idurl']) encrypt_session_func = remote_identity.encrypt else: own_key = global_id.MakeGlobalID(idurl=my_id.getIDURL(), key_alias=glob_id['key_alias']) if my_keys.is_key_registered(own_key): if _Debug: lg.dbg(_DebugLevel, 'with registered key (found by alias) %r' % own_key) encrypt_session_func = lambda inp: my_keys.encrypt(own_key, inp) if not encrypt_session_func: raise Exception('can not find key for given recipient') self.encrypted_session = encrypt_session_func(new_sessionkey) self.encrypted_body = key.EncryptWithSessionKey(new_sessionkey, message_body, session_key_type=key.SessionKeyType()) return self.encrypted_session, self.encrypted_body
def encrypt(self, message_body, encrypt_session_func=None): new_sessionkey = key.NewSessionKey() if not encrypt_session_func: if my_keys.is_key_registered(self.recipient): if _Debug: lg.out(_DebugLevel, 'message.PrivateMessage.encrypt with "%s" key' % self.recipient) encrypt_session_func = lambda inp: my_keys.encrypt(self.recipient, inp) if not encrypt_session_func: glob_id = global_id.ParseGlobalID(self.recipient) if glob_id['key_alias'] == 'master': if glob_id['idurl'] == my_id.getLocalID(): lg.warn('making private message addressed to me ???') if _Debug: lg.out(_DebugLevel, 'message.PrivateMessage.encrypt with "master" key') encrypt_session_func = lambda inp: my_keys.encrypt('master', inp) else: remote_identity = identitycache.FromCache(glob_id['idurl']) if not remote_identity: raise Exception('remote identity is not cached yet, not able to encrypt the message') if _Debug: lg.out(_DebugLevel, 'message.PrivateMessage.encrypt with remote identity public key') encrypt_session_func = remote_identity.encrypt else: own_key = global_id.MakeGlobalID(idurl=my_id.getLocalID(), key_alias=glob_id['key_alias']) if my_keys.is_key_registered(own_key): if _Debug: lg.out(_DebugLevel, 'message.PrivateMessage.encrypt with "%s" key' % own_key) encrypt_session_func = lambda inp: my_keys.encrypt(own_key, inp) if not encrypt_session_func: raise Exception('can not find key for given recipient') self.encrypted_session = encrypt_session_func(new_sessionkey) self.encrypted_body = key.EncryptWithSessionKey(new_sessionkey, message_body) return self.encrypted_session, self.encrypted_body
def __init__( self, CreatorID=None, BackupID='', BlockNumber=0, SessionKey='', SessionKeyType=None, LastBlock=True, Data=b'', EncryptKey=None, DecryptKey=None, EncryptedSessionKey=None, EncryptedData=None, Length=None, Signature=None, ): self.CreatorID = CreatorID if not self.CreatorID: self.CreatorID = my_id.getLocalID() if not isinstance(self.CreatorID, id_url.ID_URL_FIELD): self.CreatorID = id_url.field(self.CreatorID) self.BackupID = strng.to_text(BackupID) self.BlockNumber = BlockNumber self.LastBlock = bool(LastBlock) self.SessionKeyType = SessionKeyType or key.SessionKeyType() if EncryptedSessionKey: # this block to be decrypted after receiving self.EncryptedSessionKey = EncryptedSessionKey else: # this block to be encrypted before sending if callable(EncryptKey): self.EncryptedSessionKey = EncryptKey(SessionKey) elif strng.is_text(EncryptKey): self.EncryptedSessionKey = my_keys.encrypt( EncryptKey, SessionKey) elif strng.is_bin(EncryptKey): self.EncryptedSessionKey = my_keys.encrypt( strng.to_text(EncryptKey), SessionKey) else: self.EncryptedSessionKey = key.EncryptLocalPublicKey( SessionKey) if EncryptedData and Length is not None: self.Length = Length self.EncryptedData = EncryptedData else: self.Length = len(Data) self.EncryptedData = key.EncryptWithSessionKey( SessionKey, Data, session_key_type=self.SessionKeyType) if Signature: self.Signature = Signature else: self.Signature = None self.Sign(signing_key=EncryptKey) self.DecryptKey = DecryptKey if _Debug: lg.out(_DebugLevel, 'new data in %s' % self)
def __init__( self, CreatorID=None, BackupID='', BlockNumber=0, SessionKey='', SessionKeyType=None, LastBlock=True, Data='', EncryptKey=None, DecryptKey=None, ): self.CreatorID = CreatorID if not self.CreatorID: self.CreatorID = my_id.getLocalID() self.BackupID = str(BackupID) self.BlockNumber = BlockNumber if callable(EncryptKey): self.EncryptedSessionKey = EncryptKey(SessionKey) elif isinstance(EncryptKey, basestring): self.EncryptedSessionKey = my_keys.encrypt(EncryptKey, SessionKey) else: self.EncryptedSessionKey = key.EncryptLocalPublicKey(SessionKey) self.SessionKeyType = SessionKeyType if not self.SessionKeyType: self.SessionKeyType = key.SessionKeyType() self.Length = len(Data) self.LastBlock = bool(LastBlock) self.EncryptedData = key.EncryptWithSessionKey(SessionKey, Data) # DataLonger self.Signature = None self.Sign() self.DecryptKey = DecryptKey if _Debug: lg.out(_DebugLevel, 'new data in %s' % self)
def audit_private_key(key_id, untrusted_idurl, timeout=10): """ Be sure remote user posses given private key. I need to posses the public key to be able to audit. I will generate a random string, encrypt it with given key public key and send encrypted string to him. He will decrypt and send me back original string. Returns Deferred object. """ if _Debug: lg.out(_DebugLevel, 'key_ring.audit_private_key testing %s from %s' % (key_id, untrusted_idurl)) result = Deferred() recipient_id_obj = identitycache.FromCache(untrusted_idurl) if not recipient_id_obj: lg.warn('not found "%s" in identity cache' % untrusted_idurl) result.errback(Exception('not found "%s" in identity cache' % untrusted_idurl)) return result key_alias, creator_idurl = my_keys.split_key_id(key_id) if not key_alias or not creator_idurl: lg.warn('wrong key_id') result.errback(Exception('wrong key_id')) return result private_test_sample = key.NewSessionKey() if untrusted_idurl == creator_idurl and key_alias == 'master': lg.warn('doing audit of master key (private part) of remote user') private_test_encrypted_sample = recipient_id_obj.encrypt(private_test_sample) else: if not my_keys.is_key_registered(key_id): lg.warn('unknown key: "%s"' % key_id) result.errback(Exception('unknown key: "%s"' % key_id)) return result private_test_encrypted_sample = my_keys.encrypt(key_id, private_test_sample) json_payload = { 'key_id': key_id, 'audit': { 'public_sample': '', 'private_sample': base64.b64encode(private_test_encrypted_sample), } } raw_payload = serialization.DictToBytes(json_payload, values_to_text=True) block = encrypted.Block( BackupID=key_id, Data=raw_payload, SessionKey=key.NewSessionKey(), # encrypt data using public key of recipient EncryptKey=lambda inp: recipient_id_obj.encrypt(inp), ) encrypted_payload = block.Serialize() p2p_service.SendAuditKey( remote_idurl=recipient_id_obj.getIDURL(), encrypted_payload=encrypted_payload, packet_id=key_id, timeout=timeout, callbacks={ commands.Ack(): lambda response, info: _on_audit_private_key_response(response, info, key_id, untrusted_idurl, private_test_sample, result), commands.Fail(): lambda response, info: result.errback(Exception(response)), None: lambda pkt_out: result.errback(Exception('timeout')), # timeout }, ) return result
def _on_audit_public_key_response(response, info, key_id, untrusted_idurl, test_sample, result): try: response_sample = base64.b64decode(response.Payload) except: lg.exc() result.callback(False) return False key_alias, creator_idurl = my_keys.split_key_id(key_id) if creator_idurl == untrusted_idurl and key_alias == 'master': recipient_id_obj = identitycache.FromCache(creator_idurl) if not recipient_id_obj: lg.warn('not found "%s" in identity cache' % creator_idurl) result.errback(Exception('not found "%s" in identity cache' % creator_idurl)) return result orig_sample = recipient_id_obj.encrypt(test_sample) else: orig_sample = my_keys.encrypt(key_id, test_sample) if response_sample == orig_sample: if _Debug: lg.out(_DebugLevel, 'key_ring._on_audit_public_key_response : %s on %s' % (key_id, untrusted_idurl, )) lg.out(_DebugLevel, ' is OK !!!!!!!!!!!!!!!!!!!!!!!!!') result.callback(True) return True lg.warn('key %s on %s is not OK' % (key_id, untrusted_idurl, )) result.callback(False) return False
def on_audit_key_received(newpacket, info, status, error_message): """ Callback will be executed when remote user would like to check if I poses given key locally. """ block = encrypted.Unserialize(newpacket.Payload) if block is None: lg.out( 2, 'key_ring.on_audit_key_received ERROR reading data from %s' % newpacket.RemoteID) return False try: raw_payload = block.Data() json_payload = serialization.BytesToDict(raw_payload, keys_to_text=True, values_to_text=True) key_id = json_payload['key_id'] json_payload['audit'] public_sample = base64.b64decode( json_payload['audit']['public_sample']) private_sample = base64.b64decode( json_payload['audit']['private_sample']) except Exception as exc: lg.exc() p2p_service.SendFail(newpacket, str(exc)) return False if not my_keys.is_valid_key_id(key_id): p2p_service.SendFail(newpacket, 'invalid key id') return False if not my_keys.is_key_registered(key_id, include_master=True): p2p_service.SendFail(newpacket, 'key not registered') return False if public_sample: response_payload = base64.b64encode( my_keys.encrypt(key_id, public_sample)) p2p_service.SendAck(newpacket, response_payload) if _Debug: lg.info('remote user %s requested audit of public key %s' % (newpacket.OwnerID, key_id)) return True if private_sample: if not my_keys.is_key_private(key_id): p2p_service.SendFail(newpacket, 'private key not registered') return False response_payload = base64.b64encode( my_keys.decrypt(key_id, private_sample)) p2p_service.SendAck(newpacket, response_payload) if _Debug: lg.info('remote user %s requested audit of private key %s' % (newpacket.OwnerID, key_id)) return True p2p_service.SendFail(newpacket, 'wrong audit request') return False
def __init__( self, CreatorID=None, BackupID='', BlockNumber=0, SessionKey='', SessionKeyType=None, LastBlock=True, Data='', EncryptKey=None, DecryptKey=None, EncryptedSessionKey=None, EncryptedData=None, Length=None, Signature=None, ): self.CreatorID = CreatorID if not self.CreatorID: self.CreatorID = my_id.getLocalID() self.CreatorID = strng.to_bin(self.CreatorID) self.BackupID = strng.to_text(BackupID) self.BlockNumber = BlockNumber self.LastBlock = bool(LastBlock) self.SessionKeyType = SessionKeyType or key.SessionKeyType() if EncryptedSessionKey: self.EncryptedSessionKey = EncryptedSessionKey else: if callable(EncryptKey): self.EncryptedSessionKey = EncryptKey(SessionKey) elif isinstance(EncryptKey, six.string_types): self.EncryptedSessionKey = my_keys.encrypt( EncryptKey, SessionKey) else: self.EncryptedSessionKey = key.EncryptLocalPublicKey( SessionKey) if EncryptedData and Length: self.Length = Length self.EncryptedData = EncryptedData else: self.Length = len(Data) self.EncryptedData = key.EncryptWithSessionKey(SessionKey, Data) if Signature: self.Signature = Signature else: self.Signature = None self.Sign() self.DecryptKey = DecryptKey if _Debug: lg.out(_DebugLevel, 'new data in %s' % self)