def test_key_inequality(): "public key and secret key are not equal" ks = jce.KeyStore("tests/files/store") key_from_store = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99") key_from_store2 = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99", "secret") assert not key_from_store == key_from_store2
def test_add_and_revoke_userid(): """Verifies that we can add uid to a cert""" tempdir = tempfile.TemporaryDirectory() ks = jce.KeyStore(tempdir.name) key = ks.import_cert("tests/files/store/secret.asc") # check that there is only one userid assert len(key.uids) == 1 # now add a new userid key2 = ks.add_userid(key, "Off Spinner <*****@*****.**>", "redhat") assert key2.fingerprint == key.fingerprint assert len(key2.uids) == 2 assert key2.keytype == jce.KeyType.SECRET # because at first all user ids are valid for uid in key2.uids: assert uid["revoked"] == False # now let us reove the new user id key3 = ks.revoke_userid(key2, "Off Spinner <*****@*****.**>", "redhat") # verify the values assert key3.fingerprint == key.fingerprint assert len(key3.uids) == 2 assert key3.keytype == jce.KeyType.SECRET for uid in key3.uids: if uid["value"] == "Off Spinner <*****@*****.**>": assert uid["revoked"] == True else: assert uid["revoked"] == False
def test_keystore_lifecycle(): ks = jce.KeyStore(tmpdirname.name) newkey = ks.create_newkey("redhat", "test key1 <*****@*****.**>", jce.Cipher.RSA4k) # the default key must be of secret assert newkey.keytype == jce.KeyType.SECRET ks.import_cert("tests/files/store/public.asc") ks.import_cert("tests/files/store/pgp_keys.asc") ks.import_cert("tests/files/store/hellopublic.asc") ks.import_cert("tests/files/store/secret.asc") # Now check the numbers of keys in the store assert (2, 2) == ks.details() ks.delete_key("F4F388BBB194925AE301F844C52B42177857DD79") assert (2, 1) == ks.details() # Now verify email cache key_via_fingerprint = ks.get_key( "A85FF376759C994A8A1168D8D8219C8C43F6C5E1") keys_via_emails = ks.get_keys(qvalue="*****@*****.**", qtype="email") assert len(keys_via_emails) == 1 assert key_via_fingerprint == keys_via_emails[0] # Now verify name cache key_via_fingerprint = ks.get_key( "F51C310E02DC1B7771E176D8A1C5C364EB5B9A20") keys_via_names = ks.get_keys(qvalue="Test User2 <*****@*****.**>", qtype="value") assert len(keys_via_names) == 1 assert key_via_fingerprint == keys_via_names[0]
def insert(resource_name: str): "take password from the user" password = getpass.getpass() password1 = getpass.getpass() if password != password1: print("Both the passwords are not same. Enter the correct password.") return dirname = os.path.expanduser("~/.sinduk") # encrypting the password ks = jce.KeyStore(dirname) key = ks.get_all_keys()[0] enc = ks.encrypt(key, password) filename = os.path.join(dirname, resource_name) # checking if the resource_name has `/` in it if resource_name.find("/"): dirname = os.path.join(dirname, os.path.dirname(resource_name)) # https://docs.python.org/3/library/os.html#os.makedirs # if the directory exists do not throw any error os.makedirs(dirname, 0o700, True) with open(filename, "wb") as fobj: fobj.write(enc) print(f"Password successfully saved under {resource_name}.")
def test_ks_creation_expiration_time(): """ Tests via Kushal's key and a new key """ # These two are known values from kushal etime = datetime.datetime(2020, 10, 16, 20, 53, 47) ctime = datetime.datetime(2017, 10, 17, 20, 53, 47) tmpdir = tempfile.TemporaryDirectory() # First let us check from the file keypath = "tests/files/store/pgp_keys.asc" ks = jce.KeyStore(tmpdir.name) k = ks.import_cert(keypath) assert etime.date() == k.expirationtime.date() assert ctime.date() == k.creationtime.date() # now with a new key and creation time ctime = datetime.datetime(2010, 10, 10, 20, 53, 47) newk = ks.create_newkey("redhat", "Another test key", ciphersuite=jce.Cipher.Cv25519, creation=ctime) assert ctime.date() == newk.creationtime.date() assert not newk.expirationtime # Now both creation and expirationtime ctime = datetime.datetime(2008, 10, 10, 20, 53, 47) etime = datetime.datetime(2025, 12, 15, 20, 53, 47) newk = ks.create_newkey("redhat", "Another test key", creation=ctime, expiration=etime) assert ctime.date() == newk.creationtime.date() assert etime.date() == newk.expirationtime.date() # Now both creation and expirationtime for subkeys ctime = datetime.datetime(2008, 10, 10, 20, 53, 47) etime = datetime.datetime(2029, 12, 15, 20, 53, 47) newk = ks.create_newkey( "redhat", "Test key with subkey expiration", creation=ctime, expiration=etime, subkeys_expiration=True, ) assert ctime.date() == newk.creationtime.date() for skeyid, subkey in newk.othervalues["subkeys"].items(): assert subkey[1].date() == etime.date() # Now only providing expirationtime for subkeys etime = datetime.datetime(2030, 6, 5, 20, 53, 47) newk = ks.create_newkey( "redhat", "Test key with subkey expiration", expiration=etime, subkeys_expiration=True, ) assert datetime.datetime.now().date() == newk.creationtime.date() for skeyid, subkey in newk.othervalues["subkeys"].items(): assert subkey[1].date() == etime.date()
def test_get_encrypted_for(): ks = jce.KeyStore("tests/files/store/") keyids = rjce.file_encrypted_for("tests/files/double_recipient.asc") assert keyids == ["1CF980B8E69E112A", "5A7A1560D46ED4F6"] with open("tests/files/double_recipient.asc", "rb") as fobj: data = fobj.read() keyids = rjce.bytes_encrypted_for(data) assert keyids == ["1CF980B8E69E112A", "5A7A1560D46ED4F6"]
def test_fetch_key_by_email(): tempdir = tempfile.TemporaryDirectory() ks = jce.KeyStore(tempdir.name) key = ks.fetch_key_by_email("*****@*****.**") assert len(key.uids) == 2 uid = key.uids[0] assert uid["name"] == "Anwesha Das" assert key.fingerprint == "2871635BE3B4E5C04F02B848C353BFE051D06C33"
def test_ks_upgrade_failure(): "tests db upgrade failure from an old db because of existing file" tempdir = tempfile.TemporaryDirectory() shutil.copy("tests/files/store/oldjce.db", os.path.join(tempdir.name, "jce.db")) shutil.copy("tests/files/store/oldjce.db", os.path.join(tempdir.name, "jce_upgrade.db")) with pytest.raises(RuntimeError): ks = jce.KeyStore(tempdir.name)
def test_fetch_key_by_fingerprint(): tempdir = tempfile.TemporaryDirectory() ks = jce.KeyStore(tempdir.name) key = ks.fetch_key_by_fingerprint( "EF6E286DDA85EA2A4BA7DE684E2C6E8793298290") assert len(key.uids) == 1 uid = key.uids[0] assert uid["email"] == "*****@*****.**" assert uid["name"] == "Tor Browser Developers"
def test_key_equality(): ks = jce.KeyStore("tests/files/store") key_from_store = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99") key_from_disk = jce.Key( "./tests/files/store/hellopublic.asc", "6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99", "public", ) assert key_from_store == key_from_disk
def test_ks_sign_verify_file(): inputfile = "tests/files/text.txt" tempdir = tempfile.TemporaryDirectory() shutil.copy(inputfile, tempdir.name) ks = jce.KeyStore("tests/files/store") key = "F51C310E02DC1B7771E176D8A1C5C364EB5B9A20" file_to_be_signed = os.path.join(tempdir.name, "text.txt") signed = ks.sign_file(key, file_to_be_signed, "redhat", write=True) assert signed.startswith("-----BEGIN PGP SIGNATURE-----\n") assert ks.verify_file(key, file_to_be_signed, file_to_be_signed + ".asc")
def test_ks_encrypt_decrypt_bytes(): "Encrypts and decrypt some bytes" ks = jce.KeyStore("tests/files/store") public_key = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20") encrypted = ks.encrypt(public_key, DATA) assert encrypted.startswith(b"-----BEGIN PGP MESSAGE-----\n") secret_key = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20") decrypted_text = ks.decrypt(secret_key, encrypted, password="******").decode("utf-8") assert DATA == decrypted_text
def test_ks_sign_verify_file(): inputfile = "tests/files/text.txt" tempdir = tempfile.TemporaryDirectory() shutil.copy(inputfile, tempdir.name) ks = jce.KeyStore("tests/files/store") key = "6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99" file_to_be_signed = os.path.join(tempdir.name, "text.txt") signed = ks.sign_file(key, file_to_be_signed, "redhat", write=True) assert signed.startswith("-----BEGIN PGP SIGNATURE-----\n") assert ks.verify_file(key, file_to_be_signed, file_to_be_signed + ".asc")
def init(keyfile: str): "initials the sinduk project for the user" if not os.path.exists(keyfile): print("The OpenPGP keyfile does not exist.") return dirname = os.path.expanduser("~/.sinduk") if not os.path.exists(dirname): os.mkdir(dirname) ks = jce.KeyStore(dirname) ks.import_cert(keyfile)
def test_ks_encrypt_decrypt_bytes(): "Encrypts and decrypt some bytes" ks = jce.KeyStore("tests/files/store") public_key = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99") encrypted = ks.encrypt(public_key, DATA) assert encrypted.startswith(b"-----BEGIN PGP MESSAGE-----\n") secret_key = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99", "secret") decrypted_text = ks.decrypt(secret_key, encrypted, password="******").decode("utf-8") assert DATA == decrypted_text
def test_get_pub_key(): """Verifies that we export only the public key part from any key""" ks = jce.KeyStore("./tests/files/store") fingerprint = "F51C310E02DC1B7771E176D8A1C5C364EB5B9A20" key = ks.get_key(fingerprint) # verify that the key is a secret key.keytype == 1 # now get the public key pub_key = key.get_pub_key() assert pub_key.startswith("-----BEGIN PGP PUBLIC KEY BLOCK-----")
def test_key_with_multiple_uids(): tempdir = tempfile.TemporaryDirectory() ks = jce.KeyStore(tempdir.name) uids = [ "Kushal Das <*****@*****.**>", "*****@*****.**", "This is also Kushal", ] k = ks.create_newkey("redhat", uids) uids, fp, secret, et, ct, othervalues = jce.parse_cert_bytes(k.keyvalue) assert len(uids) == 3
def test_add_userid_fails_for_public(): """Verifies that adding uid to a public key fails""" tempdir = tempfile.TemporaryDirectory() ks = jce.KeyStore(tempdir.name) key = ks.import_cert("tests/files/store/public.asc") # verify that the key is a secret assert len(key.uids) == 1 # now add a new userid with pytest.raises(ValueError): key2 = ks.add_userid(key, "Off Spinner <*****@*****.**>", "redhat")
def test_ks_encrypt_decrypt_file(encrypt_decrypt_file): "Encrypts and decrypt some bytes" inputfile = "tests/files/text.txt" output = "/tmp/text-encrypted.pgp" decrypted_output = "/tmp/text.txt" ks = jce.KeyStore("tests/files/store") public_key = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20") assert ks.encrypt_file(public_key, inputfile, output) secret_key = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20") ks.decrypt_file(secret_key, output, decrypted_output, password="******") verify_files(inputfile, decrypted_output)
def test_ks_encrypt_decrypt_bytes_to_file(): "Encrypts and decrypt some bytes" outputfile = os.path.join(tmpdirname.name, "encrypted.asc") ks = jce.KeyStore("tests/files/store") secret_key = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20") assert ks.encrypt(secret_key, DATA, outputfile=outputfile) with open(outputfile, "rb") as fobj: encrypted = fobj.read() secret_key = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20") decrypted_text = ks.decrypt(secret_key, encrypted, password="******").decode("utf-8") assert DATA == decrypted_text
def test_ks_encrypt_decrypt_file(encrypt_decrypt_file): "Encrypts and decrypt some bytes" inputfile = "tests/files/text.txt" output = "/tmp/text-encrypted.pgp" decrypted_output = "/tmp/text.txt" ks = jce.KeyStore("tests/files/store") public_key = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99") assert ks.encrypt_file(public_key, inputfile, output) secret_key = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99", "secret") ks.decrypt_file(secret_key, output, decrypted_output, password="******") verify_files(inputfile, decrypted_output)
def test_ks_encrypt_decrypt_bytes_to_file(): "Encrypts and decrypt some bytes" outputfile = os.path.join(tmpdirname.name, "encrypted.asc") ks = jce.KeyStore("tests/files/store") secret_key = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99") assert ks.encrypt(secret_key, DATA, outputfile=outputfile) with open(outputfile, "rb") as fobj: encrypted = fobj.read() secret_key = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99", "secret") decrypted_text = ks.decrypt(secret_key, encrypted, password="******").decode("utf-8") assert DATA == decrypted_text
def test_ks_encrypt_decrypt_bytes_to_file_multiple_recipients(): "Encrypts and decrypt some bytes" outputfile = os.path.join(tmpdirname.name, "encrypted.asc") ks = jce.KeyStore("tests/files/store") key1 = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20") key2 = ks.get_key("F4F388BBB194925AE301F844C52B42177857DD79") assert ks.encrypt([key1, key2], DATA, outputfile=outputfile) with open(outputfile, "rb") as fobj: encrypted = fobj.read() secret_key = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20") decrypted_text = ks.decrypt(secret_key, encrypted, password="******").decode("utf-8") assert DATA == decrypted_text
def test_keystore_contains_key(): "verifies __contains__ method for keystore" ks = jce.KeyStore(tmpdirname.name) keypath = "tests/files/store/secret.asc" ks.import_cert(keypath) _, fingerprint, keytype = jce.parse_cert_file(keypath) k = jce.Key(keypath, fingerprint, keytype) # First only the fingerprint assert fingerprint in ks # Next the Key object assert k in ks # This should be false assert not "1111111" in ks
def test_add_userid(): """Verifies that we can add uid to a cert""" tempdir = tempfile.TemporaryDirectory() ks = jce.KeyStore(tempdir.name) key = ks.import_cert("tests/files/store/secret.asc") # check that there is only one userid assert len(key.uids) == 1 # now add a new userid key2 = ks.add_userid(key, "Off Spinner <*****@*****.**>", "redhat") assert key2.fingerprint == key.fingerprint assert len(key2.uids) == 2 assert key2.keytype == jce.KeyType.SECRET
def test_ks_encrypt_decrypt_bytes_to_file_multiple_recipients(): "Encrypts and decrypt some bytes" outputfile = os.path.join(tmpdirname.name, "encrypted.asc") ks = jce.KeyStore("tests/files/store") key1 = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99") key2 = ks.get_key("BB2D3F20233286371C3123D5209940B9669ED621") assert ks.encrypt([key1, key2], DATA, outputfile=outputfile) with open(outputfile, "rb") as fobj: encrypted = fobj.read() secret_key = ks.get_key("6AC6957E2589CB8B5221F6508ADA07F0A0F7BA99", "secret") decrypted_text = ks.decrypt(secret_key, encrypted, password="******").decode("utf-8") assert DATA == decrypted_text
def test_ks_upgrade(): "tests db upgrade from an old db" tempdir = tempfile.TemporaryDirectory() shutil.copy("tests/files/store/oldjce.db", os.path.join(tempdir.name, "jce.db")) ks = jce.KeyStore(tempdir.name) con = sqlite3.connect(ks.dbpath) con.row_factory = sqlite3.Row # First we will check if this db schema is old or not with con: cursor = con.cursor() sql = "SELECT * from dbupgrade" cursor.execute(sql) fromdb = cursor.fetchone() assert fromdb["upgradedate"] == jce.DB_UPGRADE_DATE
def test_ks_encrypt_decrypt_bytes_multiple_recipients(): "Encrypts and decrypt some bytes" ks = jce.KeyStore("tests/files/store") key1 = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20") key2 = ks.get_key("F4F388BBB194925AE301F844C52B42177857DD79") encrypted = ks.encrypt([key1, key2], DATA) assert encrypted.startswith(b"-----BEGIN PGP MESSAGE-----\n") secret_key1 = ks.get_key("F4F388BBB194925AE301F844C52B42177857DD79") decrypted_text = ks.decrypt(secret_key1, encrypted, password="******").decode("utf-8") assert DATA == decrypted_text secret_key2 = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20") decrypted_text = ks.decrypt(secret_key2, encrypted, password="******").decode("utf-8") assert DATA == decrypted_text
def test_update_subkey_expiry_time(): "Updates the expirytime for a given subkey" ks = jce.KeyStore("tests/files/store") key = ks.get_key("F4F388BBB194925AE301F844C52B42177857DD79") fps = [ "102EBD23BD5D2D340FBBDE0ADFD1C55926648D2F", ] newkeyvalue = rjce.update_subkeys_expiry_in_cert(key.keyvalue, fps, 60 * 60 * 24, "redhat") _, _, _, _, _, othervalues = rjce.parse_cert_bytes(newkeyvalue) tomorrow = datetime.date.today() + datetime.timedelta(days=1) for skey in othervalues["subkeys"]: if skey[1] == "102EBD23BD5D2D340FBBDE0ADFD1C55926648D2F": date = skey[3] assert date.date() == tomorrow
def test_ks_encrypt_decrypt_file_multiple_recipients(encrypt_decrypt_file): "Encrypts and decrypt some bytes" inputfile = "tests/files/text.txt" output = "/tmp/text-encrypted.pgp" decrypted_output = "/tmp/text.txt" ks = jce.KeyStore("tests/files/store") key1 = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20") key2 = ks.get_key("F4F388BBB194925AE301F844C52B42177857DD79") encrypted = ks.encrypt_file([key1, key2], inputfile, output) secret_key1 = ks.get_key("F51C310E02DC1B7771E176D8A1C5C364EB5B9A20") ks.decrypt_file(secret_key1, output, decrypted_output, password="******") verify_files(inputfile, decrypted_output) secret_key2 = ks.get_key("F4F388BBB194925AE301F844C52B42177857DD79") ks.decrypt_file(secret_key2, output, decrypted_output, password="******") verify_files(inputfile, decrypted_output)