def Create(loc, name, purpose, asymmetric=None):
if mock is None and loc is None: # not testing
raise errors.KeyczarError("Location missing")
kmd = None
if purpose == keyinfo.SIGN_AND_VERIFY:
if asymmetric is None:
kmd = keydata.KeyMetadata(name, purpose, keyinfo.HMAC_SHA1)
elif asymmetric.lower() == "rsa":
kmd = keydata.KeyMetadata(name, purpose, keyinfo.RSA_PRIV)
else: # default to DSA
kmd = keydata.KeyMetadata(name, purpose, keyinfo.DSA_PRIV)
elif purpose == keyinfo.DECRYPT_AND_ENCRYPT:
if asymmetric is None:
kmd = keydata.KeyMetadata(name, purpose, keyinfo.AES)
else: # default to RSA
kmd = keydata.KeyMetadata(name, purpose, keyinfo.RSA_PRIV)
else:
raise errors.KeyczarError("Missing or unsupported purpose")
if mock is not None: # just testing, update mock object
mock.kmd = kmd
else:
writer = writers.CreateWriter(loc)
try:
writer.WriteMetadata(kmd, overwrite=False)
finally:
writer.Close()
def PublicKeyExport(self, dest, mock=None):
"""Export the public keys corresponding to our key set to destination."""
kmd = self.metadata
pubkmd = None
if kmd.type == keyinfo.DSA_PRIV and kmd.purpose == keyinfo.SIGN_AND_VERIFY:
pubkmd = keydata.KeyMetadata(kmd.name, keyinfo.VERIFY,
keyinfo.DSA_PUB)
elif kmd.type == keyinfo.RSA_PRIV:
if kmd.purpose == keyinfo.DECRYPT_AND_ENCRYPT:
pubkmd = keydata.KeyMetadata(kmd.name, keyinfo.ENCRYPT,
keyinfo.RSA_PUB)
elif kmd.purpose == keyinfo.SIGN_AND_VERIFY:
pubkmd = keydata.KeyMetadata(kmd.name, keyinfo.VERIFY,
keyinfo.RSA_PUB)
if pubkmd is None:
raise errors.KeyczarError("Cannot export public key")
for v in self.versions:
pubkmd.AddVersion(v)
pubkey = self.GetKey(v).public_key
if mock: # only for testing
mock.SetPubKey(v.version_number, pubkey)
else:
util.WriteFile(str(pubkey),
os.path.join(dest, str(v.version_number)))
if mock: # only for testing
mock.pubkmd = pubkmd
else:
util.WriteFile(str(pubkmd), os.path.join(dest, "meta"))
def _CreateKeyset(name, purpose, key_type): """Constructs a Keyczar keyset, passing the specified arguments to the KeyMetadata constructor. Adds one primary key to the keyset and returns the keyset as a Python dict. """ # Construct the metadata and add the first crypt key with primary status, meaning # it will be used to both encrypt/sign and decrypt/verify (rather than just # decrypt/verify). meta = keydata.KeyMetadata(name, purpose, key_type) writer = keyczar_dict.DictWriter() writer.WriteMetadata(meta) czar = keyczar.GenericKeyczar(keyczar_dict.DictReader(writer.dict)) czar.AddVersion(keyinfo.PRIMARY) czar.Write(writer) return writer.dict
def __init__(self, name, purpose, key_type, encrypted=False):
self.kmd = keydata.KeyMetadata(name, purpose, key_type, encrypted)
self.pubkmd = None
self.keys = {}
self.pubkeys = {}
def __init__(self, key, purpose):
self._key = key
self._meta = keydata.KeyMetadata("Imported", purpose, key.type)
self._meta.AddVersion(keydata.KeyVersion(1, keyinfo.PRIMARY, False))