def test_parse_compressed_zlib(self):
msg = """-----BEGIN PGP MESSAGE-----
Version: GnuPG v2
owFtUm1MFEcY5lAqnqJFWhpSautCLJiL7OzOfh0FQkREEpq0igk0hO7szh4b8A5u
Dw6KJxVo09ZrKicSCfEDpY39OisfLUHx40RA6I8SiBJBw5Wm1ZqmVtQE0dI5Yn80
6fyZzDvP87zP884ciFoWFmnqSq0uGfAfHDGN3kFh+dOfZNdSyKHWUNZaqhQvbZpu
t2FnuVO3uygrJSIRsRwCAmA4qCBOExTIiQJELIsEkRcVKGOJVWTKQpU4jBCDyCDZ
wJt1B6mRQ7Gukur/4EuXLmhAA5UDKo8ZVeB5GUmMLAIWI8hptKoAXsYy0qAoIZZX
BEaBDFQlUeGJMRmyEpKJJB2Sq1ySU0UNA5HVOCRigWWgxIsSQIQgYZljgRQCGthp
l3djgsY12KA8FsqJqxylOJTe0G3EsEFZ36E0GWq0BgCrMowmYVrUGEmRNValaRIB
KSwgM8Eaq/CIE1SORoBhaZ4BCGgc4ACmNaqIaJNuVbqyJP6sq013lVSi/zrZUWnP
cstOLeTGVVMeKrkxKn5GLka6XSXvQjhV2GnoDjtlBQSpuPQQG0BIc4DnedFC4epy
3YmL9RCCE3iRJstClZOERJJRMcnEsyrkJGkHpoGmkbliBQqiKkPA8owkYh7IZO4s
hwHLMrKEVU5RJcjQSMIiFcpTYXcQcZ4YlW1ElIzMLrsqnZjymD8Oj18eZooMey4i
PPS5wswrn//3x9n+Wvs0LuVE58tNvQH3QHSPmrpxT3Fc3dbmrd4X824UDqQZD2yZ
/uZXN0UYK5CFH0WzZzz3evCDfeKjvJgLP0/J6zK+f9LWbkmKXr5YdDjq7aj1bwze
HdGyPTFfwc9d4depF8qy/f11/fPxPza2FYy4rNsZJ13ts+3sLqxKNL6JSF7XXHra
tOFR+5aEnC+LzJe3rCnsSh27P6tuHM2AhV/jyT2DjcOb83OCC2m5Aw87UJWBRKbf
slpYOHJjavxsVr69bY5POnHz+M2zq7tNuV3Tvp41H8xN1KavF7tX/nSfS8w8Op7R
EhtpvxLu+9S9atuZg7u8rRvoU+dj9z6p9Fa044TJnDv+3EbvqXs9vcHb1oHjecN1
EzU1wYbUBcfv+eefPh57vW94U+rutILeIT144AvX+MmoCPO191v6Cs/d/kNYFWzy
vXYp/d2p2bjrnuls3GX0ZczOBYINJ+Ojf6gv+0xKTI/wnTvUnvDRpWNN11plxuQU
vA3s4K/bFnuZkk6rqe+XwOSQ/5Zrxu+r8L55eu8R2H+V+a7irYkCU3jcsg8TLPv3
/xk7XpqyMzZqJjC06DF12t6Lhe6W+bWBqytcHY230i/+lpKdMhSTOGMeeSmt9e5F
68N54XJHpuKG6VmPDx0ucfHJo/Vw7NvEC0fNenlu574rrzQl/e0pC9Tvoqe3e5PF
fwA=
=3Snw
-----END PGP MESSAGE-----""".encode()
data = AsciiData(msg)
packets = list(data.packets())
self.assertEqual(packets[0].raw_compression_algo, 1)
newpackets = list(BinaryData(packets[0].decompressed_data).packets())
self.assertEqual(len(newpackets), 3)
def check_proof(s, kblock):
data = AsciiData(kblock)
for packet in data.packets():
if packet.tag() == 17:
packet.parse()
print "User Attribute found: ", packet
return 1
def test_parse_v3_elgamal_pk(self):
'''Two older version 3 public keys.'''
rawdata = self.load_data('v3elgpk.asc')
data = AsciiData(rawdata)
packets = list(data.packets())
self.assertEqual(3, len(packets))
packet = packets[0]
self.assertTrue(isinstance(packet, PublicKeyPacket))
self.assertEqual(16, packet.raw_pub_algorithm)
self.assertEqual("elg", packet.pub_algorithm_type)
self.assertEqual(888716291, packet.raw_creation_time)
self.assertIsNone(packet.expiration_time)
self.assertIsNone(packet.modulus)
self.assertIsNone(packet.modulus_bitlen)
self.assertIsNone(packet.exponent)
self.assertIsNotNone(packet.prime)
self.assertIsNotNone(packet.group_gen)
self.assertEqual(b"FF570A03", packet.key_id)
self.assertEqual(b"7C4529FB11669ACA567BD53972000594",
packet.fingerprint)
self.assertTrue(isinstance(packets[1], UserIDPacket))
packet = packets[2]
self.assertTrue(isinstance(packet, SignaturePacket))
self.assertEqual(16, packet.raw_pub_algorithm)
self.assertEqual(888716292, packet.raw_creation_time)
def test_parse_sessionkey_elg(self):
'''This file contains a public key and message encrypted with an
ElGamal Encrypt-Only key.'''
asc_data = self.load_data('sessionkey_elg.asc')
data = AsciiData(asc_data)
packets = list(data.packets())
self.assertEqual(2, len(packets))
session_key = packets[0]
self.assertEqual(3, session_key.session_key_version)
self.assertEqual(b"B705D3A4C3751D38", session_key.key_id)
self.assertEqual(16, session_key.raw_pub_algorithm)
self.assertEqual("ElGamal Encrypt-Only", session_key.pub_algorithm)
def test_parse_sessionkey_rsa(self):
'''This file contains a public key and message encrypted with a RSA
Encrypt or Sign key.'''
asc_data = self.load_data('sessionkey_rsa.asc')
data = AsciiData(asc_data)
packets = list(data.packets())
self.assertEqual(2, len(packets))
session_key = packets[0]
self.assertEqual(3, session_key.session_key_version)
self.assertEqual(b"1C39A7BD114BFFA5", session_key.key_id)
self.assertEqual(1, session_key.raw_pub_algorithm)
self.assertEqual("RSA Encrypt or Sign", session_key.pub_algorithm)
def generate_public_key_file(self):
if self.public_key_file:
return
identity = "Time capsule key for %s (%s)" % (self.release_date_display(), json.dumps(self.get_gpg_info()))
self.public_key_file, self.temp_private_key_file = generate_public_elgamal_key(self.p, self.g, self.y, identity)
# get key id
parsed_key = AsciiData(self.public_key_file)
elgamal_packet = next(packet for packet in parsed_key.packets() if type(packet)==PublicSubkeyPacket)
self.elgamal_key_id = elgamal_packet.key_id
self.save()
def partIsEncrypted(self, part):
"""
determine if a part is encrypted or not
"""
try:
data = AsciiData(part.get_payload(decode=True))
packets = list()
for pkt in data.packets():
packets.append(pkt)
log("valid pgp message with {} packets".format(len(packets)))
return len(packets) > 0
except:
return False
def get_pgp_key_data(armored_key):
try:
ascii_data = AsciiData(armored_key.encode())
except PgpdumpException as err:
# It's all bouncy castles fault (or pgpdump). we need to insert an additional newline
if "BCPG" in armored_key:
position = armored_key.find("BCPG")
newline = armored_key.find("\n", position)
new_armored_key = armored_key[0:newline] + "\n" + armored_key[
newline:]
ascii_data = AsciiData(new_armored_key.encode())
else:
raise err
return ascii_data
def decrypt(request):
if request.method != "POST":
return HttpResponseNotAllowed(["POST"])
uploaded_file = request.FILES.get('file')
if not uploaded_file:
return HttpResponseBadRequest("Please supply a file upload.")
# parse file for key id
file_contents = uploaded_file.read()
try:
parsed_file = AsciiData(file_contents)
except PgpdumpException:
try:
parsed_file = BinaryData(file_contents)
except PgpdumpException:
return HttpResponseBadRequest("Can't parse PGP file.")
public_key_packet = next(
packet for packet in parsed_file.packets()
if type(packet) == PublicKeyEncryptedSessionKeyPacket)
elgamal_key_id = public_key_packet.key_id
# get key
try:
keypair = KeyPair.objects.get(elgamal_key_id=elgamal_key_id)
except KeyPair.DoesNotExist:
return HttpResponseBadRequest("No key was found matching this file.")
if not keypair.private_key_file:
return HttpResponseBadRequest(
"We do not yet have a private key to decrypt this file (release date %s)."
% keypair.release_date_display())
# decrypt
output = gpg_decrypt(keypair.private_key_file, file_contents)
if not output.ok:
return HttpResponseBadRequest("Unable to decrypt file.")
# deliver
if output.data_filename:
output_name = output.data_filename
else:
output_name = uploaded_file.name
if output_name.endswith('.gpg'):
output_name = output_name[:-4]
return deliver_file(output.data, 'application/octet-stream', output_name)
def test_parse_ascii_clearsign(self):
'''This is a clearsigned document with an expiring signature, so tests
both the ignore pattern in AsciiData as well as additional signature
subpackets.'''
asc_data = self.load_data('README.asc')
data = AsciiData(asc_data)
packets = list(data.packets())
self.assertEqual(1, len(packets))
sig_packet = packets[0]
self.assertFalse(sig_packet.new)
self.assertEqual(3, len(sig_packet.subpackets))
self.check_sig_packet(sig_packet, 76, 4, 1, 1332874080,
b"5C2E46A0F53A76ED", 17, 2)
# raw expires time is in seconds from creation date
self.assertEqual(345600, sig_packet.raw_expiration_time)
expires = datetime(2012, 3, 31, 18, 48, 00)
self.assertEqual(expires, sig_packet.expiration_time)
def test_parse_ascii_sig_packet(self):
asc_data = b'''
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEABECAAYFAk6neOwACgkQXC5GoPU6du23AQCgghWjIFgBazXWIZNj4PGnkuYv
gMsAoLGOjudliDT9u0UqxN9KeJ22Jdne
=KYol
-----END PGP SIGNATURE-----'''
data = AsciiData(asc_data)
packets = list(data.packets())
self.assertEqual(1, len(packets))
sig_packet = packets[0]
self.assertFalse(sig_packet.new)
self.check_sig_packet(sig_packet, 70, 4, 0, 1319598316,
b"5C2E46A0F53A76ED", 17, 2)
self.assertEqual(2, len(sig_packet.subpackets))
def test_parse_v3_sig(self):
asc_data = b'''
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
iD8DBQBPWDfGXC5GoPU6du0RAq6XAKC3TejpiBsu3pGF37Q9Id/vPzoFlwCgtwXE
E/GGdt/Cn5Rr1G933H9nwxo=
=aJ6u
-----END PGP SIGNATURE-----'''
data = AsciiData(asc_data)
packets = list(data.packets())
self.assertEqual(1, len(packets))
sig_packet = packets[0]
self.assertFalse(sig_packet.new)
self.check_sig_packet(sig_packet, 63, 3, 0, 1331181510,
b"5C2E46A0F53A76ED", 17, 2)
self.assertEqual(b'\xae\x97', sig_packet.hash2)
self.assertEqual(0, len(sig_packet.subpackets))
def main(keyfile, expert):
passphrase = None
print("\nNitroinit - Create and import GnuPG keys to the Nitrokey\n")
# No keyfile was given, thus create a new key and import this one
if keyfile is None:
print("No keyfile was provided. We create a new key, back it up and then import it to " + \
"the Nitrokey.")
print("You can provide an existing key via '--keyfile' flag. Please use '--help' for " + \
"more information.")
print("We start key creation now...\n")
keyfile = create_key(expert)
else:
# get passphrase
passphrase = getpass.getpass("Please provide passphrase of the key or hit enter if no " + \
"passphrase is used: ")
# open key file and parse it to get the key packets
with open(keyfile, 'rb') as f:
if keyfile.endswith('.asc') or keyfile.endswith('.txt'):
data = AsciiData(f.read(), secret_keys=True, passphrase=passphrase)
else:
data = BinaryData(f.read(),
secret_keys=True,
passphrase=passphrase)
userid, keys = parse_packets(data.packets())
# TODO add test case for this
keys = check_keys(keys)
print_summary(userid, keys)
# Do not import, dry-run only
if dry:
sys.exit(0)
input("\nPlease press enter to start importing... (Ctrl-C otherwise)\n")
import_keys(keys)
print("\nImport successful.\n")
from pgpdump import AsciiData
file = open('AliceMsgtxt.asc', 'rb')
asc_data = file.read()
data = AsciiData(asc_data)
packets = list(data.packets())
datastr = str(packets[0].sig_data)
databytes = packets[0].data
x = ''
# for byte_s in databytes:
# print(''.join('{:02x}'.format(byte_s)))
# x += ''.join('{:02x}'.format(byte_s))
#
# print(len(databytes))
r = '0x'
s = '0x'
for i in range(len(databytes)):
# print(i)
# print(''.join('{:02x}'.format(databytes[i])))
x += ''.join('{:02x}'.format(databytes[i]))
if i > 39 and i <= 59:
r += ''.join('{:02x}'.format(databytes[i]))
if i > 61:
s += ''.join('{:02x}'.format(databytes[i]))
print('x:' + x)
from pgpdump import AsciiData
from pgpdump.packet import (
PublicKeyPacket,
PublicSubkeyPacket,
SignaturePacket,
UserIDPacket,
)
from pgpdump.utils import crc24
import base64
import struct
import sys
data = []
keys = []
has_uid = False
for packet in AsciiData(open(sys.argv[1]).read().encode('ascii')).packets():
# RFC 4880, 4.2.1
length = struct.pack('>i', packet.length).lstrip(b'\0')
length_type = {
1: 0,
2: 1,
4: 2,
}.get(len(length))
if length_type is None:
print('Cannot encode a packet of length {}'.format(packet.length),
file=sys.stderr)
sys.exit(1)
# Only keep the first uid, self-signatures, and public keys/subkeys
if isinstance(packet, UserIDPacket):
if has_uid:
from pgpdump import AsciiData
from base64 import b64encode, encodebytes, standard_b64encode
import binascii
from pgp.pgpFileHelper import writePrivateKeyASC
from pgp.pgpManipulateKeyfile_helper import printDSAKeyPaket
keyfile = open('bob-dsa-private-keyasc.sec', 'rb')
keyasc_data = keyfile.read()
keydata = AsciiData(keyasc_data)
keypackets = list(keydata.packets())
keydatabytes = keypackets[0].data
privatekeypaket = ''
j = len(keydatabytes)
# From keydatabytes to privatekeypacket which is string
# Privatekeypaket is String and used for replacing the private key
while j > 0:
privatekeypaket += ''.join('{:02x}'.format(keydatabytes[len(keydatabytes) -
j]))
j -= 1
#print('keydatabytes: ' + privatekeypaket)
# Analyzes the DSA key paket and prints all relevant data
# If Checksum doesn't fit the conditions there will be a new one calculated and returned
printDSAKeyPaket(keydatabytes)
print('OLD_keydatabytes: ' + privatekeypaket)
def lambda_handler(event, context):
"""
:param event:
:param context:
:return:
INFO: pgpdump has problem on parse expiration_time.
"""
public_key_content = event.get('public_key_content', '').encode('utf-8')
filename = event['filename']
if filename != '0A.asc' and filename[1] == 'A':
encrypt_content = event['encrypt_content'].encode('utf-8')
encrypt_file_key_id_list = []
for pkeskp in list(AsciiData(encrypt_content).packets()):
encrypt_file_key_id = getattr(pkeskp, 'key_id',
'')[-8:].upper().decode('utf-8')
if encrypt_file_key_id:
encrypt_file_key_id_list.append(encrypt_file_key_id)
if len(encrypt_file_key_id_list) != 2:
return {
'status': 403,
'message': '403 Forbidden: PublicKeyCountError'
}
encrypt_file_key_id_list.remove(PUBLIC_KEY_ID)
public_key_file_key_id = encrypt_file_key_id_list[0]
dynamo = boto3.resource('dynamodb').Table(DYNAMODB_TABLE)
response = dynamo.get_item(
Key={
'email': public_key_file_key_id,
'type': 'reverse-apply-account-at-exam.yueh-cake.com'
})
item = response.get('Item', {})
if not item:
return {
'status': 403,
'message': '403 Forbidden: PublicKeyID DoesNotExist'
}
email = item.get('public_key_id_email', '')
if not email:
return {
'status': 403,
'message': '403 Forbidden: EmailDoesNotExist'
}
s3 = boto3.client('s3')
_key = '%s/%s-%s/%s' % (S3_LOCATION, email, public_key_file_key_id,
filename)
try:
s3.head_object(Bucket=S3_BUCKET, Key=_key)
except:
response = s3.put_object(
ACL='public-read',
Body=encrypt_content,
Bucket=S3_BUCKET,
ContentType='text/plain',
Key=_key,
StorageClass='STANDARD',
)
send_notice(email=email, filename=filename)
return {'status': 200, 'message': filename}
else:
return {'status': 403, 'message': filename + ' was exist'}
elif filename == '0A.asc':
ad = AsciiData(public_key_content)
adps = list(ad.packets())
pub_algorithm_type = adps[0].pub_algorithm_type.lower()
raw_pub_algorithm = adps[0].raw_pub_algorithm
user_name = adps[1].user_name.lower()
user_email = adps[1].user_email.lower()
public_key_file_key_id = adps[3].key_id[-8:].upper().decode('utf-8')
if pub_algorithm_type != 'rsa' or raw_pub_algorithm != 1:
return {
'status': 403,
'message': '403 Forbidden: PublicKey TypeError'
}
if re.sub('(applicants|[ \(\)])', '', user_name):
return {
'status':
403,
'message':
'403 Forbidden: PublicKey UserNameError, It should be "applicants (applicants) <%s>"'
% user_email
}
dynamo = boto3.resource('dynamodb').Table(DYNAMODB_TABLE)
response = dynamo.get_item(
Key={
'email': user_email,
'type': 'apply-account-at-exam.yueh-cake.com'
})
item = response.get('Item', {})
if not item:
return {
'status': 403,
'message': '403 Forbidden: PublicKey EmailAddressDoesNotExist'
}
elif (int(item['timestamp']) + 86400) < int(time()):
return {
'status': 403,
'message': '403 Forbidden: EmailAddressExpiration'
}
elif item.get('public_key_id', ''):
return {
'status': 403,
'message': '403 Forbidden: PublicKeyAlreadyExist'
}
encrypt_content = event['encrypt_content'].encode('utf-8')
encrypt_file_key_id_list = []
for pkeskp in list(AsciiData(encrypt_content).packets()):
encrypt_file_key_id = getattr(pkeskp, 'key_id', '')[-8:].upper()
if encrypt_file_key_id:
encrypt_file_key_id_list.append(
encrypt_file_key_id.decode('utf-8'))
if len(encrypt_file_key_id_list) != 2:
return {
'status': 403,
'message': '403 Forbidden: PublicKeyCountError'
}
elif PUBLIC_KEY_ID not in encrypt_file_key_id_list or public_key_file_key_id not in encrypt_file_key_id_list:
return {
'status': 403,
'message': '403 Forbidden: PublicKeyUsageError'
}
s3 = boto3.client('s3')
response = s3.get_object(Bucket=S3_BUCKET,
Key='%s/index.html' % S3_LOCATION)
index_html = response['Body'].read().decode('utf-8')
user_directory = '%s/%s-%s' % (S3_LOCATION, user_email,
public_key_file_key_id)
index_html = re.sub(
'<div id="build_version">.*</div>',
'<div id="create_time">Create Time at {}</div>'.format(
datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S+UTC')),
index_html)
index_html = re.sub(
'(<textarea[^>]+name="public_key_content")></textarea>',
'\\1 readonly="readonly" style="background-color : #d1d1d1;">{}</textarea>'
.format(public_key_content), index_html)
index_html = re.sub('<li[^>]+id="0A"[^>]+>', '<li id="0A">',
index_html)
response = s3.put_object(
ACL='public-read',
Body=index_html,
Bucket=S3_BUCKET,
ContentType='text/html',
Key='%s/index.html' % user_directory,
StorageClass='STANDARD',
)
response = s3.put_object(
ACL='public-read',
Body=public_key_content,
Bucket=S3_BUCKET,
ContentType='text/plain',
Key='%s/public_key.asc' % user_directory,
StorageClass='STANDARD',
)
response = s3.put_object(
ACL='public-read',
Body=encrypt_content,
Bucket=S3_BUCKET,
ContentType='text/plain',
Key='%s/0A.asc' % user_directory,
StorageClass='STANDARD',
)
dynamo.update_item(
Key={
'email': user_email,
'type': 'apply-account-at-exam.yueh-cake.com'
},
UpdateExpression="set public_key_id = :public_key_id",
ExpressionAttributeValues={
":public_key_id": public_key_file_key_id
},
ReturnValues="UPDATED_NEW",
)
dynamo.put_item(
Item={
"timestamp": int(time()),
"email": public_key_file_key_id,
"public_key_id_email": user_email,
"type": 'reverse-apply-account-at-exam.yueh-cake.com'
})
Q1 = encrypt_text(random_q1(),
public_keys=[
PUBLIC_KEY_CONTENT,
public_key_content.decode('utf-8')
])
response = s3.put_object(
ACL='public-read',
Body=Q1,
Bucket=S3_BUCKET,
ContentType='text/plain',
Key='%s/1Q.asc' % user_directory,
StorageClass='STANDARD',
)
filename += " and 1Q.asc"
send_notice(email=user_email, filename=filename)
return {'status': 200, 'message': user_directory}
else:
return {'status': 403, 'message': 'FilenameError'}
def test_parse_linus_ascii(self):
with open('linus.asc', 'rb') as keyfile:
rawdata = keyfile.read()
data = AsciiData(rawdata)
packets = list(data.packets())
self.assertEqual(44, len(packets))
def test_parse_linus_ascii(self):
rawdata = self.load_data('linus.asc')
data = AsciiData(rawdata)
packets = list(data.packets())
self.assertEqual(44, len(packets))
