def audit_private_key(key_id, untrusted_idurl, timeout=10): """ Be sure remote user posses given private key. I need to posses the public key to be able to audit. I will generate a random string, encrypt it with given key public key and send encrypted string to him. He will decrypt and send me back original string. Returns Deferred object. """ if _Debug: lg.out(_DebugLevel, 'key_ring.audit_private_key testing %s from %s' % (key_id, untrusted_idurl)) result = Deferred() recipient_id_obj = identitycache.FromCache(untrusted_idurl) if not recipient_id_obj: lg.warn('not found "%s" in identity cache' % untrusted_idurl) result.errback(Exception('not found "%s" in identity cache' % untrusted_idurl)) return result key_alias, creator_idurl = my_keys.split_key_id(key_id) if not key_alias or not creator_idurl: lg.warn('wrong key_id') result.errback(Exception('wrong key_id')) return result private_test_sample = key.NewSessionKey() if untrusted_idurl == creator_idurl and key_alias == 'master': lg.warn('doing audit of master key (private part) of remote user') private_test_encrypted_sample = recipient_id_obj.encrypt(private_test_sample) else: if not my_keys.is_key_registered(key_id): lg.warn('unknown key: "%s"' % key_id) result.errback(Exception('unknown key: "%s"' % key_id)) return result private_test_encrypted_sample = my_keys.encrypt(key_id, private_test_sample) json_payload = { 'key_id': key_id, 'audit': { 'public_sample': '', 'private_sample': base64.b64encode(private_test_encrypted_sample), } } raw_payload = serialization.DictToBytes(json_payload, values_to_text=True) block = encrypted.Block( BackupID=key_id, Data=raw_payload, SessionKey=key.NewSessionKey(), # encrypt data using public key of recipient EncryptKey=lambda inp: recipient_id_obj.encrypt(inp), ) encrypted_payload = block.Serialize() p2p_service.SendAuditKey( remote_idurl=recipient_id_obj.getIDURL(), encrypted_payload=encrypted_payload, packet_id=key_id, timeout=timeout, callbacks={ commands.Ack(): lambda response, info: _on_audit_private_key_response(response, info, key_id, untrusted_idurl, private_test_sample, result), commands.Fail(): lambda response, info: result.errback(Exception(response)), None: lambda pkt_out: result.errback(Exception('timeout')), # timeout }, ) return result
def audit_public_key(key_id, untrusted_idurl, timeout=10): """ Be sure remote user posses given public key. I also need to posses that public key in order to do such audit. I will send him a random string, he needs to encrypt it and send me back. I can compare his encrypted output with mine. Returns Deferred object. """ if _Debug: lg.out( _DebugLevel, 'key_ring.audit_public_key testing %s from %s' % (key_id, untrusted_idurl)) result = Deferred() recipient_id_obj = identitycache.FromCache(untrusted_idurl) if not recipient_id_obj: lg.warn('not found "%s" in identity cache' % untrusted_idurl) result.errback( Exception('not found "%s" in identity cache' % untrusted_idurl)) return result key_alias, creator_idurl = my_keys.split_key_id(key_id) if not key_alias or not creator_idurl: lg.warn('wrong key_id') result.errback(Exception('wrong key_id')) return result if untrusted_idurl == creator_idurl and key_alias == 'master': lg.warn('doing audit of master key (public part) of remote user') else: if not my_keys.is_key_registered(key_id): lg.warn('unknown key: "%s"' % key_id) result.errback(Exception('unknown key: "%s"' % key_id)) return result public_test_sample = key.NewSessionKey() json_payload = { 'key_id': key_id, 'audit': { 'public_sample': base64.b64encode(public_test_sample), 'private_sample': '', } } raw_payload = json.dumps(json_payload) block = encrypted.Block( BackupID=key_id, Data=raw_payload, SessionKey=key.NewSessionKey(), # encrypt data using public key of recipient EncryptKey=lambda inp: recipient_id_obj.encrypt(inp), ) encrypted_payload = block.Serialize() p2p_service.SendAuditKey( remote_idurl=recipient_id_obj.getIDURL(), encrypted_payload=encrypted_payload, packet_id=key_id, timeout=timeout, callbacks={ commands.Ack(): lambda response, info: _on_audit_public_key_response( response, info, key_id, untrusted_idurl, public_test_sample, result), commands.Fail(): lambda response, info: result.errback(Exception(response)), None: lambda pkt_out: result.errback(Exception('timeout')), # timeout }, ) return result