Add a testing mode to GPG.gen_key_input() which uses insecure PRNG.

* This should only be used in the unittests, as the PRNG it uses in GnuPG does not create strong keypairs (though it's faster, thus why we're using it for testing).
2013-05-11 08:43:33 +00:00 · 2013-05-11 08:43:33 +00:00 · a7afce0394
parent f95c3c7c1e
commit a7afce0394
2 changed files with 21 additions and 6 deletions
--- a/gnupg/gnupg.py
+++ b/gnupg/gnupg.py
@ -660,7 +660,7 @@ class GPG(object):
        f.close()
        return key

-    def gen_key_input(self, **kwargs):
+    def gen_key_input(self, testing=False, **kwargs):
        """Generate a batch file for input to :meth:`GPG.gen_key()`.

        The GnuPG batch file key generation feature allows unattended key
@ -720,27 +720,43 @@ class GPG(object):
        """

        parms = {}
+
        for key, val in list(kwargs.items()):
            key = key.replace('_','-').title()
            if str(val).strip():    # skip empty strings
                parms[key] = val
+
        parms.setdefault('Key-Type', 'RSA')
        parms.setdefault('Key-Length', 4096)
        parms.setdefault('Name-Real', "Autogenerated Key")
        parms.setdefault('Expire-Date', _util._next_year())
+
        try:
            logname = os.environ['LOGNAME']
        except KeyError:
            logname = os.environ['USERNAME']
        hostname = socket.gethostname()
-        parms.setdefault('Name-Email', "%s@%s"
-                         % (logname.replace(' ', '_'), hostname))
+
+        parms.setdefault('Name-Email', "%s@%s" % (logname.replace(' ', '_'),
+                                                  hostname))
+
+        if testing:
+            ## This specific comment string is required by (some? all?)
+            ## versions of GnuPG to use the insecure PRNG:
+            parms.setdefault('Name-Comment', 'insecure!')

        out = "Key-Type: %s\n" % parms.pop('Key-Type')
+
        for key, val in list(parms.items()):
            out += "%s: %s\n" % (key, val)
+
        out += "%%pubring %s\n" % self.pubring
        out += "%%secring %s\n" % self.secring
+
+        if testing:
+            out += "%no-protection\n"
+            out += "%transient-key\n"
+            
        out += "%commit\n"
        return out

--- a/gnupg/tests/test_gnupg.py
+++ b/gnupg/tests/test_gnupg.py
@ -265,7 +265,6 @@ class GPGTestCase(unittest.TestCase):

        batch = {'Key-Type': key_type,
                 'Key-Length': key_length,
-                 'Name-Comment': 'python-gnupg tester',
                 'Expire-Date': 1,
                 'Name-Real': '%s' % real_name,
                 'Name-Email': ("%s@%s" % (name, email_domain))}
@ -276,7 +275,7 @@ class GPGTestCase(unittest.TestCase):
            batch['Subkey-Type'] = subkey_type
            batch['Subkey-Length'] = key_length

-        key_input = self.gpg.gen_key_input(**batch)
+        key_input = self.gpg.gen_key_input(testing=True, **batch)
        return key_input

    def generate_key(self, real_name, email_domain, **kwargs):
@ -568,7 +567,7 @@ class GPGTestCase(unittest.TestCase):
        self.assertAlmostEqual(int(now), int(verified.timestamp), delta=1000)
        self.assertEqual(
            verified.username,
-            u'Bruce Schneier (python-gnupg tester) <bruceschneier@schneier.com>')
+            u'Bruce Schneier (insecure!) <bruceschneier@schneier.com>')

    def test_signature_verification_clearsign(self):
        """Test verfication of an embedded signature."""