Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_sign_ctmessage(self, targette_sec, targette_pub, ctmessage):
# test signing a cleartext message
expire_at = datetime.utcnow() + timedelta(days=1)
sig = targette_sec.sign(ctmessage, expires=expire_at)
assert sig.type == SignatureType.CanonicalDocument
assert sig.revocable
assert sig.is_expired is False
ctmessage |= sig
if gpg:
# verify with GnuPG
self.gpg_verify(ctmessage, pubkey=targette_pub)
def test_sign_string(self, targette_sec, targette_pub, string):
# test signing a string
# test with all possible subpackets
sig = targette_sec.sign(string,
user=targette_sec.userids[0].name,
expires=timedelta(seconds=30),
revocable=False,
notation={'Testing': 'This signature was generated during unit testing',
'cooldude': bytearray(b'\xc0\x01\xd0\x0d')},
policy_uri='about:blank')
assert sig.type == SignatureType.BinaryDocument
assert sig.notation == {'Testing': 'This signature was generated during unit testing',
'cooldude': bytearray(b'\xc0\x01\xd0\x0d')}
assert sig.revocable is False
assert sig.policy_uri == 'about:blank'
# assert sig.sig.signer_uid == "{:s}".format(sec.userids[0])
assert next(iter(sig._signature.subpackets['SignersUserID'])).userid == "{:s}".format(targette_sec.userids[0])
# if not sig.is_expired:
# time.sleep((sig.expires_at - datetime.utcnow()).total_seconds())
assert sig.is_expired is False
self.sigs['string'] = sig
if gpg:
# verify with GnuPG
self.gpg_verify(string, sig, targette_pub)
def test_sign_standalone(self, sec):
# test creating a standalone signature
with warnings.catch_warnings():
warnings.simplefilter('ignore')
sig = sec.sign(None, notation={"cheese status": "standing alone"})
assert sig.type == SignatureType.Standalone
assert sig.notation == {"cheese status": "standing alone"}
self.sigs[(sec._key.fingerprint.keyid, 'standalone')] = sig
:keyword reason: Defaults to :py:obj:`constants.RevocationReason.NotSpecified`
:type reason: One of :py:obj:`constants.RevocationReason`.
:keyword comment: Defaults to an empty string.
:type comment: ``str``
"""
hash_algo = prefs.pop('hash', None)
if isinstance(target, PGPUID):
sig_type = SignatureType.CertRevocation
elif isinstance(target, PGPKey):
##TODO: check to make sure that the key that is being revoked:
# - is this key
# - is one of this key's subkeys
# - specifies this key as its revocation key
if target.is_primary:
sig_type = SignatureType.KeyRevocation
else:
sig_type = SignatureType.SubkeyRevocation
else: # pragma: no cover
raise TypeError
sig = PGPSignature.new(sig_type, self.key_algorithm, hash_algo, self.fingerprint.keyid, created=prefs.pop('created', None))
# signature options that only make sense when revoking
reason = prefs.pop('reason', RevocationReason.NotSpecified)
comment = prefs.pop('comment', "")
sig._signature.subpackets.addnew('ReasonForRevocation', hashed=True, code=reason, string=comment)
return self._sign(target, sig, **prefs)
flags = NotationDataFlags.HumanReadable
if isinstance(value, bytearray):
flags = 0x00
sig._signature.subpackets.addnew('NotationData', hashed=True, flags=flags, name=name, value=value)
if policy_uri is not None:
sig._signature.subpackets.addnew('Policy', hashed=True, uri=policy_uri)
if user is not None and uid is not None:
signers_uid = "{:s}".format(uid)
sig._signature.subpackets.addnew('SignersUserID', hashed=True, userid=signers_uid)
# handle an edge case for timestamp signatures vs standalone signatures
if sig.type == SignatureType.Timestamp and len(sig._signature.subpackets._hashed_sp) > 1:
sig._signature.sigtype = SignatureType.Standalone
if prefs.pop('include_issuer_fingerprint', True):
if isinstance(self._key, PrivKeyV4):
sig._signature.subpackets.addnew('IssuerFingerprint', hashed=True, _version=4, _issuer_fpr=self.fingerprint)
sigdata = sig.hashdata(subject)
h2 = sig.hash_algorithm.hasher
h2.update(sigdata)
sig._signature.hash2 = bytearray(h2.digest()[:2])
_sig = self._key.sign(sigdata, getattr(hashes, sig.hash_algorithm.name)())
if _sig is NotImplemented:
raise NotImplementedError(self.key_algorithm)
sig._signature.signature.from_signer(_sig)
sig._signature.update_hlen()
def attested_certifications(self):
"""
Returns a set of all the hashes of attested certifications covered by this Attestation Key Signature.
Unhashed subpackets are ignored.
"""
if self._signature.sigtype != SignatureType.Attestation:
return set()
ret = set()
hlen = self.hash_algorithm.digest_size
for n in self._signature.subpackets['h_AttestedCertifications']:
attestations = bytes(n.attested_certifications)
for i in range(0, len(attestations), hlen):
ret.add(attestations[i:i+hlen])
return ret
:type created: :py:obj:`~datetime.datetime`
:keyword intended_recipients: Specify a list of :py:obj:`PGPKey` objects that will be encrypted to.
:type intended_recipients: ``list``
:keyword include_issuer_fingerprint: Whether to include a hashed subpacket indicating the issuer fingerprint.
(only for v4 keys, defaults to True)
:type include_issuer_fingerprint: ``bool``
"""
sig_type = SignatureType.BinaryDocument
hash_algo = prefs.pop('hash', None)
if subject is None:
sig_type = SignatureType.Timestamp
if isinstance(subject, PGPMessage):
if subject.type == 'cleartext':
sig_type = SignatureType.CanonicalDocument
subject = subject.message
sig = PGPSignature.new(sig_type, self.key_algorithm, hash_algo, self.fingerprint.keyid, created=prefs.pop('created', None))
return self._sign(subject, sig, **prefs)
def sigtype_int(self, val):
self._sigtype = SignatureType(val)
:type policy_uri: ``str``
:keyword revocable: If ``False``, this signature will be marked non-revocable
:type revocable: ``bool``
:keyword user: Specify which User ID to use when creating this signature. Also adds a "Signer's User ID"
to the signature.
:type user: ``str``
:keyword created: Specify the time that the signature should be made. If unset or None,
it will use the present time.
:type created: :py:obj:`~datetime.datetime`
:keyword intended_recipients: Specify a list of :py:obj:`PGPKey` objects that will be encrypted to.
:type intended_recipients: ``list``
:keyword include_issuer_fingerprint: Whether to include a hashed subpacket indicating the issuer fingerprint.
(only for v4 keys, defaults to True)
:type include_issuer_fingerprint: ``bool``
"""
sig_type = SignatureType.BinaryDocument
hash_algo = prefs.pop('hash', None)
if subject is None:
sig_type = SignatureType.Timestamp
if isinstance(subject, PGPMessage):
if subject.type == 'cleartext':
sig_type = SignatureType.CanonicalDocument
subject = subject.message
sig = PGPSignature.new(sig_type, self.key_algorithm, hash_algo, self.fingerprint.keyid, created=prefs.pop('created', None))
return self._sign(subject, sig, **prefs)