Merge remote-tracking branch 'tomgalloway/develop' into fix/67-hidden-encrypt
Isis Lovecruft
commit
09c6a08637
|
|
@ -804,6 +804,7 @@ class GPGBase(object):
|
|||
symmetric=False,
|
||||
always_trust=True,
|
||||
output=None,
|
||||
hidden_recipients=None,
|
||||
cipher_algo='AES256',
|
||||
digest_algo='SHA512',
|
||||
compress_algo='ZLIB'):
|
||||
|
|
@ -876,6 +877,10 @@ class GPGBase(object):
|
|||
>>> decrypted
|
||||
'The crow flies at midnight.'
|
||||
|
||||
:param list hidden_recipients: A list of recipients that should
|
||||
have their keyid zero'd out in packet
|
||||
information.
|
||||
|
||||
:param str cipher_algo: The cipher algorithm to use. To see available
|
||||
algorithms with your version of GnuPG, do:
|
||||
:command:`$ gpg --with-colons --list-config
|
||||
|
|
@ -942,21 +947,27 @@ class GPGBase(object):
|
|||
log.info("Can't accept recipient string: %s"
|
||||
% recp)
|
||||
else:
|
||||
args.append('--recipient %s' % str(recp))
|
||||
self._add_recipient_string(args, hidden_recipients, str(recp))
|
||||
continue
|
||||
## will give unicode in 2.x as '\uXXXX\uXXXX'
|
||||
if isinstance(hidden_recipients, (list, tuple)):
|
||||
if [s for s in hidden_recipients if recp in str(s)]:
|
||||
args.append('--hidden-recipient %r' % recp)
|
||||
else:
|
||||
args.append('--recipient %r' % recp)
|
||||
else:
|
||||
args.append('--recipient %r' % recp)
|
||||
continue
|
||||
if isinstance(recp, str):
|
||||
args.append('--recipient %s' % recp)
|
||||
self._add_recipient_string(args, hidden_recipients, recp)
|
||||
|
||||
elif (not _util._py3k) and isinstance(recp, basestring):
|
||||
for recp in recipients.split('\x20'):
|
||||
args.append('--recipient %s' % recp)
|
||||
self._add_recipient_string(args, hidden_recipients, recp)
|
||||
|
||||
elif _util._py3k and isinstance(recp, str):
|
||||
for recp in recipients.split(' '):
|
||||
args.append('--recipient %s' % recp)
|
||||
self._add_recipient_string(args, hidden_recipients, recp)
|
||||
## ...and now that we've proven py3k is better...
|
||||
|
||||
else:
|
||||
|
|
@ -978,3 +989,12 @@ class GPGBase(object):
|
|||
log.info("Encrypted output written successfully.")
|
||||
|
||||
return result
|
||||
|
||||
def _add_recipient_string(self, args, hidden_recipients, recipient):
|
||||
if isinstance(hidden_recipients, (list, tuple)):
|
||||
if [s for s in hidden_recipients if recipient in str(s)]:
|
||||
args.append('--hidden-recipient %s' % recipient)
|
||||
else:
|
||||
args.append('--recipient %s' % recipient)
|
||||
else:
|
||||
args.append('--recipient %s' % recipient)
|
||||
|
|
@ -1512,6 +1512,8 @@ class ListPackets(object):
|
|||
self.need_passphrase_sym = None
|
||||
#: The keyid and uid which this data is encrypted to.
|
||||
self.userid_hint = None
|
||||
#: A list of keyid's that the message has been encrypted to.
|
||||
self.key = []
|
||||
|
||||
def _handle_status(self, key, value):
|
||||
"""Parse a status code from the attached GnuPG process.
|
||||
|
|
@ -1521,9 +1523,8 @@ class ListPackets(object):
|
|||
if key == 'NODATA':
|
||||
self.status = nodata(value)
|
||||
elif key == 'ENC_TO':
|
||||
# This will only capture keys in our keyring. In the future we
|
||||
# may want to include multiple unknown keys in this list.
|
||||
self.key, _, _ = value.split()
|
||||
key_to_add, _, _ = value.split()
|
||||
self.key.append(key_to_add)
|
||||
elif key == 'NEED_PASSPHRASE':
|
||||
self.need_passphrase = True
|
||||
elif key == 'NEED_PASSPHRASE_SYM':
|
||||
|
|
|
|||
|
|
@ -885,6 +885,41 @@ authentication."""
|
|||
|
||||
self.assertEqual(message, decrypted)
|
||||
|
||||
def test_encryption_one_hidden_recipient_one_not(self):
|
||||
"""Test to ensure hidden recipient isn't detailed in packet info"""
|
||||
|
||||
alice = open(os.path.join(_files, 'test_key_1.pub'))
|
||||
alice_pub = alice.read()
|
||||
alice_public = self.gpg.import_keys(alice_pub)
|
||||
res = alice_public.results[-1:][0]
|
||||
alice_pfpr = str(res['fingerprint'])
|
||||
alice.close()
|
||||
|
||||
bob = open(os.path.join(_files, 'test_key_2.pub'))
|
||||
bob_pub = bob.read()
|
||||
bob_public = self.gpg.import_keys(bob_pub)
|
||||
res = bob_public.results[-1:][0]
|
||||
bob_pfpr = str(res['fingerprint'])
|
||||
bob.close()
|
||||
|
||||
message = """
|
||||
In 2010 Riggio and Sicari presented a practical application of homomorphic
|
||||
encryption to a hybrid wireless sensor/mesh network. The system enables
|
||||
transparent multi-hop wireless backhauls that are able to perform statistical
|
||||
analysis of different kinds of data (temperature, humidity, etc.) coming from
|
||||
a WSN while ensuring both end-to-end encryption and hop-by-hop
|
||||
authentication."""
|
||||
enc = self.gpg.encrypt(message, alice_pfpr, bob_pfpr, hidden_recipients=[alice_pfpr])
|
||||
encrypted = str(enc)
|
||||
log.debug("keyid = %s"
|
||||
% alice_pfpr)
|
||||
|
||||
self.assertNotEquals(message, encrypted)
|
||||
## We expect Alice's key to be hidden (returned as zero's) and Bob's
|
||||
## key to be there.
|
||||
expected_values = ["0000000000000000", "E0ED97345F2973D6"]
|
||||
self.assertEquals(expected_values, self.gpg.list_packets(encrypted).key)
|
||||
|
||||
def test_encryption_decryption_multi_recipient(self):
|
||||
"""Test decryption of an encrypted string for multiple users"""
|
||||
|
||||
|
|
@ -1075,6 +1110,7 @@ suites = { 'parsers': set(['test_parsers_fix_unsafe',
|
|||
'test_encryption_alt_encoding',
|
||||
'test_encryption_multi_recipient',
|
||||
'test_encryption_decryption_multi_recipient',
|
||||
'test_encryption_one_hidden_recipient_one_not',
|
||||
'test_decryption',
|
||||
'test_symmetric_encryption_and_decryption',
|
||||
'test_file_encryption_and_decryption',
|
||||
|
|
|
|||
Loading…
Reference in New Issue