def test_verify_signature_bad(self): to_sign = "this is some text.\nIt's something\n." similar = "this is some text.\r\n.It's something\r\n." _, detached = crypto.detached_signature_for(to_sign, self.key) with self.assertRaises(GPGProblem): crypto.verify_detached(similar, detached)
def test_verify_signature_good(self): to_sign = "this is some text.\nIt's something\n." _, detached = crypto.detached_signature_for(to_sign, self.key) try: crypto.verify_detached(to_sign, detached) except GPGProblem: raise AssertionError
def test_verify_signature_bad(self): to_sign = "this is some text.\nIt's something\n." similar = "this is some text.\r\n.It's something\r\n." with gpg.core.Context() as ctx: _, detached = crypto.detached_signature_for(to_sign, [ctx.get_key(FPR)]) with self.assertRaises(GPGProblem): crypto.verify_detached(similar, detached)
def test_verify_signature_bad(self): to_sign = b"this is some text.\nIt's something\n." similar = b"this is some text.\r\n.It's something\r\n." with gpg.core.Context() as ctx: _, detached = crypto.detached_signature_for( to_sign, [ctx.get_key(FPR)]) with self.assertRaises(GPGProblem): crypto.verify_detached(similar, detached)
def test_verify_signature_good(self): to_sign = "this is some text.\nIt's something\n." with gpg.core.Context() as ctx: _, detached = crypto.detached_signature_for(to_sign, [ctx.get_key(FPR)]) try: crypto.verify_detached(to_sign, detached) except GPGProblem: raise AssertionError
def test_verify_signature_good(self): to_sign = b"this is some text.\nIt's something\n." with gpg.core.Context() as ctx: _, detached = crypto.detached_signature_for( to_sign, [ctx.get_key(FPR)]) try: crypto.verify_detached(to_sign, detached) except GPGProblem: raise AssertionError
def _make_signed(self): """Create a signed message that is multipart/signed.""" text = b'This is some text' t = email.mime.text.MIMEText(text, 'plain', 'utf-8') _, sig = crypto.detached_signature_for( t.as_bytes(policy=email.policy.SMTP), self.keys) s = email.mime.application.MIMEApplication( sig, 'pgp-signature', email.encoders.encode_7or8bit) m = email.mime.multipart.MIMEMultipart('signed', None, [t, s]) m.set_param('protocol', 'application/pgp-signature') m.set_param('micalg', 'pgp-sha256') return m
def test_detached_signature_for(self): to_sign = "this is some text.\nit is more than nothing.\n" _, detached = crypto.detached_signature_for(to_sign, self.key) with tempfile.NamedTemporaryFile(delete=False) as f: f.write(detached) sig = f.name self.addCleanup(os.unlink, f.name) with tempfile.NamedTemporaryFile(delete=False) as f: f.write(to_sign) text = f.name self.addCleanup(os.unlink, f.name) res = subprocess.check_call(['gpg', '--verify', sig, text]) self.assertEqual(res, 0)
def test_valid_signature_generated(self): to_sign = "this is some text.\nit is more than nothing.\n" with gpg.core.Context() as ctx: _, detached = crypto.detached_signature_for(to_sign, [ctx.get_key(FPR)]) with tempfile.NamedTemporaryFile(delete=False) as f: f.write(detached) sig = f.name self.addCleanup(os.unlink, f.name) with tempfile.NamedTemporaryFile(delete=False) as f: f.write(to_sign) text = f.name self.addCleanup(os.unlink, f.name) res = subprocess.check_call(['gpg', '--verify', sig, text], stdout=DEVNULL, stderr=DEVNULL) self.assertEqual(res, 0)
def test_valid_signature_generated(self): to_sign = b"this is some text.\nit is more than nothing.\n" with gpg.core.Context() as ctx: _, detached = crypto.detached_signature_for( to_sign, [ctx.get_key(FPR)]) with tempfile.NamedTemporaryFile(delete=False) as f: f.write(detached) sig = f.name self.addCleanup(os.unlink, f.name) with tempfile.NamedTemporaryFile(delete=False) as f: f.write(to_sign) text = f.name self.addCleanup(os.unlink, f.name) res = subprocess.check_call(['gpg2', '--verify', sig, text], stdout=DEVNULL, stderr=DEVNULL) self.assertEqual(res, 0)
def construct_mail(self): """ compiles the information contained in this envelope into a :class:`email.Message`. """ # Build body text part. To properly sign/encrypt messages later on, we # convert the text to its canonical format (as per RFC 2015). canonical_format = self.body.encode("utf-8") canonical_format = canonical_format.replace("\\t", " " * 4) textpart = MIMEText(canonical_format, "plain", "utf-8") # wrap it in a multipart container if necessary if self.attachments: inner_msg = MIMEMultipart() inner_msg.attach(textpart) # add attachments for a in self.attachments: inner_msg.attach(a.get_mime_representation()) else: inner_msg = textpart if self.sign: plaintext = crypto.email_as_string(inner_msg) logging.debug("signing plaintext: " + plaintext) try: signatures, signature_str = crypto.detached_signature_for(plaintext, self.sign_key) if len(signatures) != 1: raise GPGProblem(("Could not sign message " "(GPGME did not return a signature)")) except gpgme.GpgmeError as e: if e.code == gpgme.ERR_BAD_PASSPHRASE: # If GPG_AGENT_INFO is unset or empty, the user just does # not have gpg-agent running (properly). if os.environ.get("GPG_AGENT_INFO", "").strip() == "": raise GPGProblem(("Bad passphrase and " "GPG_AGENT_INFO not set. Please setup " "gpg-agent.")) else: raise GPGProblem(("Bad passphrase. Is " "gpg-agent running?")) raise GPGProblem(str(e)) micalg = crypto.RFC3156_micalg_from_algo(signatures[0].hash_algo) outer_msg = MIMEMultipart("signed", micalg=micalg, protocol="application/pgp-signature") # wrap signature in MIMEcontainter signature_mime = MIMEApplication( _data=signature_str, _subtype='pgp-signature; name="signature.asc"', _encoder=encode_7or8bit ) signature_mime["Content-Description"] = "signature" signature_mime.set_charset("us-ascii") # add signed message and signature to outer message outer_msg.attach(inner_msg) outer_msg.attach(signature_mime) outer_msg["Content-Disposition"] = "inline" else: outer_msg = inner_msg headers = self.headers.copy() # add Message-ID if "Message-ID" not in headers: headers["Message-ID"] = [email.Utils.make_msgid()] if "User-Agent" in headers: uastring_format = headers["User-Agent"][0] else: uastring_format = settings.get("user_agent").strip() uastring = uastring_format.format(version=__version__) if uastring: headers["User-Agent"] = [uastring] # copy headers from envelope to mail for k, vlist in headers.items(): for v in vlist: outer_msg[k] = encode_header(k, v) return outer_msg
def construct_mail(self): """ compiles the information contained in this envelope into a :class:`email.Message`. """ # Build body text part. To properly sign/encrypt messages later on, we # convert the text to its canonical format (as per RFC 2015). canonical_format = self.body.encode('utf-8') canonical_format = canonical_format.replace('\\t', ' ' * 4) textpart = MIMEText(canonical_format, 'plain', 'utf-8') # wrap it in a multipart container if necessary if self.attachments: inner_msg = MIMEMultipart() inner_msg.attach(textpart) # add attachments for a in self.attachments: inner_msg.attach(a.get_mime_representation()) else: inner_msg = textpart if self.sign: plaintext = crypto.email_as_string(inner_msg) logging.debug('signing plaintext: ' + plaintext) try: signatures, signature_str = crypto.detached_signature_for( plaintext, self.sign_key) if len(signatures) != 1: raise GPGProblem(("Could not sign message " "(GPGME did not return a signature)")) except gpgme.GpgmeError as e: if e.code == gpgme.ERR_BAD_PASSPHRASE: # If GPG_AGENT_INFO is unset or empty, the user just does # not have gpg-agent running (properly). if os.environ.get('GPG_AGENT_INFO', '').strip() == '': msg = "Got invalid passphrase and GPG_AGENT_INFO\ not set. Please set up gpg-agent." raise GPGProblem(msg) else: raise GPGProblem(("Bad passphrase. Is " "gpg-agent running?")) raise GPGProblem(str(e)) micalg = crypto.RFC3156_micalg_from_algo(signatures[0].hash_algo) unencrypted_msg = MIMEMultipart('signed', micalg=micalg, protocol= 'application/pgp-signature') # wrap signature in MIMEcontainter stype = 'pgp-signature; name="signature.asc"' signature_mime = MIMEApplication(_data=signature_str, _subtype=stype, _encoder=encode_7or8bit) signature_mime['Content-Description'] = 'signature' signature_mime.set_charset('us-ascii') # add signed message and signature to outer message unencrypted_msg.attach(inner_msg) unencrypted_msg.attach(signature_mime) unencrypted_msg['Content-Disposition'] = 'inline' else: unencrypted_msg = inner_msg if self.encrypt: plaintext = crypto.email_as_string(unencrypted_msg) logging.debug('encrypting plaintext: ' + plaintext) try: encrypted_str = crypto.encrypt(plaintext, self.encrypt_keys.values()) except gpgme.GpgmeError as e: raise GPGProblem(str(e)) outer_msg = MIMEMultipart('encrypted', protocol='application/pgp-encrypted') version_str = 'Version: 1' encryption_mime = MIMEApplication(_data=version_str, _subtype='pgp-encrypted', _encoder=encode_7or8bit) encryption_mime.set_charset('us-ascii') encrypted_mime = MIMEApplication(_data=encrypted_str, _subtype='octet-stream', _encoder=encode_7or8bit) encrypted_mime.set_charset('us-ascii') outer_msg.attach(encryption_mime) outer_msg.attach(encrypted_mime) else: outer_msg = unencrypted_msg headers = self.headers.copy() # add Message-ID if 'Message-ID' not in headers: headers['Message-ID'] = [email.Utils.make_msgid()] if 'User-Agent' in headers: uastring_format = headers['User-Agent'][0] else: uastring_format = settings.get('user_agent').strip() uastring = uastring_format.format(version=__version__) if uastring: headers['User-Agent'] = [uastring] # copy headers from envelope to mail for k, vlist in headers.items(): for v in vlist: outer_msg[k] = encode_header(k, v) return outer_msg
def construct_mail(self): """ compiles the information contained in this envelope into a :class:`email.Message`. """ # Build body text part. To properly sign/encrypt messages later on, we # convert the text to its canonical format (as per RFC 2015). canonical_format = self.body.encode('utf-8') canonical_format = canonical_format.replace('\\t', ' ' * 4) textpart = MIMEText(canonical_format, 'plain', 'utf-8') # wrap it in a multipart container if necessary if self.attachments: inner_msg = MIMEMultipart() inner_msg.attach(textpart) # add attachments for a in self.attachments: inner_msg.attach(a.get_mime_representation()) else: inner_msg = textpart if self.sign: plaintext = helper.email_as_string(inner_msg) logging.debug('signing plaintext: ' + plaintext) try: signatures, signature_str = crypto.detached_signature_for( plaintext, self.sign_key) if len(signatures) != 1: raise GPGProblem("Could not sign message (GPGME " "did not return a signature)", code=GPGCode.KEY_CANNOT_SIGN) except gpgme.GpgmeError as e: if e.code == gpgme.ERR_BAD_PASSPHRASE: # If GPG_AGENT_INFO is unset or empty, the user just does # not have gpg-agent running (properly). if os.environ.get('GPG_AGENT_INFO', '').strip() == '': msg = "Got invalid passphrase and GPG_AGENT_INFO\ not set. Please set up gpg-agent." raise GPGProblem(msg, code=GPGCode.BAD_PASSPHRASE) else: raise GPGProblem("Bad passphrase. Is gpg-agent " "running?", code=GPGCode.BAD_PASSPHRASE) raise GPGProblem(str(e), code=GPGCode.KEY_CANNOT_SIGN) micalg = crypto.RFC3156_micalg_from_algo(signatures[0].hash_algo) unencrypted_msg = MIMEMultipart('signed', micalg=micalg, protocol='application/pgp-signature') # wrap signature in MIMEcontainter stype = 'pgp-signature; name="signature.asc"' signature_mime = MIMEApplication(_data=signature_str, _subtype=stype, _encoder=encode_7or8bit) signature_mime['Content-Description'] = 'signature' signature_mime.set_charset('us-ascii') # add signed message and signature to outer message unencrypted_msg.attach(inner_msg) unencrypted_msg.attach(signature_mime) unencrypted_msg['Content-Disposition'] = 'inline' else: unencrypted_msg = inner_msg if self.encrypt: plaintext = helper.email_as_string(unencrypted_msg) logging.debug('encrypting plaintext: ' + plaintext) try: encrypted_str = crypto.encrypt(plaintext, self.encrypt_keys.values()) except gpgme.GpgmeError as e: raise GPGProblem(str(e), code=GPGCode.KEY_CANNOT_ENCRYPT) outer_msg = MIMEMultipart('encrypted', protocol='application/pgp-encrypted') version_str = 'Version: 1' encryption_mime = MIMEApplication(_data=version_str, _subtype='pgp-encrypted', _encoder=encode_7or8bit) encryption_mime.set_charset('us-ascii') encrypted_mime = MIMEApplication(_data=encrypted_str, _subtype='octet-stream', _encoder=encode_7or8bit) encrypted_mime.set_charset('us-ascii') outer_msg.attach(encryption_mime) outer_msg.attach(encrypted_mime) else: outer_msg = unencrypted_msg headers = self.headers.copy() # add Message-ID if 'Message-ID' not in headers: headers['Message-ID'] = [email.Utils.make_msgid()] if 'User-Agent' in headers: uastring_format = headers['User-Agent'][0] else: uastring_format = settings.get('user_agent').strip() uastring = uastring_format.format(version=__version__) if uastring: headers['User-Agent'] = [uastring] # copy headers from envelope to mail for k, vlist in headers.items(): for v in vlist: outer_msg[k] = encode_header(k, v) return outer_msg