def test_sign_no_key(self): self_key = self.gen_key() signed = self_key.sign(MESSAGE) rmtree(self.pbp_path) self.gen_key() self.assertTrue( publickey.verify(signed, basedir=self.pbp_path) is None)
def verify_handler(infile=None, outfile=None, basedir=None): if not infile or infile == '-': fd = sys.stdin.buffer if hasattr(sys.stdin, 'buffer') else sys.stdin else: fd = open(infile, 'rb') if not outfile or outfile == '-': outfd = sys.stdout.buffer if hasattr(sys.stdout, 'buffer') else sys.stdout else: outfd = open(outfile, 'wb') # calculate hash sum of data state = nacl.crypto_generichash_init() block = fd.read(int(BLOCK_SIZE / 2)) while block: # use two half blocks, to overcome # sigs spanning block boundaries if len(block) == (BLOCK_SIZE / 2): next = fd.read(int(BLOCK_SIZE / 2)) else: next = b'' fullblock = block + next sigoffset = fullblock.rfind(SIGPREFIX) if 0 <= sigoffset <= (BLOCK_SIZE / 2): sig = b85decode(fullblock[sigoffset + len(SIGPREFIX):]) block = block[:sigoffset] next = b'' elif len(fullblock) < (BLOCK_SIZE / 2) + nacl.crypto_sign_BYTES: sig = fullblock[-nacl.crypto_sign_BYTES:] block = fullblock[:-nacl.crypto_sign_BYTES] next = b'' state = nacl.crypto_generichash_update(state, block) if outfd: outfd.write(block) block = next hashsum = nacl.crypto_generichash_final(state) sender, hashsum1 = publickey.verify(sig + hashsum, basedir=basedir) or ([], '') if sender and hashsum == hashsum1: sys.stderr.write("good message from %s\n" % sender) else: sys.stderr.write('verification failed\n') if fd != sys.stdin: fd.close() if outfd != sys.stdout: outfd.close()
def keycheck_handler(name=None, basedir=None): fname = publickey.get_pk_filename(basedir, name) with open(fname, 'rb') as fd: pk = fd.read() sigs = [] with open(fname + ".sig", 'rb') as fd: sigdat = fd.read() i = 0 csb = nacl.crypto_sign_BYTES while i < len(sigdat) / 64: res = publickey.verify(sigdat[i * csb:(i + 1) * csb] + pk, basedir=basedir, master=True) if res: sigs.append(res[0]) i += 1 sys.stderr.write('good signatures on %s from %s\n' % (name, ', '.join(sigs)))
def keycheck_handler(name=None, basedir=None): # handles verifying signatures of keys # name is the key to be verified # basedir the root for the keystore fname = publickey.get_pk_filename(basedir, name) with open(fname,'r') as fd: pk = fd.read() sigs=[] with open(fname+".sig",'r') as fd: sigdat=fd.read() i=0 csb = nacl.crypto_sign_BYTES while i<len(sigdat)/64: res = publickey.verify(sigdat[i*csb:(i+1)*csb]+pk, basedir=basedir, master=True) if res: sigs.append(res[0]) i+=1 return sigs
def keycheck_handler(name=None, basedir=None): # handles verifying signatures of keys # name is the key to be verified # basedir the root for the keystore fname = publickey.get_pk_filename(basedir, name) with open(fname, 'r') as fd: pk = fd.read() sigs = [] with open(fname + ".sig", 'r') as fd: sigdat = fd.read() i = 0 csb = nacl.crypto_sign_BYTES while i < len(sigdat) / 64: res = publickey.verify(sigdat[i * csb:(i + 1) * csb] + pk, basedir=basedir, master=True) if res: sigs.append(res[0]) i += 1 return sigs
def verify_handler(infile=None, outfile=None, basedir=None): # provides a high level function to verify signed files # infile specifies the filename of the input file, # if '-' or not specified it uses stdin # outfile specifies the filename of the output file, # basedir provides a root for the keystores # this function also handles buffering. fd = inputfd(infile) outfd = outputfd(outfile) # calculate hash sum of data state = nacl.crypto_generichash_init() block = fd.read(int(BLOCK_SIZE/2)) while block: # use two half blocks, to overcome # sigs spanning block boundaries if len(block)==(BLOCK_SIZE/2): next=fd.read(int(BLOCK_SIZE/2)) else: next='' fullblock = "%s%s" % (block, next) sigoffset = fullblock.rfind(SIGPREFIX) if 0 <= sigoffset <= (BLOCK_SIZE/2): sig = b85decode(fullblock[sigoffset+len(SIGPREFIX):]) block = block[:sigoffset] next = '' elif len(fullblock)<(BLOCK_SIZE/2)+nacl.crypto_sign_BYTES: sig = fullblock[-nacl.crypto_sign_BYTES:] block = fullblock[:-nacl.crypto_sign_BYTES] next = '' state = nacl.crypto_generichash_update(state, block) if outfd: outfd.write(block) block = next if fd != sys.stdin: fd.close() if outfd != sys.stdout: outfd.close() hashsum = nacl.crypto_generichash_final(state) sender, hashsum1 = publickey.verify(sig+hashsum, basedir=basedir) or ([], '') if sender and hashsum == hashsum1: return sender
def test_sign_master(self): self_key = self.gen_key() self.assertTrue( publickey.verify(self_key.sign(MESSAGE, master=True), basedir=self.pbp_path, master=True) is not None)
def test_sign(self): self_key = self.gen_key() self.assertTrue( publickey.verify(self_key.sign(MESSAGE), basedir=self.pbp_path) is not None)
def test_sign_fail(self): self_key = self.gen_key() signed = self_key.sign(MESSAGE) malformed = ''.join(chr(ord(c) ^ 42) for c in signed) self.assertTrue( publickey.verify(malformed, basedir=self.pbp_path) is None)