def test_encrypt_string(self): """Test encrypting a string""" results = [] for _, identity in self.identities.iddb.items(): results.append(crypto.pk_encrypt_string(self.plaintext, identity['certs'][0]['cert_bytes'])) self.assertTrue(results[0] != results[1]) # Encrypt/Decrypt strings for all test identities and make sure we get back what we put in for _, identity in self.identities.iddb.items(): (ciphertext, derived_key) = crypto.pk_encrypt_string( self.plaintext, identity['certs'][0]['cert_bytes']) plaintext = crypto.pk_decrypt_string( ciphertext, derived_key, identity, None) self.assertEqual(self.plaintext, plaintext)
def _add_recipient( self, recipient, secret=None, distributor=None, identitydb=None, encryption_algorithm='rsautl', passphrase=None, card_slot=None, ): """Add recipient or sharer to list""" ####################################################################### try: encrypted_secrets = {} for cert in identitydb.iddb[recipient]['certs']: if encryption_algorithm == 'rsautl': if 'key_path' in identitydb.iddb[recipient].keys(): (encrypted_secret, encrypted_derived_key) = crypto.pk_encrypt_string( secret, identitydb.iddb[recipient]) else: (encrypted_secret, encrypted_derived_key) = crypto.pk_encrypt_string( secret, cert['cert_bytes']) encrypted_secrets[cert['fingerprint']] = { 'encrypted_secret': encrypted_secret, 'derived_key': encrypted_derived_key, 'recipient_hash': cert['subjecthash'], } try: distributor_hash = crypto.get_card_subjecthash() except X509CertificateError: distributor_hash = identitydb.iddb[distributor]['certs'][0]['subjecthash'] recipient_entry = { 'encrypted_secrets': encrypted_secrets, 'encryption_algorithm': encryption_algorithm, 'timestamp': time(), 'distributor': distributor, 'distributor_hash': distributor_hash, } message = self._create_signable_string(recipient_entry) recipient_entry['signature'] = crypto.pk_sign_string( message, identitydb.iddb[distributor], passphrase, card_slot ) return recipient_entry except KeyError: raise NotARecipientError( "Identity '%s' is not on the recipient list for password '%s'" % (recipient, self.metadata['name']))
def _add_recipient( self, recipient, secret=None, distributor=None, session=None, encryption_algorithm="rsautl", passphrase=None, card_slot=None, ): #################################################################### """Add recipient or sharer to list""" #################################################################### try: encrypted_secrets = {} identity = ( session.query(Recipient).filter(Recipient.name == recipient).first() ) for cert in ( session.query(Cert).filter(Cert.recipients.contains(identity)).all() ): if encryption_algorithm == "rsautl": (encrypted_secret, encrypted_derived_key) = pk_encrypt_string( secret, cert.cert_bytes ) encrypted_secrets[cert.fingerprint] = { "encrypted_secret": encrypted_secret, "derived_key": encrypted_derived_key, "recipient_hash": cert.subjecthash, } distributor = ( session.query(Recipient).filter(Recipient.name == distributor).first() ) try: distributor_hash = get_card_subjecthash() except X509CertificateError: distributor_hash = ( session.query(Cert) .filter(Cert.recipients.contains(distributor)) .first() .subjecthash ) recipient_entry = { "encrypted_secrets": encrypted_secrets, "encryption_algorithm": encryption_algorithm, "timestamp": time(), "distributor": distributor.name, "distributor_hash": distributor_hash, } message = self._create_signable_string(recipient_entry) recipient_entry["signature"] = pk_sign_string( message, dict(distributor), passphrase, card_slot ) return recipient_entry except KeyError as err: raise NotARecipientError( f"Identity '{recipient}' is not on the recipient list for password '{self.metadata['name']}'" ) from err
def test_encrypt_string(self): """Test encrypting a string""" results = [] for identity in self.session.query(Recipient).all(): cert = (self.session.query(Cert).filter( Cert.recipients.contains(identity)).first()) results.append(pk_encrypt_string(self.plaintext, cert.cert_bytes)) self.assertTrue(results[0] != results[1]) # Encrypt/Decrypt strings for all test identities and make sure we get back what we put in for identity in self.session.query(Recipient).all(): cert = (self.session.query(Cert).filter( Cert.recipients.contains(identity)).first()) (ciphertext, derived_key) = pk_encrypt_string(self.plaintext, cert.cert_bytes) plaintext = pk_decrypt_string(ciphertext, derived_key, dict(identity), None) self.assertEqual(self.plaintext, plaintext)
def _add_recipient(self, recipient, secret=None, distributor=None, identitydb=None, encryption_algorithm='rsautl', passphrase=None, card_slot=None): """Add recipient or sharer to list""" ####################################################################### try: if encryption_algorithm == 'rsautl': (encrypted_secret, encrypted_derived_key) = crypto.pk_encrypt_string( secret, identitydb.iddb[recipient]) recipient_entry = { 'encrypted_secret': encrypted_secret, 'derived_key': encrypted_derived_key, 'distributor': distributor, 'distributor_hash': identitydb.iddb[distributor]['subjecthash'], 'recipient_hash': identitydb.iddb[recipient]['subjecthash'], # 'distributor_fingerprint': crypto.get_cert_fingerprint( identitydb.iddb[distributor] ), # 'recipient_fingerprint': crypto.get_cert_fingerprint( identitydb.iddb[recipient] ), 'encryption_algorithm': encryption_algorithm, 'timestamp': time.time() } message = self._create_signable_string(recipient_entry) recipient_entry['signature'] = crypto.pk_sign_string( message, identitydb.iddb[distributor], passphrase, card_slot) return recipient_entry except KeyError: raise NotARecipientError( "Identity '%s' is not on the recipient list for password '%s'" % (recipient, self.metadata['name']))