Exemplo n.º 1
0
def abe():
    uid = PGPUID.new('Abraham Lincoln',
                     comment='Honest Abe',
                     email='*****@*****.**')
    with open('tests/testdata/abe.jpg', 'rb') as abef:
        abebytes = bytearray(os.fstat(abef.fileno()).st_size)
        abef.readinto(abebytes)
    uphoto = PGPUID.new(abebytes)

    # Abe is pretty oldschool, so he uses a DSA primary key
    # normally he uses an ElGamal subkey for encryption, but PGPy doesn't support that yet, so he's settled for RSA for now
    key = PGPKey.new(PubKeyAlgorithm.DSA, 1024)
    subkey = PGPKey.new(PubKeyAlgorithm.RSAEncryptOrSign, 1024)

    key.add_uid(uid,
                usage={KeyFlags.Certify, KeyFlags.Sign},
                hashes=[HashAlgorithm.SHA224, HashAlgorithm.SHA1],
                ciphers=[
                    SymmetricKeyAlgorithm.AES128,
                    SymmetricKeyAlgorithm.Camellia128,
                    SymmetricKeyAlgorithm.CAST5
                ],
                compression=[CompressionAlgorithm.ZLIB])
    key.add_uid(uphoto)
    key.add_subkey(
        subkey,
        usage={KeyFlags.EncryptCommunications, KeyFlags.EncryptStorage})
    return key
Exemplo n.º 2
0
    def _verify_and_import_uid_packet(self, primary_key: PGPKey,
                                      uid_packet: bytes,
                                      expected_hash: str) -> None:
        actual_serialized_hash = sha256(uid_packet).hex()

        if not actual_serialized_hash == expected_hash:
            # hashes for the content do not match
            return

        imported_key, _ = PGPKey.from_blob(uid_packet)

        if not imported_key.fingerprint == primary_key.fingerprint:
            # Primary key material on the two keys does not match. They don't belong together.
            return

        if not KeyStore._verify_legal_key_with_single_userid(imported_key):
            # key failed one of the validity tests
            return

        if not primary_key.verify(imported_key.userids[0]):
            # Primary key did not sign userid.
            # This check was already performed via the self-signature check on imported_key and the fingerprint
            # match with primary_key before.
            return

        new_userid: PGPUID = imported_key.userids[0]
        self._transplant_uid(new_userid, primary_key)
Exemplo n.º 3
0
def create_app(test_config=None):
    app = Flask(__name__, instance_relative_config=True)

    ca_pub_key, _ = PGPKey.from_file(
        os.path.join(app.root_path, '..', 'key', 'pub.asc'))
    ca_sec_key, _ = PGPKey.from_file(
        os.path.join(app.root_path, '..', 'key', 'sec.asc'))

    assert ca_sec_key.is_protected
    assert ca_sec_key.is_unlocked is False

    app.config.from_mapping(
        SECRET_KEY='sooO0O0Oo0O0oo0OoOOo-s3cur3',
        CA_PUB_KEY=ca_pub_key,
        CA_SEC_KEY=ca_sec_key,
        CA_PASSPHRASE='is521xyz!',
        DB=os.path.join(app.instance_path, 'ca.db'),
    )

    try:
        os.makedirs(app.instance_path)
    except OSError:
        pass

    app.register_blueprint(user.bp)
    app.register_blueprint(cert.bp)

    app.teardown_appcontext(db.close_db)

    if not os.path.isfile(app.config['DB']):
        with app.app_context():
            db.init_db()

    return app
Exemplo n.º 4
0
def test_decrypt_unsigned_message():
    from pgpy import PGPKey, PGPMessage
    from pgpy.errors import PGPError

    # these keys are small because the regression test doesn't really need the security
    # if you're reading this, *DO NOT GENERATE RSA KEYS THIS SMALL*
    # also, it's probably better to sign-then-encrypt rather than encrypt-then-sign
    decrypt_key = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" \
                  "Version: PGPy v0.4.2\n" \
                  "\n" \
                  "xcA4BFlKzk4BAgDL9E6Lpzq9yNhRP49HXeOSYTz4DPI1A2wxwI97qjZFsJ2lJ2aV\n" \
                  "SYFpbuS6DEPaya+98HQ6xM7o2PhbUnHqcXHzABEBAAEAAf9U/XOVwpQ57e4mvWPJ\n" \
                  "i5h/sUGk5FAyQ0Dc4q9oCyAenaIIe5npbsR+oKmUHwJ5wWgfrTaxvAkBl15kMtSN\n" \
                  "VItBAQDv/8BdIdW2Bc9+qvCtC2xiUJ/3Rd+eyXMZhn4VMdA8sQEA2Y1aRBpWjHo9\n" \
                  "g9KydxAewt8LUwchRHeonMmILuZ58eMBALP8euss11ELnjDOLrgRP2swnOTTTk3b\n" \
                  "P6aV8/rbcEXOUgPNG1JlZ3Jlc3NvIEVuY3J5cHRlciAoUFIjMTgzKcJrBBMBAgAV\n" \
                  "BQJZSs6CAhsOAgsHAhUCAhYAAh4BAAoJEA2I8KkOVzh/+IMCAI308quFk/lJXPF/\n" \
                  "bpvwwgFa9bRdIzl07Qu+3oQcEm+1cu6ivznewIEmQclSUpSLjXrS/LysQSAQye+J\n" \
                  "PgSEalQ=\n" \
                  "=Sg/Y\n" \
                  "-----END PGP PRIVATE KEY BLOCK-----\n"
    sign_key = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" \
               "Version: PGPy v0.4.2\n" \
               "\n" \
               "xcA4BFlKzkMBAgDQZA3bao1qo3XkuUDOaFm1x5TkAAMUUUxtmj+dSR0wl7uRzxWm\n" \
               "8naFpsJ1Mah/I8RlS1oZizaDI7BzbOvGUGjLABEBAAEAAf95RBAQQ/QhPxfmzqrY\n" \
               "sj6qGocZGqywERMxoJYuOBLFaCjdT8xk0syI0LOCetwDmUWerUPWO52w9T5Gj295\n" \
               "YUDpAQD7DSmifDMssvG5F9JYWdKobEwWxVsjyaYR/vbH/1Iy3QEA1H+e66Jz1ERl\n" \
               "yPLyl4E5chwO2l+VMxiFod3Dvo8C68cA/0GWJIdK0NzSNZwS6wFabZg2R1pZWxJJ\n" \
               "B0tsI0EqbUgNTiXNGFJlZ3Jlc3NvIFNpZ25lciAoUFIjMTgzKcJoBBMBAgASBQJZ\n" \
               "Ss53AhsCAhUCAhYAAh4BAAoJED6S3OqHJjksTzQCAM73UuXFtM2qXp4zfOGYEMsj\n" \
               "gcKFuFFLyNOhPZo6REeJC7o2+9d7Mwys8wVNTuS3D3o1h49QpYYNjYlgNSZ85pU=\n" \
               "=DBkI\n" \
               "-----END PGP PRIVATE KEY BLOCK-----\n"

    msg = "-----BEGIN PGP MESSAGE-----\n" \
          "Version: PGPy v0.4.2\n" \
          "\n" \
          "xA0DAAIBPpLc6ocmOSwAwUwDDYjwqQ5XOH8BAfwOTH6C/lk5bQevArYnrf0q3Dde\n" \
          "JDjM/otBckiTS8kvFz1XFfQhIDkZl+fDcRwDFNe9+JKLqOM4jU6FIUwToYgz0ksB\n" \
          "f6iZ80U0dzHGtvmEzYSnsYWAglik0ch/E9tyNq/lryrLnrxWu7V26wPfI1TISuKd\n" \
          "U+w1HPGoH8ugo6GkeqBdeED6gJfKEm1qgrHCXAQAAQIABgUCWUrVMQAKCRA+ktzq\n" \
          "hyY5LLcHAgDHYjKVbpd5/FV4+CZ0H5yTnrD/vZ+QebDC7CmOM7f1Q5L1AdG/K1rr\n" \
          "+Ud/YHq3NVk5UGU0LDfjdBwVaJmOjEUx\n" \
          "=ITfp\n" \
          "-----END PGP MESSAGE-----\n"

    dkey, _ = PGPKey.from_blob(decrypt_key)
    skey, _ = PGPKey.from_blob(sign_key)
    encmsg = PGPMessage.from_blob(msg)

    # this should work
    decmsg = dkey.decrypt(encmsg)
    assert decmsg.message == "Regression Test for PR#183"

    # this should raise PGPError, not PGPDecryptionError
    with pytest.raises(PGPError):
        skey.decrypt(encmsg)
Exemplo n.º 5
0
def test_decrypt_unsigned_message():
    from pgpy import PGPKey, PGPMessage
    from pgpy.errors import PGPError

    # these keys are small because the regression test doesn't really need the security
    # if you're reading this, *DO NOT GENERATE RSA KEYS THIS SMALL*
    # also, it's probably better to sign-then-encrypt rather than encrypt-then-sign
    decrypt_key = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" \
                  "Version: PGPy v0.4.2\n" \
                  "\n" \
                  "xcA4BFlKzk4BAgDL9E6Lpzq9yNhRP49HXeOSYTz4DPI1A2wxwI97qjZFsJ2lJ2aV\n" \
                  "SYFpbuS6DEPaya+98HQ6xM7o2PhbUnHqcXHzABEBAAEAAf9U/XOVwpQ57e4mvWPJ\n" \
                  "i5h/sUGk5FAyQ0Dc4q9oCyAenaIIe5npbsR+oKmUHwJ5wWgfrTaxvAkBl15kMtSN\n" \
                  "VItBAQDv/8BdIdW2Bc9+qvCtC2xiUJ/3Rd+eyXMZhn4VMdA8sQEA2Y1aRBpWjHo9\n" \
                  "g9KydxAewt8LUwchRHeonMmILuZ58eMBALP8euss11ELnjDOLrgRP2swnOTTTk3b\n" \
                  "P6aV8/rbcEXOUgPNG1JlZ3Jlc3NvIEVuY3J5cHRlciAoUFIjMTgzKcJrBBMBAgAV\n" \
                  "BQJZSs6CAhsOAgsHAhUCAhYAAh4BAAoJEA2I8KkOVzh/+IMCAI308quFk/lJXPF/\n" \
                  "bpvwwgFa9bRdIzl07Qu+3oQcEm+1cu6ivznewIEmQclSUpSLjXrS/LysQSAQye+J\n" \
                  "PgSEalQ=\n" \
                  "=Sg/Y\n" \
                  "-----END PGP PRIVATE KEY BLOCK-----\n"
    sign_key = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" \
               "Version: PGPy v0.4.2\n" \
               "\n" \
               "xcA4BFlKzkMBAgDQZA3bao1qo3XkuUDOaFm1x5TkAAMUUUxtmj+dSR0wl7uRzxWm\n" \
               "8naFpsJ1Mah/I8RlS1oZizaDI7BzbOvGUGjLABEBAAEAAf95RBAQQ/QhPxfmzqrY\n" \
               "sj6qGocZGqywERMxoJYuOBLFaCjdT8xk0syI0LOCetwDmUWerUPWO52w9T5Gj295\n" \
               "YUDpAQD7DSmifDMssvG5F9JYWdKobEwWxVsjyaYR/vbH/1Iy3QEA1H+e66Jz1ERl\n" \
               "yPLyl4E5chwO2l+VMxiFod3Dvo8C68cA/0GWJIdK0NzSNZwS6wFabZg2R1pZWxJJ\n" \
               "B0tsI0EqbUgNTiXNGFJlZ3Jlc3NvIFNpZ25lciAoUFIjMTgzKcJoBBMBAgASBQJZ\n" \
               "Ss53AhsCAhUCAhYAAh4BAAoJED6S3OqHJjksTzQCAM73UuXFtM2qXp4zfOGYEMsj\n" \
               "gcKFuFFLyNOhPZo6REeJC7o2+9d7Mwys8wVNTuS3D3o1h49QpYYNjYlgNSZ85pU=\n" \
               "=DBkI\n" \
               "-----END PGP PRIVATE KEY BLOCK-----\n"

    msg = "-----BEGIN PGP MESSAGE-----\n" \
          "Version: PGPy v0.4.2\n" \
          "\n" \
          "xA0DAAIBPpLc6ocmOSwAwUwDDYjwqQ5XOH8BAfwOTH6C/lk5bQevArYnrf0q3Dde\n" \
          "JDjM/otBckiTS8kvFz1XFfQhIDkZl+fDcRwDFNe9+JKLqOM4jU6FIUwToYgz0ksB\n" \
          "f6iZ80U0dzHGtvmEzYSnsYWAglik0ch/E9tyNq/lryrLnrxWu7V26wPfI1TISuKd\n" \
          "U+w1HPGoH8ugo6GkeqBdeED6gJfKEm1qgrHCXAQAAQIABgUCWUrVMQAKCRA+ktzq\n" \
          "hyY5LLcHAgDHYjKVbpd5/FV4+CZ0H5yTnrD/vZ+QebDC7CmOM7f1Q5L1AdG/K1rr\n" \
          "+Ud/YHq3NVk5UGU0LDfjdBwVaJmOjEUx\n" \
          "=ITfp\n" \
          "-----END PGP MESSAGE-----\n"

    dkey, _ = PGPKey.from_blob(decrypt_key)
    skey, _ = PGPKey.from_blob(sign_key)
    encmsg = PGPMessage.from_blob(msg)

    # this should work
    decmsg = dkey.decrypt(encmsg)
    assert decmsg.message == "Regression Test for PR#183"

    # this should raise PGPError, not PGPDecryptionError
    with pytest.raises(PGPError):
        skey.decrypt(encmsg)
Exemplo n.º 6
0
    def test_save(self, kf):
        # load the key and export it back to binary
        key, _ = PGPKey.from_file(kf)
        pgpyblob = key.__bytes__()

        # try loading the exported key
        reloaded, _ = PGPKey.from_file(kf)

        assert pgpyblob == reloaded.__bytes__()
Exemplo n.º 7
0
def temp_key():
    u = PGPUID.new('User')
    k = PGPKey.new(PubKeyAlgorithm.RSAEncryptOrSign, 512)
    k.add_uid(u, usage={KeyFlags.Certify, KeyFlags.Sign}, hashes=[HashAlgorithm.SHA1])

    sk = PGPKey.new(PubKeyAlgorithm.RSAEncryptOrSign, 512)
    k.add_subkey(sk, usage={KeyFlags.EncryptCommunications})

    return k
Exemplo n.º 8
0
    def test_save(self, kf):
        # load the key and export it back to binary
        key, _ = PGPKey.from_file(kf)
        pgpyblob = key.__bytes__()

        # try loading the exported key
        reloaded, _ = PGPKey.from_file(kf)

        assert pgpyblob == reloaded.__bytes__()
Exemplo n.º 9
0
    def test_parse_wrong_crc24(self, recwarn):
        keytext = _read('tests/testdata/keys/rsa.1.sec.asc').splitlines()
        keytext[-2] = "=abcd"
        keytext = '\n'.join(keytext)
        key = PGPKey()
        key.parse(keytext)

        w = recwarn.pop(UserWarning)
        assert str(w.message) == "Incorrect crc24"
        assert w.filename == __file__
Exemplo n.º 10
0
    def test_parse_wrong_crc24(self, recwarn):
        keytext = _read('tests/testdata/keys/rsa.1.sec.asc').splitlines()
        keytext[-2] = "=abcd"
        keytext = '\n'.join(keytext)
        key = PGPKey()
        key.parse(keytext)

        w = recwarn.pop(UserWarning)
        assert str(w.message) == "Incorrect crc24"
        assert w.filename == __file__
Exemplo n.º 11
0
def generate_rsa_key(uid='*****@*****.**',
                     alg_key=PubKeyAlgorithm.RSAEncryptOrSign,
                     alg_subkey=PubKeyAlgorithm.RSAEncryptOrSign,
                     size=2048):
    # RSAEncrypt is deprecated, therefore using RSAEncryptOrSign
    # also for the subkey
    """Generate PGPKey object.

    :param alg_key: algorithm for primary key
    :param alg_subkey: algorithm for subkey
    :param size: key size
    :param uid: e-mail address
    :return: key
    :type alg_key: PubKeyAlgorithm
    :type alg_subkey: PubKeyAlgorithm
    :type size: integer
    :type uid: string
    :rtype: PGPKey

    """
    # NOTE: default algorithm was decided to be RSA and size 2048.
    key = PGPKey.new(alg_key, size)
    # NOTE: pgpy implements separate attributes for name and e-mail address
    # is mandatory.
    # Here using e-mail address for the attribute name in order for
    # the uid to be the e-mail address.  If name attribute is set to
    # empty string and email to the e-mail address, the uid will be '
    # <e-mail address>', for instance:
    # " <*****@*****.**>" - which we do not want.
    uid = PGPUID.new(uid)
    # NOTE: it is needed to specify all arguments in current pgpy version.
    # FIXME: see which defaults we would like here
    key.add_uid(uid,
                usage={KeyFlags.Sign},
                hashes=[HashAlgorithm.SHA512, HashAlgorithm.SHA256],
                ciphers=[
                    SymmetricKeyAlgorithm.AES256, SymmetricKeyAlgorithm.AES192,
                    SymmetricKeyAlgorithm.AES128
                ],
                compression=[
                    CompressionAlgorithm.ZLIB, CompressionAlgorithm.BZ2,
                    CompressionAlgorithm.ZIP, CompressionAlgorithm.Uncompressed
                ])
    subkey = PGPKey.new(alg_subkey, size)
    key.add_subkey(
        subkey,
        usage={KeyFlags.EncryptCommunications, KeyFlags.EncryptStorage})
    logger.debug('Created key with fingerprint %s', key.fingerprint)
    return key
Exemplo n.º 12
0
def test_pubkey_subkey_parent():
    from pgpy import PGPKey

    # import this small key that has a subkey
    keyblob = ('-----BEGIN PGP PRIVATE KEY BLOCK-----\n'
               'Version: PGPy v0.4.2\n'
               '\n'
               'xcA4BFlULU4BAgDeq2bKPPOBzdgd1WF3RBQ0E0kkZbTfpgZjamDzdb6gfQ5TcBhs\n'
               'drI4XpxWOV3DorbsZ8Usj4zHx/XmLNCmxwqvABEBAAEAAgCSO76l0qGY/baQ4THB\n'
               'QdSC3qeKX8EJn99SKurA+PLYMg6IxLGBpWYIK8tT68xpqQ5ZwE9GodZ2QjfOVz2R\n'
               'o4IBAQD/UjtthEtyiMA1CDCPEksfIyd0QDjt82C19MSeqau8WQEA30LydxkjlvgH\n'
               'u5/uWVGqoFWhhfw5hDrYy72L6EbCfkcA/2csk7uGw/yg2MDUTlDwdokn1DLGkt/+\n'
               'Q/fPAMYvX6gvVoXNFVJlZ3Jlc3NvIChJc3N1ZSAjMTk0KcJrBBMBAgAVBQJZVC3O\n'
               'AhsDAgsHAhUCAhYAAh4BAAoJEC4sMTkKIj+F8ywB/AqaNHwi8xM1Rg99mOSib1zi\n'
               'jlXALY8pOrNU7Nqtc/6oks+49WeVW5zpE1vl1JPm2WYzvCEnE1KffdyjNR0bQ1XH\n'
               'wDgEWVQtUQECAKsWCdSRh6YDP9yuSonfHpBfUzRD/EQvpNnUDiTclV9w6RPMZYk9\n'
               'o5oUQTumPKnznsovLpNmIm48DCALMzdTzH0AEQEAAQACAJDfsKNYOM3Toph03pmx\n'
               'XmhS0FpJ16zFy4rJjtCYGcUerUqRQ1ehXIY9Ig9J5LitJXThrP4dvUlRCWUcxxl6\n'
               '9eEBANOiM8ktXW0bPZfBKunWn7ajA0PMBKG8p2d9iBCawBbbAQDO88L8V0cxCRvH\n'
               '8L1J4gsttPWDOnhw5z8Dq4Zv5U3thwD/WwE0miqfEpYAmkhc0g7lHf6l7qo+SrUZ\n'
               'ZKl0GLPLKKFRscK9BBgBAgAJBQJZVC3mAhsMAGgJEC4sMTkKIj+FXSAEGQECAAYF\n'
               'AllULeYACgkQCK0qxtsEtqzY7QIAoayZGB78eaImQVOpTLX2jnaDR2UY7NtUy6YI\n'
               'XMSumCeZj+n+BexmUm6x2kqg0FJLRwAE4i+rnvFA0HHX40/9d221AgCzUxHuHjKP\n'
               'b5wNW20vanc6b6ZMi52MyhluXAIdnvgPkPEzVIS+gGOX2DeT4TXAdosKfD1o5qS7\n'
               'ANRbocmpDuO3\n'
               '=UjzO\n'
               '-----END PGP PRIVATE KEY BLOCK-----\n')

    privkey, _ = PGPKey.from_blob(keyblob)
    pubkey = privkey.pubkey

    assert pubkey.subkeys['08AD2AC6DB04B6AC'].parent is pubkey
Exemplo n.º 13
0
def test_spurious_dash_escapes():
    from pgpy import PGPKey, PGPMessage

    message_data = r'''-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1,SHA256

- This is stored, literally\!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iJwEAQECAAYFAlQaCpEACgkQBM3VPIdAqKYrhwQAyQhwiqrR6oZ5fTBm4JyCOEND
72Kxbaz1i9Qh0jv7DmgRjb4udh95UQ8U0qVnmnhA8E2deKeDcWTS4fzUkU6J9OdH
/GPHpL9QEtOJ7xifzJsnKaNJVynmNMtYOqHQ9gCmXx7jM2ngxbTKBT8YZlSLMUdO
uoUFKrJGv0LWlSWHkeOJARwEAQECAAYFAlQaCpEACgkQKoNNjlkY6IYrhwf/ZnMN
yKIVxGl+5/9oovvgz2MtGt9B09xRg4BqD+lUDshzQUvQIjBXZ7ZEGSWqerRymZDg
ZzHpb1lv9oAOVU8f1qsMQJJkiz7Q+xu5FfgAp0WzMHJNy4QOmB4Kw/7UbTwdUXzw
EzKwbJ8Eg97vJgYdfqUZLu949dwJvyYZzGDdkbrnsaZ8H29XkKXNMlMinDQjvFBR
djgkILl3ZIdC3p+KechV3uYsqwje2qNEo69KukihPhzCe9o6/Yub5gdC+DSQDGl4
uPjk0zXjds4G5J5Jd5g4o7vhDWs8InxX4AcLfD6lH1XQ1VCZBpucun5CVsU3dUAv
yvO7C7FubDu1GUxdbYheBAERCAAGBQJUGgqRAAoJEKXc3JZkUxQOZ+IA/3KI8Mnl
k3jfpRQcvtSYFlU9WZk9SqZX6xirnV7Hloq6AP9ZlivPrJdWmjRyyShkMNgP/c63
cjMX82ahGPUVlyMP4A==
=bcSu
-----END PGP SIGNATURE-----
'''

    key = PGPKey.from_file('tests/testdata/keys/rsa.1.pub.asc')[0]
    message = PGPMessage.from_blob(message_data)
    assert key.verify(message)
Exemplo n.º 14
0
    def extract_key(self, pubkey):
        """ Build the PGP private key from the corresponding public key and this firmware key material """
        assert not self.locked
        assert pubkey.is_public

        # create parent key
        privkey = self._create_private_key(pubkey, False)
        if not privkey:
            privkey = Firmware._nosecrete_private_key(pubkey._key)

        # take user IDs with their signatures from the public key
        for uid in pubkey.userids:
            privkey._uids.append(uid)

        # extract all sub keys
        for sk in pubkey.subkeys.values():
            key = self._create_private_key(sk)
            if not key:
                logging.warning("Subkey not present in firmware: {}".format(sk.fingerprint))
                continue
            privkey._children[key.fingerprint.keyid] = key
            key._parent = privkey

        # reload key so every field is correctly computed
        return PGPKey.from_blob(bytes(privkey))[0]
Exemplo n.º 15
0
 def _nosecrete_private_key(pubkey):
     """ Create the parent certify key without the private parts """
     km = OpaquePrivKey()
     km.parse(pubkey.keymaterial.__bytearray__())
     # S2K GNU extension: private key without secrete parts
     km.s2k.parse(bytearray(b'\xff\x00\x65\x00GNU\x01'))
     # wrap key material in PrivKeyV4 containing info about algo, creation timestamp, ...
     privkey = PrivKeyV4()
     privkey.pkalg = pubkey.pkalg
     privkey.keymaterial = km
     privkey.created = pubkey.created
     privkey.update_hlen()
     # wrap private key in a PGPKey object
     key = PGPKey()
     key._key = privkey
     return key
Exemplo n.º 16
0
    def test_add_subkey(self, pkspec, skspec):
        alg, size = skspec
        if not alg.can_gen:
            pytest.xfail('Key algorithm {} not yet supported'.format(alg.name))

        if isinstance(size, EllipticCurveOID) and not size.can_gen:
            pytest.xfail('Curve {} not yet supported'.format(size.name))

        key = self.keys[pkspec]
        subkey = PGPKey.new(*skspec)

        # before adding subkey to key, the key packet should be a PrivKeyV4, not a PrivSubKeyV4
        assert isinstance(subkey._key, PrivKeyV4)
        assert not isinstance(subkey._key, PrivSubKeyV4)

        key.add_subkey(subkey, usage={KeyFlags.EncryptCommunications})

        # now that we've added it, it should be a PrivSubKeyV4
        assert isinstance(subkey._key, PrivSubKeyV4)

        # self-verify
        assert key.verify(subkey)

        sv = key.verify(key)
        assert sv
        assert subkey in sv

        # try to verify with GPG
        self.gpg_verify_key(key)
Exemplo n.º 17
0
def main():
    args = parseargs()
    # also print info messages
    logging.basicConfig(level=logging.INFO, format='[%(levelname)s] %(message)s')

    # extract key material from firmware
    firmware = Firmware(args.fw, args.udid)

    # bruteforce firmware password if necessary
    if firmware.locked:
        if not args.dict:
            logging.critical("Firmware is password protected: please provide a dictionary with -d option")
            sys.exit(1)
        password = bruteforce(args.dict, firmware)
        if password is None:
            logging.critical("No valid password found in provided dictionary")
            sys.exit(1)
        logging.info("Firmware unlocked with password: {}".format(password))

    pubkey, _ = PGPKey.from_file(args.key)
    privkey = firmware.extract_key(pubkey)

    if args.out == '-':
        # export ASCII armored version if writing to stdout
        sys.stdout.write(str(privkey))
    else:
        with open(args.out, 'wb') as f:
            # export binary version when writing to file
            f.write(bytes(privkey))
Exemplo n.º 18
0
    def test_add_uid(self):
        key = PGPKey.new(pgpy.constants.PubKeyAlgorithm.RSAEncryptOrSign, 1024)
        add_uid(key, PGPUID.new("Name"), primary=True)

        self.assertEqual(len(key.userids), 1)
        self.assertIsNotNone(key.get_uid("Name"))
        self.assertTrue(key.get_uid("Name").is_primary)

        new_uid: PGPUID = key.get_uid("Name")
        self.assertIsNotNone(new_uid.selfsig)
        self.assertEqual(new_uid.signers.pop(), key.fingerprint.keyid)
        self.assertTrue(key.verify(new_uid))
        uid_sig: PGPSignature = new_uid.selfsig
        self.assertEqual(uid_sig.created, get_uniform_time_as_datetime())
        self.assertListEqual(uid_sig.cipherprefs,
                             [pgpy.constants.SymmetricKeyAlgorithm.AES256])
        self.assertListEqual(
            uid_sig.compprefs,
            [pgpy.constants.CompressionAlgorithm.Uncompressed])
        self.assertListEqual(uid_sig.hashprefs,
                             [pgpy.constants.HashAlgorithm.SHA512])

        add_uid(key, PGPUID.new("Secondary"), False)
        self.assertEqual(len(key.userids), 2)
        self.assertFalse(key.get_uid("Secondary").is_primary)
Exemplo n.º 19
0
def test_firmware_nopass(algo):
    # extract private key from firmware
    firmware = Firmware("firmwares/{}.firmware.bin".format(algo), UDID)
    assert not firmware.locked
    pubkey, _ = PGPKey.from_file("pubkeys/{}.pub.key.asc".format(algo))
    privkey = firmware.extract_key(pubkey)
    assert privkey is not None

    # test message decryption
    subk = get_key_with_flag(privkey, KeyFlags.EncryptCommunications)
    assert subk is not None
    enc = PGPMessage.from_file("messages/{}.enc.msg.gpg".format(algo))
    dec = subk.decrypt(enc)
    assert bytes(dec.message) == MESSAGE

    # test signature: except Ed25519 which cannot be extracted
    subk = get_key_with_flag(privkey, KeyFlags.Sign)
    if algo != 'curve25519':
        assert subk is not None
        msg = PGPMessage.new(MESSAGE, compression=CompressionAlgorithm.Uncompressed)
        sig = subk.sign(msg)
        subk = get_key_with_flag(pubkey, KeyFlags.Sign)
        assert subk is not None
        assert subk.verify(MESSAGE, sig)
    else:
        assert subk is None
Exemplo n.º 20
0
def test_pubkey_subkey_parent():
    from pgpy import PGPKey

    # import this small key that has a subkey
    keyblob = ('-----BEGIN PGP PRIVATE KEY BLOCK-----\n'
               'Version: PGPy v0.4.2\n'
               '\n'
               'xcA4BFlULU4BAgDeq2bKPPOBzdgd1WF3RBQ0E0kkZbTfpgZjamDzdb6gfQ5TcBhs\n'
               'drI4XpxWOV3DorbsZ8Usj4zHx/XmLNCmxwqvABEBAAEAAgCSO76l0qGY/baQ4THB\n'
               'QdSC3qeKX8EJn99SKurA+PLYMg6IxLGBpWYIK8tT68xpqQ5ZwE9GodZ2QjfOVz2R\n'
               'o4IBAQD/UjtthEtyiMA1CDCPEksfIyd0QDjt82C19MSeqau8WQEA30LydxkjlvgH\n'
               'u5/uWVGqoFWhhfw5hDrYy72L6EbCfkcA/2csk7uGw/yg2MDUTlDwdokn1DLGkt/+\n'
               'Q/fPAMYvX6gvVoXNFVJlZ3Jlc3NvIChJc3N1ZSAjMTk0KcJrBBMBAgAVBQJZVC3O\n'
               'AhsDAgsHAhUCAhYAAh4BAAoJEC4sMTkKIj+F8ywB/AqaNHwi8xM1Rg99mOSib1zi\n'
               'jlXALY8pOrNU7Nqtc/6oks+49WeVW5zpE1vl1JPm2WYzvCEnE1KffdyjNR0bQ1XH\n'
               'wDgEWVQtUQECAKsWCdSRh6YDP9yuSonfHpBfUzRD/EQvpNnUDiTclV9w6RPMZYk9\n'
               'o5oUQTumPKnznsovLpNmIm48DCALMzdTzH0AEQEAAQACAJDfsKNYOM3Toph03pmx\n'
               'XmhS0FpJ16zFy4rJjtCYGcUerUqRQ1ehXIY9Ig9J5LitJXThrP4dvUlRCWUcxxl6\n'
               '9eEBANOiM8ktXW0bPZfBKunWn7ajA0PMBKG8p2d9iBCawBbbAQDO88L8V0cxCRvH\n'
               '8L1J4gsttPWDOnhw5z8Dq4Zv5U3thwD/WwE0miqfEpYAmkhc0g7lHf6l7qo+SrUZ\n'
               'ZKl0GLPLKKFRscK9BBgBAgAJBQJZVC3mAhsMAGgJEC4sMTkKIj+FXSAEGQECAAYF\n'
               'AllULeYACgkQCK0qxtsEtqzY7QIAoayZGB78eaImQVOpTLX2jnaDR2UY7NtUy6YI\n'
               'XMSumCeZj+n+BexmUm6x2kqg0FJLRwAE4i+rnvFA0HHX40/9d221AgCzUxHuHjKP\n'
               'b5wNW20vanc6b6ZMi52MyhluXAIdnvgPkPEzVIS+gGOX2DeT4TXAdosKfD1o5qS7\n'
               'ANRbocmpDuO3\n'
               '=UjzO\n'
               '-----END PGP PRIVATE KEY BLOCK-----\n')

    privkey, _ = PGPKey.from_blob(keyblob)
    pubkey = privkey.pubkey

    assert pubkey.subkeys['08AD2AC6DB04B6AC'].parent is pubkey
Exemplo n.º 21
0
 def list_packets(self, keydata):
     # NOTE: while is known how to get the packets from PGPKey,
     # use gpg only here
     import subprocess
     key, _ = PGPKey.from_blob(keydata)
     keypath = self._save_key_to_file(key)
     sp = subprocess.Popen(['/usr/bin/gpg', '--list-packets', keypath],
                           stdout=subprocess.PIPE,
                           stderr=subprocess.PIPE)
     out, err = sp.communicate()
     if sys.version_info >= (3, 0):
         out = out.decode()
     packets = []
     lines = []
     last_package_type = None
     for rawline in out.splitlines():
         line = rawline.strip()
         c = line[0:1]
         if c == "#":
             continue
         if c == ":":
             i = line[1:].find(c)
             if i != -1:
                 ptype = line[1:i + 1]
                 pvalue = line[i + 2:].strip()
                 if last_package_type is not None:
                     packets.append(last_package_type + (lines, ))
                     lines = []
                 last_package_type = (ptype, pvalue)
         else:
             assert last_package_type, line
             lines.append(line)
     else:
         packets.append(last_package_type + (lines, ))
     return packets
Exemplo n.º 22
0
def test_verify_subkey_revocation_signature():
    keyblob = ('-----BEGIN PGP PUBLIC KEY BLOCK-----\n'
               '\n'
               'mI0EWgtKbAEEAOEjq2UsapzI996tHhvGB7mJTo1sneUso20vz5VluECI0Xv0nr0j\n'
               'BfknMFNeuPRR5sopgnrYT2ezJxp60D1NFaKgDh0z0qv9spk9FTP4YtaE5pfZRk3l\n'
               'iGgyY7WiJBhKLb7ne3PeG8mtju4T+9ejbN4hVx1Vz9WHKkLGeBGkOcYZABEBAAG0\n'
               'HVRlc3QgUmV2b2NhdGlvbiA8YWJjQGRlZi5naGk+iM4EEwEIADgWIQRIuXHQYB9/\n'
               'm0hHY/8zq5Y87Iwq4QUCWgtKbAIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAK\n'
               'CRAzq5Y87Iwq4RKuA/46Zg3OSmRPJJNQegoDGLGwj81sgrLFPVDV2dSAxYPiGH3j\n'
               'JNM760NS51FLHQvxwa9XV9/4xzL9jqsV8vD+lX5aphZS6h2olPAy9CP2FK8KFrv1\n'
               'Rap2y9D68LStDv2jFyEYEGCCvon3Ff6O2PxwG98xkaskBPH6knGjK6rrMvYI/7iN\n'
               'BFoLSmwBBACbGvXVtDH4aTJ3UbN/3UnLKb05ogmZDpkx8A2qGnUu1QvIxqi56emU\n'
               'TfbxKv8jne0qas0IJ1OWrcTAuPvwgH4TJERAkngxzdYXR6ZHEO3/L8s0XSLobW5E\n'
               'nsGnFw/PG5Lrxv1YA7nBlCKennrlaU9iiUguOUK7SW7To1SOojTOcQARAQABiLYE\n'
               'KAEIACAWIQRIuXHQYB9/m0hHY/8zq5Y87Iwq4QUCWgtKuAIdAwAKCRAzq5Y87Iwq\n'
               '4eFnA/4oOnM7kjgIYqs2TgAxuddMabx1US9yYZDG097Nxfw1DFJoFOg4ozrrWNRz\n'
               'F3AHo7Ocue288VYIJtjH4KB2vGAYdWq8j6bywW7t4Be2WsU4MCJqETxS+3Gv65B6\n'
               'NBq4Y8lJvKO/cwsqYI6XWsJsmnVns0XOdv/k6ZouVdpUu5Fpr4i2BBgBCAAgFiEE\n'
               'SLlx0GAff5tIR2P/M6uWPOyMKuEFAloLSmwCGwwACgkQM6uWPOyMKuFrOAP/ZemA\n'
               'yfU6zSfiReQ5fsiQhiy2jZx+JVweZ0ESgDuIvT4tlB4WK87OcITd40rTalGezRuE\n'
               'fhi3IcnDc7L+kBGNhP3IY8IFVNYGqfowIYLl/RX+3BUjuaDpunO9kIBrhm0WrC6Y\n'
               '+padVqwTFNFteQR0N9BW1qNf7HB20BCaElxGCuI=\n'
               '=EoFv\n'
               '-----END PGP PUBLIC KEY BLOCK-----\n')

    pubkey, _ = PGPKey.from_blob(keyblob)
    subkey = pubkey.subkeys['8ABD4FB3046BBCF8']

    revsig = subkey._signatures[1]

    assert pubkey.verify(subkey, revsig)
Exemplo n.º 23
0
def test_firmware_pass(algo):
    # test firmware decryption with wrong and correct password
    firmware = Firmware("firmwares/{}.pass.firmware.bin".format(algo), UDID)
    assert firmware.locked
    assert not firmware.unlock(WRONGPW)
    assert firmware.unlock(GOODPW)
    assert not firmware.locked

    # extract private key from firmware
    pubkey, _ = PGPKey.from_file("pubkeys/{}.pub.key.asc".format(algo))
    privkey = firmware.extract_key(pubkey)
    assert privkey is not None

    # test message decryption
    subk = get_key_with_flag(privkey, KeyFlags.EncryptCommunications)
    assert subk is not None
    enc = PGPMessage.from_file("messages/{}.enc.msg.gpg".format(algo))
    dec = subk.decrypt(enc)
    assert bytes(dec.message) == MESSAGE

    # test signature
    subk = get_key_with_flag(privkey, KeyFlags.Sign)
    assert subk is not None
    msg = PGPMessage.new(MESSAGE, compression=CompressionAlgorithm.Uncompressed)
    sig = subk.sign(msg)
    subk = get_key_with_flag(pubkey, KeyFlags.Sign)
    assert subk is not None
    assert subk.verify(MESSAGE, sig)
Exemplo n.º 24
0
    def test_encrypt_message_select_uid(self):
        # generate a temporary key with two UIDs, then encrypt a message
        u1 = PGPUID.new('UID One')
        u2 = PGPUID.new('UID Two')
        k = PGPKey.new(PubKeyAlgorithm.RSAEncryptOrSign, 512)

        flags = {
            KeyFlags.Certify, KeyFlags.Sign, KeyFlags.EncryptCommunications,
            KeyFlags.EncryptStorage
        }

        k.add_uid(u1,
                  usage=flags,
                  hashes=[HashAlgorithm.SHA1],
                  ciphers=[SymmetricKeyAlgorithm.AES128])
        k.add_uid(u2,
                  usage=flags,
                  hashes=[HashAlgorithm.SHA1],
                  ciphers=[SymmetricKeyAlgorithm.Camellia128])

        emsg = k.pubkey.encrypt(
            PGPMessage.new('This message is about to be encrypted'),
            user='******')

        # assert that it was encrypted with Camellia128 and that we can decrypt it normally
        assert emsg._sessionkeys[0].decrypt_sk(
            k._key)[0] == SymmetricKeyAlgorithm.Camellia128
        assert k.decrypt(
            emsg).message == 'This message is about to be encrypted'
Exemplo n.º 25
0
    def test_new_key_deprecated_rsa_alg(self, key_alg_rsa_depr, recwarn):
        k = PGPKey.new(key_alg_rsa_depr, 512)

        w = recwarn.pop()
        assert str(w.message) == '{:s} is deprecated - generating key using RSAEncryptOrSign'.format(key_alg_rsa_depr.name)
        # assert w.filename == __file__
        assert k.key_algorithm == PubKeyAlgorithm.RSAEncryptOrSign
Exemplo n.º 26
0
    def _verify_legal_key_with_single_userid(key: PGPKey,
                                             single_uid_expected: bool = True
                                             ) -> bool:
        if single_uid_expected:
            if not len(key.userids) == 1:
                # more than just one  user id included
                return False

            single_uid: PGPUID = key.userids[0]

            if not single_uid.is_uid:
                # photo uids are not supported
                return False

            verification_result = key.verify(single_uid)
            if not verification_result:
                # no valid self-signature on this key
                return False
        else:
            if len(key.userids) != 0:
                # did not expect a userid
                return False

        if not KeyStore._verify_no_subkeys_signers_revsigs(key):
            return False

        return True
Exemplo n.º 27
0
    def test_add_subkey(self, pkspec, skspec):
        if pkspec not in self.keys:
            pytest.skip('Keyspec {} not in keys; must not have generated'.format(pkspec))

        alg, size = skspec
        if not alg.can_gen:
            pytest.xfail('Key algorithm {} not yet supported'.format(alg.name))

        if isinstance(size, EllipticCurveOID) and ((not size.can_gen) or size.name not in _openssl_get_supported_curves()):
            pytest.xfail('Curve {} not yet supported'.format(size.name))

        key = self.keys[pkspec]
        subkey = PGPKey.new(*skspec)

        # before adding subkey to key, the key packet should be a PrivKeyV4, not a PrivSubKeyV4
        assert isinstance(subkey._key, PrivKeyV4)
        assert not isinstance(subkey._key, PrivSubKeyV4)

        key.add_subkey(subkey, usage={KeyFlags.EncryptCommunications})

        # now that we've added it, it should be a PrivSubKeyV4
        assert isinstance(subkey._key, PrivSubKeyV4)

        # self-verify
        assert key.verify(subkey)

        sv = key.verify(key)
        assert sv
        assert subkey in sv

        # try to verify with GPG
        self.gpg_verify_key(key)
Exemplo n.º 28
0
def sign_security_txt(data: str) -> Dict[str, str]:
    """
    Sign security.txt.

    :param data: data to sign
    :type data: str
    :return: templatetag context data
    :rtype: Dict[str, str]
    :raises ImproperlyConfigured: in case of bad signing config
    """
    if (settings.SECURITY_TXT_SIGN and not settings.SECURITY_TXT_SIGNING_KEY
        ) or (  # type: ignore  # noqa: E501
            not Path(settings.SECURITY_TXT_SIGNING_KEY).exists(
            )  # type: ignore  # noqa: E501
        ):

        raise ImproperlyConfigured

    key, _ = PGPKey.from_file(filename=settings.SECURITY_TXT_SIGNING_KEY
                              )  # type: ignore  # noqa: E501

    return {
        "DATA": data,
        "SIGNATURE": key.sign(subject=data),
    }
Exemplo n.º 29
0
def generate_pgp_key(name, email, comment, passphrase=None, armor=True):
    # We need to specify all of our preferences because PGPy doesn't have any built-in key preference defaults at this time.
    # This example is similar to GnuPG 2.1.x defaults, with no expiration or preferred keyserver
    key = PGPKey.new(PubKeyAlgorithm.RSAEncryptOrSign, 4096)
    uid = PGPUID.new(name, email=email, comment=comment)
    key.add_uid(uid,
                usage={
                    KeyFlags.Sign, KeyFlags.EncryptCommunications,
                    KeyFlags.EncryptStorage
                },
                hashes=[
                    HashAlgorithm.SHA256, HashAlgorithm.SHA384,
                    HashAlgorithm.SHA512, HashAlgorithm.SHA224
                ],
                ciphers=[
                    SymmetricKeyAlgorithm.AES256, SymmetricKeyAlgorithm.AES192,
                    SymmetricKeyAlgorithm.AES128
                ],
                compression=[
                    CompressionAlgorithm.ZLIB, CompressionAlgorithm.BZ2,
                    CompressionAlgorithm.ZIP, CompressionAlgorithm.Uncompressed
                ])

    # Protecting the key
    if passphrase:
        key.protect(passphrase, SymmetricKeyAlgorithm.AES256,
                    HashAlgorithm.SHA256)
    else:
        print('WARNING: Unprotected key', file=sys.stderr)

    pub_data = str(key.pubkey) if armor else bytes(
        key.pubkey)  # armored or not
    sec_data = str(key) if armor else bytes(key)  # armored or not

    return (pub_data, sec_data)
Exemplo n.º 30
0
def check_mailbox_password(key, password, access_token):
    """ Make sure the password is valid by decrypting the access token.
    
    Parameters
    ----------
    key: Bytes
        PGP Private key
    password: String
    access_token: String
        Access token as an encrypted PGP message 
    Returns
    -------
    token: String

    """
    if not key:
        raise ValueError("Missing private key")
    if not password:
        raise ValueError("Missing password")
    if not access_token:
        raise ValueError("Missing access token")
    msg = PGPMessage.from_blob(access_token)
    pk, _ = PGPKey.from_blob(key)
    if IS_PY3 and isinstance(password, bytes):
        password = password.decode()
    with pk.unlock(password) as uk:
        return bytes(uk.decrypt(msg).message)
Exemplo n.º 31
0
    def test_load_from_bytearray(self, gpg_keyid_file):
        tkb = bytearray(os.stat(self.kf).st_size)
        with open(self.kf, 'rb') as tkf:
            tkf.readinto(tkb)

        key, _ = PGPKey.from_blob(tkb)

        assert key.fingerprint.keyid in gpg_keyid_file(self.kf.replace('tests/testdata/', ''))
Exemplo n.º 32
0
 def get_keys(self) -> list:
     session = self.get_session()
     keys = session.query(Key).all()
     deserialized_keys = []
     for key in keys:
         deserialized_key, other = PGPKey.from_blob(key.key)
         deserialized_keys.append(deserialized_key)
     return deserialized_keys
Exemplo n.º 33
0
    def test_load_from_bytearray(self, kf):
        tkb = bytearray(os.stat(kf).st_size)
        with open(kf, 'rb') as tkf:
            tkf.readinto(tkb)

        key, _ = PGPKey.from_blob(tkb)

        assert key.fingerprint == _fingerprints[os.path.basename(kf)]
Exemplo n.º 34
0
    def test_load_from_bytearray(self, kf):
        tkb = bytearray(os.stat(kf).st_size)
        with open(kf, 'rb') as tkf:
            tkf.readinto(tkb)

        key, _ = PGPKey.from_blob(tkb)

        assert key.fingerprint == _fingerprints[os.path.basename(kf)]
Exemplo n.º 35
0
    def __init__(self, config, secrets):
        try:
            dataKeyBytes = config.get("key", None)
        except AttributeError as e:
            raise InvalidConfig(original=e)

        if not dataKeyBytes or dataKeyBytes == "":
            msg = ("crypto.key is not a string, "
                   "Remove the crypto property if encryption is not needed")
            raise InvalidConfig(message=msg)

        privateKey = secrets.get("privateKey", None)
        if not privateKey or privateKey == "":
            msg = ("No gpg private key provided for decryption. "
                   "Remove the crypto property if encryption is not needed")
            raise InvalidConfig(message=msg)

        gpgKey = PGPKey()
        gpgKey.parse(privateKey)

        password = secrets.get("privateKeyPassword", None)
        if password:
            try:
                gpgKey.unlock(password)
            except PGPDecryptionError as err:
                raise BadGPGKeyPasswordError(gpgKey.userids[0])

        with warnings.catch_warnings():
            # prevents warning of type `UserWarning: Message was encrypted with this key's subkey: ...`
            warnings.simplefilter("ignore", category=UserWarning)
            dataKey = gpgKey.decrypt(
                PGPMessage.from_blob(dataKeyBytes)).message

        DataKeyService.__init__(self, dataKey)
Exemplo n.º 36
0
 def _get_public_key(self, email):
     email = utils.str(email)
     r = yield self.api.keys('?Email={}'.format(email),
                             blocking=False,
                             response=responses.KeysResponse)
     self.PublicKeys[email] = [
         PGPKey.from_blob(k.PublicKey)[0] for k in r.Keys
     ]
     return_value(r)
Exemplo n.º 37
0
    def test_verify_wrongkey(self, rsa_pub):
        wrongkey, _ = PGPKey.from_file(
            'tests/testdata/signatures/aptapproval-test.key.asc')
        sig = PGPSignature.from_file(
            'tests/testdata/signatures/debian-sid.sig.asc')

        with pytest.raises(PGPError):
            wrongkey.verify(_read('tests/testdata/signatures/debian-sid.subj'),
                            sig)
Exemplo n.º 38
0
    def test_verify_invalid_sig(self, string, key_alg):
        # generate a keypair
        u = PGPUID.new('asdf')
        k = PGPKey.new(key_alg, key_alg_size[key_alg])
        k.add_uid(u, usage={KeyFlags.Certify, KeyFlags.Sign}, hashes=[HashAlgorithm.SHA1])

        # sign string with extra characters (this means k.pubkey.verify(string) will return false
        sig = k.sign(string + 'asdf')

        assert not k.pubkey.verify(string, sig)
Exemplo n.º 39
0
    def test_new_key(self, key_alg):
        # create a key and a user id and add the UID to the key
        uid = PGPUID.new('Hugo Gernsback', 'Science Fiction Plus', '*****@*****.**')
        key = PGPKey.new(key_alg, key_alg_size[key_alg])
        key.add_uid(uid, hashes=[HashAlgorithm.SHA224])

        # self-verify the key
        assert key.verify(key)

        self.gen_keys[key_alg] = key
Exemplo n.º 40
0
def abe():
    uid = PGPUID.new('Abraham Lincoln', comment='Honest Abe', email='*****@*****.**')
    with open('tests/testdata/abe.jpg', 'rb') as abef:
        abebytes = bytearray(os.fstat(abef.fileno()).st_size)
        abef.readinto(abebytes)
    uphoto = PGPUID.new(abebytes)

    # Abe is pretty oldschool, so he uses a DSA primary key
    # normally he uses an ElGamal subkey for encryption, but PGPy doesn't support that yet, so he's settled for RSA for now
    key = PGPKey.new(PubKeyAlgorithm.DSA, 1024)
    subkey = PGPKey.new(PubKeyAlgorithm.RSAEncryptOrSign, 1024)

    key.add_uid(uid,
                usage={KeyFlags.Certify, KeyFlags.Sign},
                hashes=[HashAlgorithm.SHA224, HashAlgorithm.SHA1],
                ciphers=[SymmetricKeyAlgorithm.AES128, SymmetricKeyAlgorithm.Camellia128, SymmetricKeyAlgorithm.CAST5],
                compression=[CompressionAlgorithm.ZLIB])
    key.add_uid(uphoto)
    key.add_subkey(subkey, usage={KeyFlags.EncryptCommunications, KeyFlags.EncryptStorage})
    return key
Exemplo n.º 41
0
    def test_verify_invalid_sig(self, pkspec, string):
        # test verifying an invalid signature
        u = PGPUID.new('asdf')
        k = PGPKey.new(*pkspec)
        k.add_uid(u, usage={KeyFlags.Certify, KeyFlags.Sign}, hashes=[HashAlgorithm.SHA1])

        # sign the string with extra characters, so that verifying just string fails
        sig = k.sign(string + 'asdf')
        sv = k.pubkey.verify(string, sig)
        assert not sv
        assert sig in sv
Exemplo n.º 42
0
    def test_sign_encrypted_message(self, sf, cipher):
        # test decrypting a message
        sec, _ = PGPKey.from_file(sf)
        if (sec.fingerprint, cipher) not in self.msgs:
            pytest.skip('Message not present; see test_encrypt_message skip or xfail reason')

        emsg = self.msgs[(sec.fingerprint, cipher)]
        emsg |= sec.sign(emsg)

        assert emsg.is_signed
        assert emsg.is_encrypted
        assert isinstance(next(iter(emsg)), PGPSignature)
Exemplo n.º 43
0
    def test_encrypt_message_select_uid(self):
        # generate a temporary key with two UIDs, then encrypt a message
        u1 = PGPUID.new('UID One')
        u2 = PGPUID.new('UID Two')
        k = PGPKey.new(PubKeyAlgorithm.RSAEncryptOrSign, 512)

        flags = {KeyFlags.Certify, KeyFlags.Sign, KeyFlags.EncryptCommunications, KeyFlags.EncryptStorage}

        k.add_uid(u1, usage=flags, hashes=[HashAlgorithm.SHA1], ciphers=[SymmetricKeyAlgorithm.AES128])
        k.add_uid(u2, usage=flags, hashes=[HashAlgorithm.SHA1], ciphers=[SymmetricKeyAlgorithm.Camellia128])

        emsg = k.pubkey.encrypt(PGPMessage.new('This message is about to be encrypted'), user='******')

        # assert that it was encrypted with Camellia128 and that we can decrypt it normally
        assert emsg._sessionkeys[0].decrypt_sk(k._key)[0] == SymmetricKeyAlgorithm.Camellia128
        assert k.decrypt(emsg).message == 'This message is about to be encrypted'
Exemplo n.º 44
0
    def test_decrypt_message(self, sf, cipher):
        # test decrypting a message
        sec, _ = PGPKey.from_file(sf)
        if (sec.fingerprint, cipher) not in self.msgs:
            pytest.skip('Message not present; see test_encrypt_message skip or xfail reason')

        emsg = self.msgs[(sec.fingerprint, cipher)]
        dmsg = sec.decrypt(emsg)

        assert dmsg.message == "This message will have been encrypted"

        # now check with GnuPG, if possible
        if gpg_ver < '2.1' and sec.key_algorithm in {PubKeyAlgorithm.ECDSA, PubKeyAlgorithm.ECDH}:
            # GnuPG prior to 2.1.x does not support EC* keys, so skip this step
            return

        assert self.gpg_decrypt(emsg, sec).decode('utf-8') == dmsg.message
Exemplo n.º 45
0
    def test_new_subkey(self, key_alg):
        key = self.gen_keys[key_alg]
        subkey = PGPKey.new(subkey_alg[key_alg], key_alg_size[subkey_alg[key_alg]])

        assert subkey._key
        assert not isinstance(subkey._key, PrivSubKeyV4)

        # now add the subkey to key and then verify it
        key.add_subkey(subkey, usage={KeyFlags.EncryptCommunications})

        # subkey should be a PrivSubKeyV4 now, not a PrivKeyV4
        assert isinstance(subkey._key, PrivSubKeyV4)

        # self-verify
        sv = self.gen_keys[key_alg].verify(self.gen_keys[key_alg])

        assert sv
        assert subkey in sv
Exemplo n.º 46
0
    def test_gen_key(self, alg, size):
        # create a primary key with a UID
        uid = PGPUID.new('Test Key', '{}.{}'.format(alg.name, size), '*****@*****.**')
        key = PGPKey.new(alg, size)

        if alg is PubKeyAlgorithm.ECDSA:
            # ECDSA keys require larger hash digests
            key.add_uid(uid, hashes=[HashAlgorithm.SHA384])

        else:
            key.add_uid(uid, hashes=[HashAlgorithm.SHA224])

        assert uid in key

        # self-verify the key
        assert key.verify(key)
        self.keys[(alg, size)] = key

        # try to verify with GPG
        self.gpg_verify_key(key)
Exemplo n.º 47
0
 def test_new_key_invalid_size(self, badkey):
     key_alg, key_size = badkey
     with pytest.raises(ValueError):
         PGPKey.new(key_alg, key_size)
Exemplo n.º 48
0
def rsa_enc():
    return PGPKey.from_file('tests/testdata/keys/rsa.1.enc.asc')[0]
Exemplo n.º 49
0
def targette_sec():
    return PGPKey.from_file('tests/testdata/keys/targette.sec.rsa.asc')[0]
Exemplo n.º 50
0
def targette_pub():
    return PGPKey.from_file('tests/testdata/keys/targette.pub.rsa.asc')[0]
Exemplo n.º 51
0
def temp_subkey():
    return PGPKey.new(PubKeyAlgorithm.RSAEncryptOrSign, 512)
Exemplo n.º 52
0
    def test_new_key_no_uid_action(self):
        key = PGPKey.new(PubKeyAlgorithm.RSAEncryptOrSign, 1024)

        with pytest.raises(PGPError):
            key.sign('asdf')
Exemplo n.º 53
0
    def test_load_from_file(self, kf):
        key, _ = PGPKey.from_file(kf)

        assert key.fingerprint == _fingerprints[os.path.basename(kf)]
Exemplo n.º 54
0
    def test_load_from_bytes(self, kf):
        with open(kf, 'rb') as tkf:
            key, _ = PGPKey.from_blob(tkf.read())

        assert key.fingerprint == _fingerprints[os.path.basename(kf)]
Exemplo n.º 55
0
 def test_new_key_unimplemented_alg(self, key_alg_unim):
     with pytest.raises(NotImplementedError):
         PGPKey.new(key_alg_unim, 512)
Exemplo n.º 56
0
def rsa_pub():
    return PGPKey.from_file('tests/testdata/keys/rsa.1.pub.asc')[0]
Exemplo n.º 57
0
    key.add_uid(uphoto)
    key.add_subkey(subkey, usage={KeyFlags.EncryptCommunications, KeyFlags.EncryptStorage})
    return key


@pytest.fixture(scope='module')
def targette_pub():
    return PGPKey.from_file('tests/testdata/keys/targette.pub.rsa.asc')[0]


@pytest.fixture(scope='module')
def targette_sec():
    return PGPKey.from_file('tests/testdata/keys/targette.sec.rsa.asc')[0]


seckeys = [ PGPKey.from_file(f)[0] for f in sorted(glob.glob('tests/testdata/keys/*.sec.asc')) ]
pubkeys = [ PGPKey.from_file(f)[0] for f in sorted(glob.glob('tests/testdata/keys/*.pub.asc')) ]


class TestPGPKey_Actions(object):
    sigs = {}
    msgs = {}

    def gpg_verify(self, subject, sig=None, pubkey=None):
        # verify with GnuPG
        with gpg.Context(armor=True, offline=True) as c:
            c.set_engine_info(gpg.constants.PROTOCOL_OpenPGP, home_dir=gnupghome)

            # do we need to import the key?
            if pubkey:
                try:
Exemplo n.º 58
0
    def test_empty_key_action(self):
        key = PGPKey()

        with pytest.raises(PGPError):
            key.sign('asdf')