def test_verify_string(self):
"""verify string is correct"""
results = []
for _, identity in self.identities.iddb.items():
results.append(crypto.pk_sign_string(
self.plaintext, identity, None))
self.assertTrue(results[0] != results[1])
for _, identity in self.identities.iddb.items():
signature = crypto.pk_sign_string(self.plaintext, identity, None)
self.assertTrue(crypto.pk_verify_signature(
self.plaintext, signature, identity))
def test_verify_string(self):
"""verify string is correct"""
results = []
for identity in self.session.query(Recipient).all():
results.append(pk_sign_string(self.plaintext, dict(identity),
None))
self.assertTrue(results[0] != results[1])
for identity in self.session.query(Recipient).all():
signature = pk_sign_string(self.plaintext, dict(identity), None)
cert = (self.session.query(Cert).filter(
Cert.recipients.contains(identity)).first())
self.assertTrue(
pk_verify_signature(self.plaintext, signature, [cert]))
def _add_recipient(
self,
recipient,
secret=None,
distributor=None,
session=None,
encryption_algorithm="rsautl",
passphrase=None,
card_slot=None,
):
####################################################################
"""Add recipient or sharer to list"""
####################################################################
try:
encrypted_secrets = {}
identity = (
session.query(Recipient).filter(Recipient.name == recipient).first()
)
for cert in (
session.query(Cert).filter(Cert.recipients.contains(identity)).all()
):
if encryption_algorithm == "rsautl":
(encrypted_secret, encrypted_derived_key) = pk_encrypt_string(
secret, cert.cert_bytes
)
encrypted_secrets[cert.fingerprint] = {
"encrypted_secret": encrypted_secret,
"derived_key": encrypted_derived_key,
"recipient_hash": cert.subjecthash,
}
distributor = (
session.query(Recipient).filter(Recipient.name == distributor).first()
)
try:
distributor_hash = get_card_subjecthash()
except X509CertificateError:
distributor_hash = (
session.query(Cert)
.filter(Cert.recipients.contains(distributor))
.first()
.subjecthash
)
recipient_entry = {
"encrypted_secrets": encrypted_secrets,
"encryption_algorithm": encryption_algorithm,
"timestamp": time(),
"distributor": distributor.name,
"distributor_hash": distributor_hash,
}
message = self._create_signable_string(recipient_entry)
recipient_entry["signature"] = pk_sign_string(
message, dict(distributor), passphrase, card_slot
)
return recipient_entry
except KeyError as err:
raise NotARecipientError(
f"Identity '{recipient}' is not on the recipient list for password '{self.metadata['name']}'"
) from err
def _add_recipient(
self,
recipient,
secret=None,
distributor=None,
identitydb=None,
encryption_algorithm='rsautl',
passphrase=None,
card_slot=None,
):
"""Add recipient or sharer to list"""
#######################################################################
try:
encrypted_secrets = {}
for cert in identitydb.iddb[recipient]['certs']:
if encryption_algorithm == 'rsautl':
if 'key_path' in identitydb.iddb[recipient].keys():
(encrypted_secret, encrypted_derived_key) = crypto.pk_encrypt_string(
secret, identitydb.iddb[recipient])
else:
(encrypted_secret, encrypted_derived_key) = crypto.pk_encrypt_string(
secret, cert['cert_bytes'])
encrypted_secrets[cert['fingerprint']] = {
'encrypted_secret': encrypted_secret,
'derived_key': encrypted_derived_key,
'recipient_hash': cert['subjecthash'],
}
try:
distributor_hash = crypto.get_card_subjecthash()
except X509CertificateError:
distributor_hash = identitydb.iddb[distributor]['certs'][0]['subjecthash']
recipient_entry = {
'encrypted_secrets': encrypted_secrets,
'encryption_algorithm': encryption_algorithm,
'timestamp': time(),
'distributor': distributor,
'distributor_hash': distributor_hash,
}
message = self._create_signable_string(recipient_entry)
recipient_entry['signature'] = crypto.pk_sign_string(
message,
identitydb.iddb[distributor],
passphrase, card_slot
)
return recipient_entry
except KeyError:
raise NotARecipientError(
"Identity '%s' is not on the recipient list for password '%s'" %
(recipient, self.metadata['name']))
def _add_recipient(self,
recipient,
secret=None,
distributor=None,
identitydb=None,
encryption_algorithm='rsautl',
passphrase=None,
card_slot=None):
"""Add recipient or sharer to list"""
#######################################################################
try:
if encryption_algorithm == 'rsautl':
(encrypted_secret,
encrypted_derived_key) = crypto.pk_encrypt_string(
secret, identitydb.iddb[recipient])
recipient_entry = {
'encrypted_secret': encrypted_secret,
'derived_key': encrypted_derived_key,
'distributor': distributor,
'distributor_hash':
identitydb.iddb[distributor]['subjecthash'],
'recipient_hash': identitydb.iddb[recipient]['subjecthash'],
# 'distributor_fingerprint': crypto.get_cert_fingerprint( identitydb.iddb[distributor] ),
# 'recipient_fingerprint': crypto.get_cert_fingerprint( identitydb.iddb[recipient] ),
'encryption_algorithm': encryption_algorithm,
'timestamp': time.time()
}
message = self._create_signable_string(recipient_entry)
recipient_entry['signature'] = crypto.pk_sign_string(
message, identitydb.iddb[distributor], passphrase, card_slot)
return recipient_entry
except KeyError:
raise NotARecipientError(
"Identity '%s' is not on the recipient list for password '%s'"
% (recipient, self.metadata['name']))