def test_sign_and_encrypt(self): # Let's imagine we've just got sent the key from the key-sending side keydata = open(self.sender_key, "rb").read() # for some reason pgpy does not like the stray data before # https://github.com/SecurityInnovation/PGPy/issues/218 keydata = keydata[keydata.index('-----'):] # We find out what UIDs the sender key has keys = get_usable_keys(homedir=self.sender_homedir) assert_equals(1, len(keys)) key = keys[0] uids = key.uidslist del key del keys # We are the receiver and we sign the sender's key. # This is a tuple (uid, encrypted) uid_encrypted = list( sign_keydata_and_encrypt(keydata, error_cb=None, homedir=self.receiver_homedir)) assert_equals(len(uids), len(uid_encrypted)) signatures_before = {} signatures_after = {} import pgpy pgpykeys = pgpy.PGPKey.from_blob(keydata) log.info("Loaded Keys: %r", pgpykeys) k = pgpykeys[0] for uid in k.userids: # We make the UID a string, because we might not get the # very same object back later. And I don't know whether # the dict uses "is" or "eq" for finding members signatures_before[u"{}".format(uid)] = uid._signatures for plain_uid, enc_uid in zip(uids, uid_encrypted): uid_from_signing = enc_uid[0] signed_uid = enc_uid[1] # The test doesn't work so well, because comments # are not rendered :-/ # assert_in(uid.uid, [e[0] for e in uid_encrypted]) # Decrypt... from monkeysign.gpg import Keyring # We sent back the key to the key-sending side kr = Keyring(homedir=self.sender_homedir) log.info("encrypted UID: %r", enc_uid) decrypted = kr.decrypt_data(signed_uid) log.info("ctx out: %r", kr.context.stdout) log.info("ctx err: %r", kr.context.stderr) assert_true(decrypted, "Error decrypting %r" % signed_uid) # Now we have the signed UID. We want see if it really carries a signature. pgpykeys = pgpy.PGPKey.from_blob(decrypted) log.info("Loaded Signed Keys: %r", pgpykeys) k = pgpykeys[0] # assert_equal(uid_from_signing, k.userids[0]) assert_equal(len(k.userids), 1) uid = k.userids[0] uidstr = u"{}".format(uid) assert_in(uidstr, signatures_before) # Now we have the signed UID. We want see if it really carries a signature. signatures_after[uidstr] = uid._signatures assert_less(len(signatures_before[uidstr]), len(signatures_after[uidstr]))
def test_get_usable_key_no_pattern(self): keys = get_usable_keys(homedir=self.homedir) assert_equals(1, len(keys)) key = keys[0] assert_equals(self.originalkey, key)
def test_get_usable_key_fpr(self): fpr = self.originalkey.fingerprint keys = get_usable_keys(fpr, homedir=self.homedir) assert_equals(1, len(keys)) key = keys[0] assert_equals(fpr, self.originalkey.fingerprint)
def test_get_empty_usable_keys(): homedir = tempfile.mkdtemp() keys = get_usable_keys(homedir=homedir) assert_equals(0, len(keys))