def isKeyImported(self, id_):
"""
Checks if a public or private key is imported into the local keyring.
@param id_ str: An 8 or 16 character hex string
"""
return id_ + ":" in OS.runCMD("gpg --list-secret-keys --with-colons").stdout or \
id_ + ":" in OS.runCMD("gpg --list-public-keys --with-colons").stdout
def hasRule(cls, port, policy, proto="tcp", source="0/0", dest="0/0", states=[]):
if not isinstance(port, list):
port = list(port)
policy = policy.upper()
assert policy in ["ACCEPT", "DROP"]
proto = proto.lower()
if not isinstance(proto, list):
proto = list(proto)
states = [state.upper() for state in states]
if not isinstance(states, list):
states = list(states)
if source == ["anywhere"]:
source = ["0/0"]
if dest == ["anywhere"]:
dest = ["0/0"]
if proto != ["all"]:
proto = [proto, "all"]
for line in OS.runCMD("sudo iptables -L").stdout:
line = line.split()
if line[0] == policy and line[1] in proto and line[3] ==
sshFinder = lambda x: x[0] == "ACCEPT" and x[1] in ["tcp", "all"] and x[3] == "anywhere" and x[4] == "anywhere" and "dpt:ssh" in x[5:]
def encrypt(self, inputFilePath, keyID):
"""
Encrypts a file.
Note that the necessary keys must already be imported, signed, and trusted in the local keyring
in order for encryption to work.
@param inputFilePath str: File to encrypt. Will not be modified.
@param keyID str: An 8 or 16 character hex string
@return str: Path of the encrypted file
"""
inputFilePath = str(inputFilePath)
outputFilePath = inputFilePath + ".pgp"
if os.path.exists(outputFilePath):
os.remove(outputFilePath)
OS.runCMD("gpg --batch -r %s --output %s --encrypt %s", (keyID, outputFilePath, inputFilePath))
return outputFilePath
def decrypt(self, inputFilePath, password=None):
"""
Decrypts a file.
Note that the necessary keys must already be imported, signed, and trusted in the local keyring
in order for decryption to work.
@param inputFilePath str: File to decrypt. Must have .pgp extension. Will not be modified.
@param password str: Password of private key in keyring, or None if no password.
@return str: Path of the decrypted file
"""
inputFilePath = str(inputFilePath)
assert inputFilePath.endswith(".pgp")
outputFilePath = os.path.splitext(inputFilePath)[0]
if os.path.exists(outputFilePath):
os.remove(outputFilePath)
if password != None:
OS.runCMD("gpg --batch --passphrase %s --output %s --decrypt %s", (password, outputFilePath, inputFilePath))
else:
OS.runCMD("gpg --batch --output %s --decrypt %s", (outputFilePath, inputFilePath))
return outputFilePath
def getKeyID(self, filename):
"""
Gets first key ID of the key in filename.
@return str: 8 character hex string
"""
filename = str(filename)
id_ = None
for line in OS.runCMD("gpg --with-colons %s", filename).stdout.split("\n"):
line = line.split(":")
if line[0] == "pub":
if id_ != None:
raise Exception("More than 1 key found in " + filename)
id_ = line[4][8:]
return id_
def importPublicKey(self, keyFile):
keyFile = str(keyFile)
OS.runCMD("gpg --batch --import %s", keyFile)
def markKeyTrusted(self, id_):
"""
LIMITATION: Owner trust of key can't be set non-interactively for it due to limitations in the gnupg interface
"""
OS.runCMD("gpg --edit-key %s trust quit", id_)
def signKey(self, id_):
"""
LIMITATION: If key is already signed, gnupg prints out key information to terminal even if stdout is connected to pipe
"""
OS.runCMD("gpg --batch --lsign-key %s", id_)
def importPrivateKey(self, keyFile):
keyFile = str(keyFile)
OS.runCMD("gpg --batch --allow-secret-key-import --import %s", keyFile)
