def test_encrypt_with_multiple_recipients(self): # create two keypairs pub1, priv1 = utils.keygen(self.name, self.email, self.passphrase) pub2, priv2 = utils.keygen(self.name, self.email, self.passphrase) # encrypt file for both encrypted = utils.encrypt(self.file, [pub1, pub2]) # check keypair one can decrypt decrypted = utils.decrypt(encrypted, priv1, pub1, self.passphrase) self.assertEquals(decrypted, self.message) # check keypair two can decrypt decrypted = utils.decrypt(encrypted, priv2, pub2, self.passphrase) self.assertEquals(decrypted, self.message)
def export_key(self): self.require_verification() form = Form(self.request, schema=forms.PassphraseSchema) if 'form.submitted' in self.request.POST and form.validate(): with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.username==self.username).first() key = session.query(Key).filter(Key.user_id==user.id, Key.name==self.key).first() pub = base64.b64decode(key.public_key) priv = base64.b64decode(key.private_key) priv = utils.decrypt(priv, pub, pub, form.data['passphrase']) filename = user.username + '.keypair.asc' content_type, encoding = mimetypes.guess_type(filename) logger.info('priv: %s', priv) with utils.tmpdir() as tmpd: tmp = os.path.join(tmpd, filename) with open(tmp, 'wb') as tmpf: tmpf.write('\n\n'.join((pub, priv))) tmpf.flush() response = FileResponse( tmp, request=self.request ) return response return dict( form=FormRenderer(form), username=self.username, key=self.key )
def test_keygen_creates_valid_priv(self): pub, priv = utils.keygen(self.name, self.email, self.passphrase) priv = base64.b64decode(priv) pub = base64.b64decode(pub) self.assertTrue(priv.startswith('-----BEGIN PGP MESSAGE-----')) self.assertTrue(priv.endswith('-----END PGP MESSAGE-----\n')) priv = utils.decrypt(priv, pub, pub, passphrase=self.passphrase) self.assertTrue(priv.startswith('-----BEGIN PGP PRIVATE KEY BLOCK-----')) self.assertTrue(priv.endswith('-----END PGP PRIVATE KEY BLOCK-----\n'))
def share_file(self): if 'form.submitted' in self.request.POST and form.validate(): passphrase = form.data['passphrase'] query_file = os.path.join(self.storage_dir, self.username, self.filename) share_user = self.request.params['share_user'] with utils.db_session(self.dbmaker) as session: owner = session.query(User).filter(User.username==self.username).one() f = session.query(File).filter(File.name==self.filename).one() u = session.query(User).filter(User.username==share_user).first() if u is None: del f.shared_users[:] else: for key in u.keys: f.keys.append(key) session.add(f) owner_pubs = [k.public_key for k in owner.keys] owner_privs = [k.private_key for k in owner.keys] recipients = owner_pubs + [k.public_key for k in f.keys] with open(query_file, 'rb') as o: data = o.read() decrypted = utils.decrypt(data, owner_privs, owner_pubs, passwd) with tempfile.NamedTemporaryFile() as tmp: tmp.write(decrypted) tmp.flush() tmp.seek(0) encrypted = utils.encrypt(tmp, recipients) tmp = tempfile.NamedTemporaryFile(dir=self.storage_dir, delete=False) tmp.write(encrypted) os.rename(tmp.name, query_file) self.request.session.flash( u'successfully shared file: %s with user %s' % (self.filename, share_user) ) return HTTPFound(location=self.request.route_url('view_files')) with utils.db_session(self.dbmaker) as session: sharable_users = session.query(User).filter(User.sharable==True) sharable_users = sharable_users.filter(User.username!=self.username).all() sharable_users = [u.username for u in sharable_users] return dict( username=self.username, filename=self.filename, sharable_users=sharable_users )
def export_key(self): self.require_verification() if "form.submitted" in self.request.POST and form.validate(): with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.username == self.username).first() key = session.query(Key).filter(Key.user_id == user.id, Key.name == self.key).first() pub = base64.b64decode(key.public_key) priv = base64.b64decode(key.private_key) priv = utils.decrypt(priv, pub, pub, form.data["passphrase"]) filename = user.username + ".keypair.asc" content_type, encoding = mimetypes.guess_type(filename) logger.info("priv: %s", priv) with utils.tmpdir() as tmpd: tmp = os.path.join(tmpd, filename) with open(tmp, "wb") as tmpf: tmpf.write("\n\n".join((pub, priv))) tmpf.flush() response = FileResponse(tmp, request=self.request) return response return dict(username=self.username, key=self.key)
def view_file(self): if 'form.submitted' in self.request.POST and form.validate(): with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.username==self.username).first() f = session.query(File).filter(File.name==self.filename).first() proper_key = [k for k in f.keys if k.user.username == user.username] logger.info('owner: %s files: %s keys: %s', f.owner, user.files, f.keys) if f.owner != user.username and len(proper_key) == 0: self.request.session.flash(u'File not shared with you. are you a bad actor?') return HTTPFound(location=self.request.route_url('home')) privs = [] pubs = [] for k in proper_key: privs.append(k.private_key) pubs.append(k.public_key) query_file = os.path.join(self.storage_dir, f.owner.username, self.filename) if not os.path.isfile(query_file): return HTTPNotFound("file %s is not a thinger" % (self.filename, )) content_type, encoding = mimetypes.guess_type(query_file) with open(query_file, 'rb') as o: encrypted = o.read() decrypted = utils.decrypt(encrypted, privs, pubs, form.data['passphrase']) with utils.tmpdir() as tmpd: tmp = os.path.join(tmpd, self.filename) with open(tmp, 'wb') as tmpf: tmpf.write(decrypted) tmpf.flush() response = FileResponse( tmp, request=self.request, content_type=content_type, content_encoding=encoding ) return response return dict( username=self.username, filename=self.filename )
def test_decrypt_creates_valid_msg(self): pub, priv = utils.keygen(self.name, self.email, self.passphrase) encrypted = utils.encrypt(self.file, pub) decrypted = utils.decrypt(encrypted, priv, pub, self.passphrase) self.assertEquals(decrypted, self.message)