def get_id_mails(server, identity, opts, gpg, isopen, debug=None, keep=False):
from kryptomime.pgp import GPGMIME
idemail = opts['email']
if not gpg: crypto, skey = None, None
else:
if not 'key' in opts: skey = None
else: skey = get_full_key(GPGMIME(gpg), opts, identity)
crypto = GPGMIME(gpg, default_key=skey)
if debug:
#try:
imap = server.get_imap(idemail, keep=keep, readonly=keep)
if imap is None:
#except:
#print 'mailbox for %s not found' % idemail
return isopen
else:
imap = server
if not isopen:
assert imap.open(), 'imap open failed'
#print 'imap opened'
isopen = True
folder = opts.get('imapfolder')
if folder:
try:
imap.set_folder(folder)
except:
#print 'folder %s for %s not found' % (folder,idemail)
return isopen
#print len(imap),'mails for',idemail,id
for msg, flags in imap:
newmsg = decode_mail(msg, idemail, crypto, gpg, skey)
newmsg.identity = identity
if newmsg: newmsg.save()
return isopen
def test_bad_passphrase(self,bilateral):
# bad sender passphrase, cannot sign
id1 = GPGMIME(bilateral['gpg1'],default_key=(sender,'wrong'))
assert id1.sign(msg)[0] is None
assert id1.encrypt(msg,sign=True)[0] is None
# bad receiver passphrase, cannot decrypt
enc = bilateral['id2'].encrypt(msgrev)[0]
assert enc and id1.decrypt(enc)[0] is None
def test_bad_passphrase(self, bilateral):
# bad sender passphrase, cannot sign
id1 = GPGMIME(bilateral['gpg1'], default_key=(sender, 'wrong'))
assert id1.sign(msg)[0] is None
assert id1.encrypt(msg, sign=True)[0] is None
# bad receiver passphrase, cannot decrypt
enc = bilateral['id2'].encrypt(msgrev)[0]
assert enc and id1.decrypt(enc)[0] is None
def test_no_defkey(self, bilateral):
# missing defkey, cannot sign
id1 = GPGMIME(bilateral['gpg1'])
assert id1.sign(msg)[0] is None
assert id1.encrypt(msg, sign=True)[0] is None
# no receiver key, cannot decrypt
enc = bilateral['id2'].encrypt(msgrev)[0]
assert enc
mail, valid, result = id1.decrypt(enc)
assert mail is None and not valid and not result['signed']
def test_no_defkey(self,bilateral):
# missing defkey, cannot sign
id1 = GPGMIME(bilateral['gpg1'])
assert id1.sign(msg)[0] is None
assert id1.encrypt(msg,sign=True)[0] is None
# no receiver key, cannot decrypt
enc = bilateral['id2'].encrypt(msgrev)[0]
assert enc
mail, valid, result = id1.decrypt(enc)
assert mail is None and not valid and not result['signed']
def unilateral(request,keys):
keyring = tmpfname()
gpg = gnupg.GPG(keyring=keyring,secring=keys['secrings'][0],use_agent=False)
gpg.import_keys(keys['pubkey1'])
gpg.import_keys(keys['pubkey2']) # sender knows receiver pubkey
id = GPGMIME(gpg,default_key=(sender,passphrase))
sgn = id.sign(msg)[0]
enc = id.encrypt(msg,toself=False,sign=False)[0]
def fin():
import os
os.unlink(keyring)
request.addfinalizer(fin)
return {'id':id,'sgn':sgn,'enc':enc}
def send_mails(joint=True, connections=None, debug=None, debug_gpg=None):
from kryptomime.pgp import GPGMIME
from ekklesia.mail import smtp_init
from six import iteritems
configs = get_all_configs('smtp', joint)
indep_crypto = getattr(settings, 'EMAIL_INDEP_CRYPT', False)
ids = getattr(settings, 'EMAIL_IDS', None)
if indep_crypto: crypto = None
else:
if debug_gpg: gpg = debug_gpg
else: gpg = gnupg_init()
crypto = GPGMIME(gpg)
for k, v in iteritems(configs):
if joint: config, confids = k, v
else: config, confids = v, [k]
if debug: smtp = debug
elif connections is None:
smtp = smtp_init(config._asdict())
else:
smtp = connections.get(config)
if not smtp:
smtp = smtp = smtp_init(config._asdict())
connections[config] = smtp
isopen = False
for identity in confids:
isopen = send_id_mails(smtp, identity, ids[identity], crypto,
isopen)
if isopen and connections is None:
smtp.close()
def unilateral(request, keys):
keyring = tmpfname()
gpg = gnupg.GPG(keyring=keyring,
secring=keys['secrings'][0],
use_agent=False)
gpg.import_keys(keys['pubkey1'])
gpg.import_keys(keys['pubkey2']) # sender knows receiver pubkey
id = GPGMIME(gpg, default_key=(sender, passphrase))
sgn = id.sign(msg)[0]
enc = id.encrypt(msg, toself=False, sign=False)[0]
def fin():
import os
os.unlink(keyring)
request.addfinalizer(fin)
return {'id': id, 'sgn': sgn, 'enc': enc}
def gpg_init(config, verbose=False):
from kryptomime.pgp import GPGMIME
import gnupg
tmp = gpg_defaults.copy()
tmp.update(config)
config = GPGConfig(**tmp)
gpg = gnupg.GPG(binary=config.binary,homedir=config.home,
keyring=config.keyring,secring=config.secring,verbose=verbose)
return gpg, GPGMIME(gpg=gpg,default_key=(config.sender,config.passphrase))
def trilateral(request,keys):
import gnupg
from kryptomime.pgp import GPGMIME
from ekklesia.data import tmpfname
keyrings = [tmpfname() for i in range(3)]
gpg1 = gnupg.GPG(keyring=keyrings[0],secring=keys['secrings'][0])
gpg2 = gnupg.GPG(keyring=keyrings[1],secring=keys['secrings'][1])
gpg3 = gnupg.GPG(keyring=keyrings[2],secring=keys['secrings'][2])
for gpg in (gpg1,gpg2,gpg3):
for i in range(1,3): gpg.import_keys(keys['pubkey%i'%i])
id1 = GPGMIME(gpg1,default_key=(sender,passphrase))
id2 = GPGMIME(gpg2,default_key=receiver)
id3 = GPGMIME(gpg3,default_key=third)
def fin():
import os
for tmp in keyrings: os.unlink(tmp)
request.addfinalizer(fin)
return {'id1':id1,'id2':id2,'id3':id3,'gpg1':gpg1,'gpg2':gpg2,'gpg2':gpg3}
def bilateral(request,keys):
import gnupg
from kryptomime.pgp import GPGMIME
from ekklesia.data import tmpfname
keyrings = [tmpfname() for i in range(2)]
gpg1 = gnupg.GPG(keyring=keyrings[0],secring=keys['secrings'][0])
gpg2 = gnupg.GPG(keyring=keyrings[1],secring=keys['secrings'][1])
gpg1.import_keys(keys['pubkey1'])
gpg1.import_keys(keys['pubkey2']) # sender knows receiver pubkey
gpg2.import_keys(keys['pubkey1'])
gpg2.import_keys(keys['pubkey2'])
id1 = GPGMIME(gpg1,default_key=(sender,passphrase))
id2 = GPGMIME(gpg2,default_key=receiver)
def fin():
import os
for tmp in keyrings: os.unlink(tmp)
request.addfinalizer(fin)
return {'id1':id1,'id2':id2,'gpg1':gpg1,'gpg2':gpg2}
def api_crypto(api):
from idapi.mails import gnupg_import_init
from kryptomime.pgp import GPGMIME
gpg = gnupg_import_init(verbose=False)
sender = settings.API_GNUPG_KEY
receiver = settings.API_BACKEND_KEYS.get(api, False)
crypto = GPGMIME(gpg, default_key=sender)
decrypt = sender if sender else False
encrypt = [receiver] if receiver else False
return crypto, receiver, decrypt, bool(sender), encrypt
def test_bad_defkey(self, bilateral):
# bad sender passphrase, cannot sign
id1 = GPGMIME(bilateral['gpg1'], default_key=receiver)
with raises(KeyMissingError):
id1.sign(msgrev)
with raises(KeyMissingError):
id1.encrypt(msgrev, sign=True)
# bad receiver key, cannot decrypt
enc = bilateral['id2'].encrypt(msgrev, toself=False)[0]
assert enc and id1.decrypt(enc)[0] is None
def test_bad_defkey(self,bilateral):
# bad sender passphrase, cannot sign
id1 = GPGMIME(bilateral['gpg1'],default_key=receiver)
with raises(KeyMissingError): id1.sign(msgrev)
with raises(KeyMissingError): id1.encrypt(msgrev,sign=True)
# bad receiver key, cannot decrypt
enc = bilateral['id2'].encrypt(msgrev,toself=False)[0]
assert enc and id1.decrypt(enc)[0] is None
def gpgthird(keys):
from kryptomime.pgp import GPGMIME
return GPGMIME(keys['gpg3'],default_key=third)
def gpgreceiver(keys):
from kryptomime.pgp import GPGMIME
return GPGMIME(keys['gpg2'],default_key=receiver)
def gpgsender(keys):
from kryptomime.pgp import GPGMIME
return GPGMIME(keys['gpg1'],default_key=(sender,passphrase))
def gpgsender(keys):
return GPGMIME(keys['gpg1'], default_key=(sender, passphrase))
def gpgreceiver(keys):
return GPGMIME(keys['gpg2'], default_key=receiver)