def decrypt_entry(self, identity=None, passphrase=None, card_slot=None): #################################################################### """Decrypt this password entry for a particular identity (usually the user)""" #################################################################### try: recipient_entry = self.recipients[identity["name"]] except KeyError as err: raise NotARecipientError( f"Identity '{identity}' is not on the recipient list for password '{self.metadata['name']}'" ) from err try: # support old yaml format return pk_decrypt_string( recipient_entry["encrypted_secret"], recipient_entry["derived_key"], identity, passphrase, card_slot, ) except KeyError: try: # support rsa if "key" in identity and identity["key"]: for _, value in recipient_entry["encrypted_secrets"].items(): return pk_decrypt_string( value["encrypted_secret"], value["derived_key"], identity, passphrase, ) else: cert_key = get_card_fingerprint(card_slot=card_slot) return pk_decrypt_string( recipient_entry["encrypted_secrets"][cert_key][ "encrypted_secret" ], recipient_entry["encrypted_secrets"][cert_key]["derived_key"], identity, passphrase, card_slot, ) except DecryptionError as err: msg = create_error_message(recipient_entry["timestamp"], card_slot) raise DecryptionError( f"Error decrypting password named '{self.metadata['name']}'. {msg}" ) from err except KeyError as err: raise DecryptionError( f"Error decrypting password named '{self.metadata['name']}'. Appropriate private key not found" ) from err except DecryptionError as err: msg = create_error_message(recipient_entry["timestamp"], card_slot) raise DecryptionError( f"Error decrypting password named '{self.metadata['name']}'. {msg}" ) from err
def decrypt_entry(self, identity=None, passphrase=None, card_slot=None): """ Decrypt this password entry for a particular identity (usually the user) """ ####################################################################### try: recipient_entry = self.recipients[identity['uid']] except KeyError: raise NotARecipientError( "Identity '%s' is not on the recipient list for password '%s'" % (identity['uid'], self.metadata['name'])) try: # support old yaml format return crypto.pk_decrypt_string( recipient_entry['encrypted_secret'], recipient_entry['derived_key'], identity, passphrase, card_slot) except KeyError: try: # support rsa if 'key_path' in identity.keys(): for _, value in recipient_entry['encrypted_secrets'].items(): return crypto.pk_decrypt_string( value['encrypted_secret'], value['derived_key'], identity, passphrase ) else: cert_key = crypto.get_card_fingerprint() return crypto.pk_decrypt_string( recipient_entry['encrypted_secrets'][cert_key]['encrypted_secret'], recipient_entry['encrypted_secrets'][cert_key]['derived_key'], identity, passphrase, card_slot) except DecryptionError: msg = create_error_message(recipient_entry['timestamp'], card_slot) raise DecryptionError( "Error decrypting password named '%s'. %s" % (self.metadata['name'], msg)) except KeyError: raise DecryptionError( "Error decrypting password named '%s'. Appropriate private key not found" % self.metadata['name']) except DecryptionError: msg = create_error_message(recipient_entry['timestamp'], card_slot) raise DecryptionError("Error decrypting password named '%s'. %s" % (self.metadata['name'], msg))
def test_encrypt_string(self): """Test encrypting a string""" results = [] for _, identity in self.identities.iddb.items(): results.append(crypto.pk_encrypt_string(self.plaintext, identity['certs'][0]['cert_bytes'])) self.assertTrue(results[0] != results[1]) # Encrypt/Decrypt strings for all test identities and make sure we get back what we put in for _, identity in self.identities.iddb.items(): (ciphertext, derived_key) = crypto.pk_encrypt_string( self.plaintext, identity['certs'][0]['cert_bytes']) plaintext = crypto.pk_decrypt_string( ciphertext, derived_key, identity, None) self.assertEqual(self.plaintext, plaintext)
def test_encrypt_string(self): """Test encrypting a string""" results = [] for identity in self.session.query(Recipient).all(): cert = (self.session.query(Cert).filter( Cert.recipients.contains(identity)).first()) results.append(pk_encrypt_string(self.plaintext, cert.cert_bytes)) self.assertTrue(results[0] != results[1]) # Encrypt/Decrypt strings for all test identities and make sure we get back what we put in for identity in self.session.query(Recipient).all(): cert = (self.session.query(Cert).filter( Cert.recipients.contains(identity)).first()) (ciphertext, derived_key) = pk_encrypt_string(self.plaintext, cert.cert_bytes) plaintext = pk_decrypt_string(ciphertext, derived_key, dict(identity), None) self.assertEqual(self.plaintext, plaintext)
def decrypt_entry(self, identity=None, passphrase=None, card_slot=None): """ Decrypt this password entry for a particular identity (usually the user) """ ####################################################################### try: recipient_entry = self.recipients[identity['uid']] except KeyError: raise NotARecipientError( "Identity '%s' is not on the recipient list for password '%s'" % (identity['uid'], self.metadata['name'])) try: return crypto.pk_decrypt_string( recipient_entry['encrypted_secret'], recipient_entry['derived_key'], identity, passphrase, card_slot) except DecryptionError: raise DecryptionError( "Error decrypting password named '%s'. Perhaps a bad pin/passphrase?" % self.metadata['name'])