diff --git a/keymanager/README.rst b/keymanager/README.rst
new file mode 100644
index 00000000..f5422142
--- /dev/null
+++ b/keymanager/README.rst
@@ -0,0 +1,6 @@
+LEAP's Key Manager
+The Key Manager is a Nicknym agent for LEAP client:
diff --git a/keymanager/ b/keymanager/
new file mode 100644
index 00000000..83aeddbf
--- /dev/null
+++ b/keymanager/
@@ -0,0 +1,58 @@
+# -*- coding: utf-8 -*-
+# Copyright (C) 2013 LEAP
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <>.
+from setuptools import (
+ setup,
+ find_packages
+install_requirements = [
+ 'leap.common',
+ 'simplejson',
+ 'requests',
+ 'python-gnupg',
+tests_requirements = [
+ 'mock',
+ 'leap.soledad',
+ name='leap.keymanager',
+ version='0.2.1',
+ url='',
+ license='GPLv3+',
+ description='LEAP\'s Key Manager',
+ author='The LEAP Encryption Access Project',
+ author_email='',
+ long_description=(
+ "The Key Manager handles all types of keys to allow for "
+ "point-to-point encryption between parties communicating through "
+ "LEAP infrastructure."
+ ),
+ namespace_packages=["leap"],
+ packages=find_packages('src', exclude=['leap.keymanager.tests']),
+ package_dir={'': 'src'},
+ test_suite='leap.keymanager.tests',
+ install_requires=install_requirements,
+ tests_require=tests_requirements,
diff --git a/keymanager/src/leap/ b/keymanager/src/leap/
new file mode 100644
index 00000000..f48ad105
--- /dev/null
+++ b/keymanager/src/leap/
@@ -0,0 +1,6 @@
+# See
+ __import__('pkg_resources').declare_namespace(__name__)
+except ImportError:
+ from pkgutil import extend_path
+ __path__ = extend_path(__path__, __name__)
diff --git a/keymanager/src/leap/keymanager/ b/keymanager/src/leap/keymanager/
new file mode 100644
index 00000000..e1f318ca
--- /dev/null
+++ b/keymanager/src/leap/keymanager/
@@ -0,0 +1,336 @@
+# -*- coding: utf-8 -*-
+# Copyright (C) 2013 LEAP
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <>.
+Key Manager is a Nicknym agent for LEAP client.
+import requests
+from leap.common.check import leap_assert
+from leap.keymanager.errors import (
+ KeyNotFound,
+ NoPasswordGiven,
+from leap.keymanager.keys import (
+ build_key_from_dict,
+from leap.keymanager.openpgp import (
+ OpenPGPKey,
+ OpenPGPScheme,
+# The Key Manager
+class KeyManager(object):
+ #
+ # server's key storage constants
+ #
+ OPENPGP_KEY = 'openpgp'
+ PUBKEY_KEY = "user[public_key]"
+ def __init__(self, address, nickserver_uri, soledad, session_id=None,
+ ca_cert_path=None, api_uri=None, api_version=None, uid=None):
+ """
+ Initialize a Key Manager for user's C{address} with provider's
+ nickserver reachable in C{url}.
+ :param address: The address of the user of this Key Manager.
+ :type address: str
+ :param url: The URL of the nickserver.
+ :type url: str
+ :param soledad: A Soledad instance for local storage of keys.
+ :type soledad: leap.soledad.Soledad
+ :param session_id: The session ID for interacting with the webapp API.
+ :type session_id: str
+ :param ca_cert_path: The path to the CA certificate.
+ :type ca_cert_path: str
+ :param api_uri: The URI of the webapp API.
+ :type api_uri: str
+ :param api_version: The version of the webapp API.
+ :type api_version: str
+ :param uid: The users' UID.
+ :type uid: str
+ """
+ self._address = address
+ self._nickserver_uri = nickserver_uri
+ self._soledad = soledad
+ self._session_id = session_id
+ self.ca_cert_path = ca_cert_path
+ self.api_uri = api_uri
+ self.api_version = api_version
+ self.uid = uid
+ # a dict to map key types to their handlers
+ self._wrapper_map = {
+ OpenPGPKey: OpenPGPScheme(soledad),
+ # other types of key will be added to this mapper.
+ }
+ # the following are used to perform https requests
+ self._fetcher = requests
+ self._session = self._fetcher.session()
+ #
+ # utilities
+ #
+ def _key_class_from_type(self, ktype):
+ """
+ Return key class from string representation of key type.
+ """
+ return filter(
+ lambda klass: str(klass) == ktype,
+ self._wrapper_map).pop()
+ def _get(self, uri, data=None):
+ """
+ Send a GET request to C{uri} containing C{data}.
+ :param uri: The URI of the request.
+ :type uri: str
+ :param data: The body of the request.
+ :type data: dict, str or file
+ :return: The response to the request.
+ :rtype: requests.Response
+ """
+ leap_assert(
+ self._ca_cert_path is not None,
+ 'We need the CA certificate path!')
+ res = self._fetcher.get(uri, data=data, verify=self._ca_cert_path)
+ # assert that the response is valid
+ res.raise_for_status()
+ leap_assert(
+ res.headers['content-type'].startswith('application/json'),
+ 'Content-type is not JSON.')
+ return res
+ def _put(self, uri, data=None):
+ """
+ Send a PUT request to C{uri} containing C{data}.
+ The request will be sent using the configured CA certificate path to
+ verify the server certificate and the configured session id for
+ authentication.
+ :param uri: The URI of the request.
+ :type uri: str
+ :param data: The body of the request.
+ :type data: dict, str or file
+ :return: The response to the request.
+ :rtype: requests.Response
+ """
+ leap_assert(
+ self._ca_cert_path is not None,
+ 'We need the CA certificate path!')
+ leap_assert(
+ self._session_id is not None,
+ 'We need a session_id to interact with webapp!')
+ res = self._fetcher.put(
+ uri, data=data, verify=self._ca_cert_path,
+ cookies={'_session_id': self._session_id})
+ # assert that the response is valid
+ res.raise_for_status()
+ return res
+ def _fetch_keys_from_server(self, address):
+ """
+ Fetch keys bound to C{address} from nickserver and insert them in
+ local database.
+ :param address: The address bound to the keys.
+ :type address: str
+ @raise KeyNotFound: If the key was not found on nickserver.
+ """
+ # request keys from the nickserver
+ server_keys = self._get(
+ self._nickserver_uri, {'address': address}).json()
+ # insert keys in local database
+ if self.OPENPGP_KEY in server_keys:
+ self._wrapper_map[OpenPGPKey].put_ascii_key(
+ server_keys['openpgp'])
+ #
+ # key management
+ #
+ def send_key(self, ktype):
+ """
+ Send user's key of type C{ktype} to provider.
+ Public key bound to user's is sent to provider, which will sign it and
+ replace any prior keys for the same address in its database.
+ If C{send_private} is True, then the private key is encrypted with
+ C{password} and sent to server in the same request, together with a
+ hash string of user's address and password. The encrypted private key
+ will be saved in the server in a way it is publicly retrievable
+ through the hash string.
+ :param ktype: The type of the key.
+ :type ktype: KeyType
+ @raise KeyNotFound: If the key was not found in local database.
+ """
+ leap_assert(
+ ktype is OpenPGPKey,
+ 'For now we only know how to send OpenPGP public keys.')
+ # prepare the public key bound to address
+ pubkey = self.get_key(
+ self._address, ktype, private=False, fetch_remote=False)
+ data = {
+ self.PUBKEY_KEY: pubkey.key_data
+ }
+ uri = "%s/%s/users/%s.json" % (
+ self._api_uri,
+ self._api_version,
+ self._uid)
+ self._put(uri, data)
+ def get_key(self, address, ktype, private=False, fetch_remote=True):
+ """
+ Return a key of type C{ktype} bound to C{address}.
+ First, search for the key in local storage. If it is not available,
+ then try to fetch from nickserver.
+ :param address: The address bound to the key.
+ :type address: str
+ :param ktype: The type of the key.
+ :type ktype: KeyType
+ :param private: Look for a private key instead of a public one?
+ :type private: bool
+ :return: A key of type C{ktype} bound to C{address}.
+ :rtype: EncryptionKey
+ @raise KeyNotFound: If the key was not found both locally and in
+ keyserver.
+ """
+ leap_assert(
+ ktype in self._wrapper_map,
+ 'Unkown key type: %s.' % str(ktype))
+ try:
+ # return key if it exists in local database
+ return self._wrapper_map[ktype].get_key(address, private=private)
+ except KeyNotFound:
+ # we will only try to fetch a key from nickserver if fetch_remote
+ # is True and the key is not private.
+ if fetch_remote is False or private is True:
+ raise
+ self._fetch_keys_from_server(address)
+ return self._wrapper_map[ktype].get_key(address, private=False)
+ def get_all_keys_in_local_db(self, private=False):
+ """
+ Return all keys stored in local database.
+ :return: A list with all keys in local db.
+ :rtype: list
+ """
+ return map(
+ lambda doc: build_key_from_dict(
+ self._key_class_from_type(doc.content['type']),
+ doc.content['address'],
+ doc.content),
+ self._soledad.get_from_index(
+ '1' if private else '0'))
+ def refresh_keys(self):
+ """
+ Fetch keys from nickserver and update them locally.
+ """
+ addresses = set(map(
+ lambda doc: doc.address,
+ self.get_all_keys_in_local_db(private=False)))
+ for address in addresses:
+ # do not attempt to refresh our own key
+ if address == self._address:
+ continue
+ self._fetch_keys_from_server(address)
+ def gen_key(self, ktype):
+ """
+ Generate a key of type C{ktype} bound to the user's address.
+ :param ktype: The type of the key.
+ :type ktype: KeyType
+ :return: The generated key.
+ :rtype: EncryptionKey
+ """
+ return self._wrapper_map[ktype].gen_key(self._address)
+ #
+ # Setters/getters
+ #
+ def _get_session_id(self):
+ return self._session_id
+ def _set_session_id(self, session_id):
+ self._session_id = session_id
+ session_id = property(
+ _get_session_id, _set_session_id, doc='The session id.')
+ def _get_ca_cert_path(self):
+ return self._ca_cert_path
+ def _set_ca_cert_path(self, ca_cert_path):
+ self._ca_cert_path = ca_cert_path
+ ca_cert_path = property(
+ _get_ca_cert_path, _set_ca_cert_path,
+ doc='The path to the CA certificate.')
+ def _get_api_uri(self):
+ return self._api_uri
+ def _set_api_uri(self, api_uri):
+ self._api_uri = api_uri
+ api_uri = property(
+ _get_api_uri, _set_api_uri, doc='The webapp API URI.')
+ def _get_api_version(self):
+ return self._api_version
+ def _set_api_version(self, api_version):
+ self._api_version = api_version
+ api_version = property(
+ _get_api_version, _set_api_version, doc='The webapp API version.')
+ def _get_uid(self):
+ return self._uid
+ def _set_uid(self, uid):
+ self._uid = uid
+ uid = property(
+ _get_uid, _set_uid, doc='The uid of the user.')
diff --git a/keymanager/src/leap/keymanager/ b/keymanager/src/leap/keymanager/
new file mode 100644
index 00000000..89949d29
--- /dev/null
+++ b/keymanager/src/leap/keymanager/
@@ -0,0 +1,86 @@
+# -*- coding: utf-8 -*-
+# Copyright (C) 2013 LEAP
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <>.
+Errors and exceptions used by the Key Manager.
+class KeyNotFound(Exception):
+ """
+ Raised when key was no found on keyserver.
+ """
+ pass
+class KeyAlreadyExists(Exception):
+ """
+ Raised when attempted to create a key that already exists.
+ """
+ pass
+class KeyAttributesDiffer(Exception):
+ """
+ Raised when trying to delete a key but the stored key differs from the key
+ passed to the delete_key() method.
+ """
+ pass
+class NoPasswordGiven(Exception):
+ """
+ Raised when trying to perform some action that needs a password without
+ providing one.
+ """
+ pass
+class InvalidSignature(Exception):
+ """
+ Raised when signature could not be verified.
+ """
+ pass
+class EncryptionFailed(Exception):
+ """
+ Raised upon failures of encryption.
+ """
+ pass
+class DecryptionFailed(Exception):
+ """
+ Raised upon failures of decryption.
+ """
+ pass
+class EncryptionDecryptionFailed(Exception):
+ """
+ Raised upon failures of encryption/decryption.
+ """
+ pass
+class SignFailed(Exception):
+ """
+ Raised when failed to sign.
+ """
+ pass
diff --git a/keymanager/src/leap/keymanager/ b/keymanager/src/leap/keymanager/
new file mode 100644
index 00000000..15c1d9f6
--- /dev/null
+++ b/keymanager/src/leap/keymanager/
@@ -0,0 +1,397 @@
+# -*- coding: utf-8 -*-
+# Copyright (C) 2013 LEAP
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <>.
+A GPG wrapper used to handle OpenPGP keys.
+This is a temporary class that will be superseded by the a revised version of
+import os
+import gnupg
+import re
+from gnupg import (
+ logger,
+ _is_sequence,
+ _make_binary_stream,
+class ListPackets():
+ """
+ Handle status messages for --list-packets.
+ """
+ def __init__(self, gpg):
+ """
+ Initialize the packet listing handling class.
+ :param gpg: GPG object instance.
+ :type gpg: gnupg.GPG
+ """
+ self.gpg = gpg
+ self.nodata = None
+ self.key = None
+ self.need_passphrase = None
+ self.need_passphrase_sym = None
+ self.userid_hint = None
+ def handle_status(self, key, value):
+ """
+ Handle one line of the --list-packets status message.
+ :param key: The status message key.
+ :type key: str
+ :param value: The status message value.
+ :type value: str
+ """
+ # TODO: write tests for handle_status
+ if key == 'NODATA':
+ self.nodata = True
+ if key == 'ENC_TO':
+ # This will only capture keys in our keyring. In the future we
+ # may want to include multiple unknown keys in this list.
+ self.key, _, _ = value.split()
+ if key == 'NEED_PASSPHRASE':
+ self.need_passphrase = True
+ if key == 'NEED_PASSPHRASE_SYM':
+ self.need_passphrase_sym = True
+ if key == 'USERID_HINT':
+ self.userid_hint = value.strip().split()
+class GPGWrapper(gnupg.GPG):
+ """
+ This is a temporary class for handling GPG requests, and should be
+ replaced by a more general class used throughout the project.
+ """
+ GNUPG_HOME = os.environ['HOME'] + "/.config/leap/gnupg"
+ GNUPG_BINARY = "/usr/bin/gpg" # this has to be changed based on OS
+ def __init__(self, gpgbinary=GNUPG_BINARY, gnupghome=GNUPG_HOME,
+ verbose=False, use_agent=False, keyring=None, options=None):
+ """
+ Initialize a GnuPG process wrapper.
+ :param gpgbinary: Name for GnuPG binary executable.
+ :type gpgbinary: C{str}
+ :param gpghome: Full pathname to directory containing the public and
+ private keyrings.
+ :type gpghome: C{str}
+ :param keyring: Name of alternative keyring file to use. If specified,
+ the default keyring is not used.
+ :param verbose: Should some verbose info be output?
+ :type verbose: bool
+ :param use_agent: Should pass `--use-agent` to GPG binary?
+ :type use_agent: bool
+ :param keyring: Path for the keyring to use.
+ :type keyring: str
+ @options: A list of additional options to pass to the GPG binary.
+ :type options: list
+ @raise: RuntimeError with explanation message if there is a problem
+ invoking gpg.
+ """
+ gnupg.GPG.__init__(self, gnupghome=gnupghome, gpgbinary=gpgbinary,
+ verbose=verbose, use_agent=use_agent,
+ keyring=keyring, options=options)
+ self.result_map['list-packets'] = ListPackets
+ def find_key_by_email(self, email, secret=False):
+ """
+ Find user's key based on their email.
+ :param email: Email address of key being searched for.
+ :type email: str
+ :param secret: Should we search for a secret key?
+ :type secret: bool
+ :return: The fingerprint of the found key.
+ :rtype: str
+ """
+ for key in self.list_keys(secret=secret):
+ for uid in key['uids']:
+ if, uid):
+ return key
+ raise LookupError("GnuPG public key for email %s not found!" % email)
+ def find_key_by_subkey(self, subkey, secret=False):
+ """
+ Find user's key based on a subkey fingerprint.
+ :param email: Subkey fingerprint of the key being searched for.
+ :type email: str
+ :param secret: Should we search for a secret key?
+ :type secret: bool
+ :return: The fingerprint of the found key.
+ :rtype: str
+ """
+ for key in self.list_keys(secret=secret):
+ for sub in key['subkeys']:
+ if sub[0] == subkey:
+ return key
+ raise LookupError(
+ "GnuPG public key for subkey %s not found!" % subkey)
+ def find_key_by_keyid(self, keyid, secret=False):
+ """
+ Find user's key based on the key ID.
+ :param email: The key ID of the key being searched for.
+ :type email: str
+ :param secret: Should we search for a secret key?
+ :type secret: bool
+ :return: The fingerprint of the found key.
+ :rtype: str
+ """
+ for key in self.list_keys(secret=secret):
+ if keyid == key['keyid']:
+ return key
+ raise LookupError(
+ "GnuPG public key for keyid %s not found!" % keyid)
+ def find_key_by_fingerprint(self, fingerprint, secret=False):
+ """
+ Find user's key based on the key fingerprint.
+ :param email: The fingerprint of the key being searched for.
+ :type email: str
+ :param secret: Should we search for a secret key?
+ :type secret: bool
+ :return: The fingerprint of the found key.
+ :rtype: str
+ """
+ for key in self.list_keys(secret=secret):
+ if fingerprint == key['fingerprint']:
+ return key
+ raise LookupError(
+ "GnuPG public key for fingerprint %s not found!" % fingerprint)
+ def encrypt(self, data, recipient, sign=None, always_trust=True,
+ passphrase=None, symmetric=False):
+ """
+ Encrypt data using GPG.
+ :param data: The data to be encrypted.
+ :type data: str
+ :param recipient: The address of the public key to be used.
+ :type recipient: str
+ :param sign: Should the encrypted content be signed?
+ :type sign: bool
+ :param always_trust: Skip key validation and assume that used keys
+ are always fully trusted?
+ :type always_trust: bool
+ :param passphrase: The passphrase to be used if symmetric encryption
+ is desired.
+ :type passphrase: str
+ :param symmetric: Should we encrypt to a password?
+ :type symmetric: bool
+ :return: An object with encrypted result in the `data` field.
+ :rtype: gnupg.Crypt
+ """
+ # TODO: devise a way so we don't need to "always trust".
+ return gnupg.GPG.encrypt(self, data, recipient, sign=sign,
+ always_trust=always_trust,
+ passphrase=passphrase,
+ symmetric=symmetric,
+ cipher_algo='AES256')
+ def decrypt(self, data, always_trust=True, passphrase=None):
+ """
+ Decrypt data using GPG.
+ :param data: The data to be decrypted.
+ :type data: str
+ :param always_trust: Skip key validation and assume that used keys
+ are always fully trusted?
+ :type always_trust: bool
+ :param passphrase: The passphrase to be used if symmetric encryption
+ is desired.
+ :type passphrase: str
+ :return: An object with decrypted result in the `data` field.
+ :rtype: gnupg.Crypt
+ """
+ # TODO: devise a way so we don't need to "always trust".
+ return gnupg.GPG.decrypt(self, data, always_trust=always_trust,
+ passphrase=passphrase)
+ def send_keys(self, keyserver, *keyids):
+ """
+ Send keys to a keyserver
+ :param keyserver: The keyserver to send the keys to.
+ :type keyserver: str
+ :param keyids: The key ids to send.
+ :type keyids: list
+ :return: A list of keys sent to server.
+ :rtype: gnupg.ListKeys
+ """
+ # TODO: write tests for this.
+ # TODO: write a SendKeys class to handle status for this.
+ result = self.result_map['list'](self)
+ gnupg.logger.debug('send_keys: %r', keyids)
+ data = gnupg._make_binary_stream("", self.encoding)
+ args = ['--keyserver', keyserver, '--send-keys']
+ args.extend(keyids)
+ self._handle_io(args, data, result, binary=True)
+ gnupg.logger.debug('send_keys result: %r', result.__dict__)
+ data.close()
+ return result
+ def encrypt_file(self, file, recipients, sign=None,
+ always_trust=False, passphrase=None,
+ armor=True, output=None, symmetric=False,
+ cipher_algo=None):
+ """
+ Encrypt the message read from the file-like object 'file'.
+ :param file: The file to be encrypted.
+ :type data: file
+ :param recipient: The address of the public key to be used.
+ :type recipient: str
+ :param sign: Should the encrypted content be signed?
+ :type sign: bool
+ :param always_trust: Skip key validation and assume that used keys
+ are always fully trusted?
+ :type always_trust: bool
+ :param passphrase: The passphrase to be used if symmetric encryption
+ is desired.
+ :type passphrase: str
+ :param armor: Create ASCII armored output?
+ :type armor: bool
+ :param output: Path of file to write results in.
+ :type output: str
+ :param symmetric: Should we encrypt to a password?
+ :type symmetric: bool
+ :param cipher_algo: Algorithm to use.
+ :type cipher_algo: str
+ :return: An object with encrypted result in the `data` field.
+ :rtype: gnupg.Crypt
+ """
+ args = ['--encrypt']
+ if symmetric:
+ args = ['--symmetric']
+ if cipher_algo:
+ args.append('--cipher-algo %s' % cipher_algo)
+ else:
+ args = ['--encrypt']
+ if not _is_sequence(recipients):
+ recipients = (recipients,)
+ for recipient in recipients:
+ args.append('--recipient "%s"' % recipient)
+ if armor: # create ascii-armored output - set to False for binary
+ args.append('--armor')
+ if output: # write the output to a file with the specified name
+ if os.path.exists(output):
+ os.remove(output) # to avoid overwrite confirmation message
+ args.append('--output "%s"' % output)
+ if sign:
+ args.append('--sign --default-key "%s"' % sign)
+ if always_trust:
+ args.append("--always-trust")
+ result = self.result_map['crypt'](self)
+ self._handle_io(args, file, result, passphrase=passphrase, binary=True)
+ logger.debug('encrypt result: %r',
+ return result
+ def list_packets(self, data):
+ """
+ List the sequence of packets.
+ :param data: The data to extract packets from.
+ :type data: str
+ :return: An object with packet info.
+ :rtype ListPackets
+ """
+ args = ["--list-packets"]
+ result = self.result_map['list-packets'](self)
+ self._handle_io(
+ args,
+ _make_binary_stream(data, self.encoding),
+ result,
+ )
+ return result
+ def encrypted_to(self, data):
+ """
+ Return the key to which data is encrypted to.
+ :param data: The data to be examined.
+ :type data: str
+ :return: The fingerprint of the key to which data is encrypted to.
+ :rtype: str
+ """
+ # TODO: make this support multiple keys.
+ result = self.list_packets(data)
+ if not result.key:
+ raise LookupError(
+ "Content is not encrypted to a GnuPG key!")
+ try:
+ return self.find_key_by_keyid(result.key)
+ except:
+ return self.find_key_by_subkey(result.key)
+ def is_encrypted_sym(self, data):
+ """
+ Say whether some chunk of data is encrypted to a symmetric key.
+ :param data: The data to be examined.
+ :type data: str
+ :return: Whether data is encrypted to a symmetric key.
+ :rtype: bool
+ """
+ result = self.list_packets(data)
+ return bool(result.need_passphrase_sym)
+ def is_encrypted_asym(self, data):
+ """
+ Say whether some chunk of data is encrypted to a private key.
+ :param data: The data to be examined.
+ :type data: str
+ :return: Whether data is encrypted to a private key.
+ :rtype: bool
+ """
+ result = self.list_packets(data)
+ return bool(result.key)
+ def is_encrypted(self, data):
+ """
+ Say whether some chunk of data is encrypted to a key.
+ :param data: The data to be examined.
+ :type data: str
+ :return: Whether data is encrypted to a key.
+ :rtype: bool
+ """
+ return self.is_encrypted_asym(data) or self.is_encrypted_sym(data)
diff --git a/keymanager/src/leap/keymanager/ b/keymanager/src/leap/keymanager/
new file mode 100644
index 00000000..44bd587b
--- /dev/null
+++ b/keymanager/src/leap/keymanager/
@@ -0,0 +1,285 @@
+# -*- coding: utf-8 -*-
+# Copyright (C) 2013 LEAP
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <>.
+Abstact key type and encryption scheme representations.
+ import simplejson as json
+except ImportError:
+ import json # noqa
+import re
+from abc import ABCMeta, abstractmethod
+from leap.common.check import leap_assert
+# Dictionary keys used for storing cryptographic keys.
+KEY_ADDRESS_KEY = 'address'
+KEY_TYPE_KEY = 'type'
+KEY_ID_KEY = 'key_id'
+KEY_FINGERPRINT_KEY = 'fingerprint'
+KEY_DATA_KEY = 'key_data'
+KEY_PRIVATE_KEY = 'private'
+KEY_LENGTH_KEY = 'length'
+KEY_EXPIRY_DATE_KEY = 'expiry_date'
+KEY_FIRST_SEEN_AT_KEY = 'first_seen_at'
+KEY_LAST_AUDITED_AT_KEY = 'last_audited_at'
+KEY_VALIDATION_KEY = 'validation'
+KEY_TAGS_KEY = 'tags'
+# Key storage constants
+KEYMANAGER_KEY_TAG = 'keymanager-key'
+# key indexing constants.
+TAGS_PRIVATE_INDEX = 'by-tags-private'
+TAGS_ADDRESS_PRIVATE_INDEX = 'by-tags-address-private'
+ 'bool(%s)' % KEY_PRIVATE_KEY,
+ ],
+ 'bool(%s)' % KEY_PRIVATE_KEY,
+ ]
+# Key handling utilities
+def is_address(address):
+ """
+ Return whether the given C{address} is in the form user@provider.
+ :param address: The address to be tested.
+ :type address: str
+ :return: Whether C{address} is in the form user@provider.
+ :rtype: bool
+ """
+ return bool(re.match('[\w.-]+@[\w.-]+', address))
+def build_key_from_dict(kClass, address, kdict):
+ """
+ Build an C{kClass} key bound to C{address} based on info in C{kdict}.
+ :param address: The address bound to the key.
+ :type address: str
+ :param kdict: Dictionary with key data.
+ :type kdict: dict
+ :return: An instance of the key.
+ :rtype: C{kClass}
+ """
+ leap_assert(
+ address == kdict[KEY_ADDRESS_KEY],
+ 'Wrong address in key data.')
+ return kClass(
+ address,
+ key_id=kdict[KEY_ID_KEY],
+ fingerprint=kdict[KEY_FINGERPRINT_KEY],
+ key_data=kdict[KEY_DATA_KEY],
+ private=kdict[KEY_PRIVATE_KEY],
+ length=kdict[KEY_LENGTH_KEY],
+ expiry_date=kdict[KEY_EXPIRY_DATE_KEY],
+ first_seen_at=kdict[KEY_FIRST_SEEN_AT_KEY],
+ last_audited_at=kdict[KEY_LAST_AUDITED_AT_KEY],
+ validation=kdict[KEY_VALIDATION_KEY], # TODO: verify for validation.
+ )
+# Abstraction for encryption keys
+class EncryptionKey(object):
+ """
+ Abstract class for encryption keys.
+ A key is "validated" if the nicknym agent has bound the user address to a
+ public key. Nicknym supports three different levels of key validation:
+ * Level 3 - path trusted: A path of cryptographic signatures can be traced
+ from a trusted key to the key under evaluation. By default, only the
+ provider key from the user's provider is a "trusted key".
+ * level 2 - provider signed: The key has been signed by a provider key for
+ the same domain, but the provider key is not validated using a trust
+ path (i.e. it is only registered)
+ * level 1 - registered: The key has been encountered and saved, it has no
+ signatures (that are meaningful to the nicknym agent).
+ """
+ __metaclass__ = ABCMeta
+ def __init__(self, address, key_id=None, fingerprint=None,
+ key_data=None, private=None, length=None, expiry_date=None,
+ validation=None, first_seen_at=None, last_audited_at=None):
+ self.address = address
+ self.key_id = key_id
+ self.fingerprint = fingerprint
+ self.key_data = key_data
+ self.private = private
+ self.length = length
+ self.expiry_date = expiry_date
+ self.validation = validation
+ self.first_seen_at = first_seen_at
+ self.last_audited_at = last_audited_at
+ def get_json(self):
+ """
+ Return a JSON string describing this key.
+ :return: The JSON string describing this key.
+ :rtype: str
+ """
+ return json.dumps({
+ KEY_ADDRESS_KEY: self.address,
+ KEY_TYPE_KEY: str(self.__class__),
+ KEY_ID_KEY: self.key_id,
+ KEY_FINGERPRINT_KEY: self.fingerprint,
+ KEY_DATA_KEY: self.key_data,
+ KEY_PRIVATE_KEY: self.private,
+ KEY_LENGTH_KEY: self.length,
+ KEY_EXPIRY_DATE_KEY: self.expiry_date,
+ KEY_VALIDATION_KEY: self.validation,
+ KEY_FIRST_SEEN_AT_KEY: self.first_seen_at,
+ KEY_LAST_AUDITED_AT_KEY: self.last_audited_at,
+ })
+ def __repr__(self):
+ """
+ Representation of this class
+ """
+ return u"<%s 0x%s (%s - %s)>" % (
+ self.__class__.__name__,
+ self.key_id,
+ self.address,
+ "priv" if self.private else "publ")
+# Encryption schemes
+class EncryptionScheme(object):
+ """
+ Abstract class for Encryption Schemes.
+ A wrapper for a certain encryption schemes should know how to get and put
+ keys in local storage using Soledad, how to generate new keys and how to
+ find out about possibly encrypted content.
+ """
+ __metaclass__ = ABCMeta
+ def __init__(self, soledad):
+ """
+ Initialize this Encryption Scheme.
+ :param soledad: A Soledad instance for local storage of keys.
+ :type soledad: leap.soledad.Soledad
+ """
+ self._soledad = soledad
+ self._init_indexes()
+ def _init_indexes(self):
+ """
+ Initialize the database indexes.
+ """
+ # Ask the database for currently existing indexes.
+ db_indexes = dict(self._soledad.list_indexes())
+ # Loop through the indexes we expect to find.
+ for name, expression in INDEXES.items():
+ if name not in db_indexes:
+ # The index does not yet exist.
+ self._soledad.create_index(name, *expression)
+ continue
+ if expression == db_indexes[name]:
+ # The index exists and is up to date.
+ continue
+ # The index exists but the definition is not what expected, so we
+ # delete it and add the proper index expression.
+ self._soledad.delete_index(name)
+ self._soledad.create_index(name, *expression)
+ @abstractmethod
+ def get_key(self, address, private=False):
+ """
+ Get key from local storage.
+ :param address: The address bound to the key.
+ :type address: str
+ :param private: Look for a private key instead of a public one?
+ :type private: bool
+ :return: The key bound to C{address}.
+ :rtype: EncryptionKey
+ @raise KeyNotFound: If the key was not found on local storage.
+ """
+ pass
+ @abstractmethod
+ def put_key(self, key):
+ """
+ Put a key in local storage.
+ :param key: The key to be stored.
+ :type key: EncryptionKey
+ """
+ pass
+ @abstractmethod
+ def gen_key(self, address):
+ """
+ Generate a new key.
+ :param address: The address bound to the key.
+ :type address: str
+ :return: The key bound to C{address}.
+ :rtype: EncryptionKey
+ """
+ pass
+ @abstractmethod
+ def delete_key(self, key):
+ """
+ Remove C{key} from storage.
+ :param key: The key to be removed.
+ :type key: EncryptionKey
+ """
+ pass
diff --git a/keymanager/src/leap/keymanager/ b/keymanager/src/leap/keymanager/
new file mode 100644
index 00000000..d19bb2b5
--- /dev/null
+++ b/keymanager/src/leap/keymanager/
@@ -0,0 +1,636 @@
+# -*- coding: utf-8 -*-
+# Copyright (C) 2013 LEAP
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <>.
+Infrastructure for using OpenPGP keys in Key Manager.
+import logging
+import os
+import re
+import shutil
+import tempfile
+from leap.common.check import leap_assert, leap_assert_type
+from leap.keymanager import errors
+from leap.keymanager.keys import (
+ EncryptionKey,
+ EncryptionScheme,
+ is_address,
+ build_key_from_dict,
+from leap.keymanager.gpg import GPGWrapper
+logger = logging.getLogger(__name__)
+# gpg wrapper and decorator
+def temporary_gpgwrapper(keys=None):
+ """
+ Returns a unitary gpg wrapper that implements context manager
+ protocol.
+ :param key_data: ASCII armored key data.
+ :type key_data: str
+ :return: a GPGWrapper instance
+ :rtype: GPGWrapper
+ """
+ # TODO do here checks on key_data
+ return TempGPGWrapper(keys=keys)
+def with_temporary_gpg(fun):
+ """
+ Decorator to add a temporary gpg wrapper as context
+ to gpg related functions.
+ Decorated functions are expected to return a function whose only
+ argument is a gpgwrapper instance.
+ """
+ def wrapped(*args, **kwargs):
+ """
+ We extract the arguments passed to the wrapped function,
+ run the function and do validations.
+ We expect that the positional arguments are `data`,
+ and an optional `key`.
+ All the rest of arguments should be passed as named arguments
+ to allow for a correct unpacking.
+ """
+ if len(args) == 2:
+ keys = args[1] if isinstance(args[1], OpenPGPKey) else None
+ else:
+ keys = None
+ # sign/verify keys passed as arguments
+ sign = kwargs.get('sign', None)
+ if sign:
+ keys = [keys, sign]
+ verify = kwargs.get('verify', None)
+ if verify:
+ keys = [keys, verify]
+ # is the wrapped function sign or verify?
+ fun_name = fun.__name__
+ is_sign_function = True if fun_name == "sign" else False
+ is_verify_function = True if fun_name == "verify" else False
+ result = None
+ with temporary_gpgwrapper(keys) as gpg:
+ result = fun(*args, **kwargs)(gpg)
+ # TODO: cleanup a little bit the
+ # validation. maybe delegate to other
+ # auxiliary functions for clarity.
+ ok = getattr(result, 'ok', None)
+ stderr = getattr(result, 'stderr', None)
+ if stderr:
+ logger.debug("%s" % (stderr,))
+ if ok is False:
+ raise errors.EncryptionDecryptionFailed(
+ 'Failed to encrypt/decrypt in %s: %s' % (
+ fun.__name__,
+ stderr))
+ if verify is not None:
+ # A verify key has been passed
+ if result.valid is False or \
+ verify.fingerprint != result.pubkey_fingerprint:
+ raise errors.InvalidSignature(
+ 'Failed to verify signature with key %s: %s' %
+ (verify.key_id, stderr))
+ if is_sign_function:
+ # Specific validation for sign function
+ privkey = gpg.list_keys(secret=True).pop()
+ rfprint = result.fingerprint
+ kfprint = privkey['fingerprint']
+ if result.fingerprint is None:
+ raise errors.SignFailed(
+ 'Failed to sign with key %s: %s' %
+ (privkey['keyid'], stderr))
+ leap_assert(
+ result.fingerprint == kfprint,
+ 'Signature and private key fingerprints mismatch: '
+ '%s != %s' %
+ (rfprint, kfprint))
+ if is_verify_function:
+ # Specific validation for verify function
+ pubkey = gpg.list_keys().pop()
+ valid = result.valid
+ rfprint = result.fingerprint
+ kfprint = pubkey['fingerprint']
+ if valid is False or rfprint != kfprint:
+ raise errors.InvalidSignature(
+ 'Failed to verify signature '
+ 'with key %s.' % pubkey['keyid'])
+ result = result.valid
+ # ok, enough checks. let's return data if available
+ if hasattr(result, 'data'):
+ result =
+ return result
+ return wrapped
+class TempGPGWrapper(object):
+ """
+ A context manager returning a temporary GPG wrapper keyring, which
+ contains exactly zero or one pubkeys, and zero or one privkeys.
+ Temporary unitary keyrings allow the to use GPG's facilities for exactly
+ one key. This function creates an empty temporary keyring and imports
+ C{keys} if it is not None.
+ """
+ def __init__(self, keys=None):
+ """
+ :param keys: OpenPGP key, or list of.
+ :type keys: OpenPGPKey or list of OpenPGPKeys
+ """
+ self._gpg = None
+ if not keys:
+ keys = list()
+ if not isinstance(keys, list):
+ keys = [keys]
+ self._keys = keys
+ for key in filter(None, keys):
+ leap_assert_type(key, OpenPGPKey)
+ def __enter__(self):
+ """
+ Calls the unitary gpgwrapper initializer
+ :return: A GPG wrapper with a unitary keyring.
+ :rtype: gnupg.GPG
+ """
+ self._build_keyring()
+ return self._gpg
+ def __exit__(self, exc_type, exc_value, traceback):
+ """
+ Ensures the gpgwrapper is properly destroyed.
+ """
+ # TODO handle exceptions and log here
+ self._destroy_keyring()
+ def _build_keyring(self):
+ """
+ Create an empty GPG keyring and import C{keys} into it.
+ :param keys: List of keys to add to the keyring.
+ :type keys: list of OpenPGPKey
+ :return: A GPG wrapper with a unitary keyring.
+ :rtype: gnupg.GPG
+ """
+ privkeys = [key for key in self._keys if key and key.private is True]
+ publkeys = [key for key in self._keys if key and key.private is False]
+ # here we filter out public keys that have a correspondent
+ # private key in the list because the private key_data by
+ # itself is enough to also have the public key in the keyring,
+ # and we want to count the keys afterwards.
+ privaddrs = map(lambda privkey: privkey.address, privkeys)
+ publkeys = filter(
+ lambda pubkey: pubkey.address not in privaddrs, publkeys)
+ listkeys = lambda: self._gpg.list_keys()
+ listsecretkeys = lambda: self._gpg.list_keys(secret=True)
+ self._gpg = GPGWrapper(gnupghome=tempfile.mkdtemp())
+ leap_assert(len(listkeys()) is 0, 'Keyring not empty.')
+ # import keys into the keyring:
+ # concatenating ascii-armored keys, which is correctly
+ # understood by the GPGWrapper.
+ self._gpg.import_keys("".join(
+ [x.key_data for x in publkeys + privkeys]))
+ # assert the number of keys in the keyring
+ leap_assert(
+ len(listkeys()) == len(publkeys) + len(privkeys),
+ 'Wrong number of public keys in keyring: %d, should be %d)' %
+ (len(listkeys()), len(publkeys) + len(privkeys)))
+ leap_assert(
+ len(listsecretkeys()) == len(privkeys),
+ 'Wrong number of private keys in keyring: %d, should be %d)' %
+ (len(listsecretkeys()), len(privkeys)))
+ def _destroy_keyring(self):
+ """
+ Securely erase a unitary keyring.
+ """
+ # TODO: implement some kind of wiping of data or a more
+ # secure way that
+ # does not write to disk.
+ try:
+ for secret in [True, False]:
+ for key in self._gpg.list_keys(secret=secret):
+ self._gpg.delete_keys(
+ key['fingerprint'],
+ secret=secret)
+ leap_assert(len(self._gpg.list_keys()) is 0, 'Keyring not empty!')
+ except:
+ raise
+ finally:
+ leap_assert(self._gpg.gnupghome != os.path.expanduser('~/.gnupg'),
+ "watch out! Tried to remove default gnupg home!")
+ shutil.rmtree(self._gpg.gnupghome)
+# API functions
+def encrypt_asym(data, key, passphrase=None, sign=None):
+ """
+ Encrypt C{data} using public @{key} and sign with C{sign} key.
+ :param data: The data to be encrypted.
+ :type data: str
+ :param pubkey: The key used to encrypt.
+ :type pubkey: OpenPGPKey
+ :param sign: The key used for signing.
+ :type sign: OpenPGPKey
+ :return: The encrypted data.
+ :rtype: str
+ """
+ leap_assert_type(key, OpenPGPKey)
+ leap_assert(key.private is False, 'Key is not public.')
+ if sign is not None:
+ leap_assert_type(sign, OpenPGPKey)
+ leap_assert(sign.private is True)
+ # Here we cannot assert for correctness of sig because the sig is in
+ # the ciphertext.
+ # result.ok - (bool) indicates if the operation succeeded
+ # - (bool) contains the result of the operation
+ return lambda gpg: gpg.encrypt(
+ data, key.fingerprint,
+ sign=sign.key_id if sign else None,
+ passphrase=passphrase, symmetric=False)
+def decrypt_asym(data, key, passphrase=None, verify=None):
+ """
+ Decrypt C{data} using private @{key} and verify with C{verify} key.
+ :param data: The data to be decrypted.
+ :type data: str
+ :param privkey: The key used to decrypt.
+ :type privkey: OpenPGPKey
+ :param verify: The key used to verify a signature.
+ :type verify: OpenPGPKey
+ :return: The decrypted data.
+ :rtype: str
+ @raise InvalidSignature: Raised if unable to verify the signature with
+ C{verify} key.
+ """
+ leap_assert(key.private is True, 'Key is not private.')
+ if verify is not None:
+ leap_assert_type(verify, OpenPGPKey)
+ leap_assert(verify.private is False)
+ return lambda gpg: gpg.decrypt(
+ data, passphrase=passphrase)
+def is_encrypted(data):
+ """
+ Return whether C{data} was encrypted using OpenPGP.
+ :param data: The data we want to know about.
+ :type data: str
+ :return: Whether C{data} was encrypted using this wrapper.
+ :rtype: bool
+ """
+ return lambda gpg: gpg.is_encrypted(data)
+def is_encrypted_asym(data):
+ """
+ Return whether C{data} was asymmetrically encrypted using OpenPGP.
+ :param data: The data we want to know about.
+ :type data: str
+ :return: Whether C{data} was encrypted using this wrapper.
+ :rtype: bool
+ """
+ return lambda gpg: gpg.is_encrypted_asym(data)
+def sign(data, privkey):
+ """
+ Sign C{data} with C{privkey}.
+ :param data: The data to be signed.
+ :type data: str
+ :param privkey: The private key to be used to sign.
+ :type privkey: OpenPGPKey
+ :return: The ascii-armored signed data.
+ :rtype: str
+ """
+ leap_assert_type(privkey, OpenPGPKey)
+ leap_assert(privkey.private is True)
+ # result.fingerprint - contains the fingerprint of the key used to
+ # sign.
+ return lambda gpg: gpg.sign(data, keyid=privkey.key_id)
+def verify(data, key):
+ """
+ Verify signed C{data} with C{pubkey}.
+ :param data: The data to be verified.
+ :type data: str
+ :param pubkey: The public key to be used on verification.
+ :type pubkey: OpenPGPKey
+ :return: The ascii-armored signed data.
+ :rtype: str
+ """
+ leap_assert_type(key, OpenPGPKey)
+ leap_assert(key.private is False)
+ return lambda gpg: gpg.verify(data)
+# Helper functions
+def _build_key_from_gpg(address, key, key_data):
+ """
+ Build an OpenPGPKey for C{address} based on C{key} from
+ local gpg storage.
+ ASCII armored GPG key data has to be queried independently in this
+ wrapper, so we receive it in C{key_data}.
+ :param address: The address bound to the key.
+ :type address: str
+ :param key: Key obtained from GPG storage.
+ :type key: dict
+ :param key_data: Key data obtained from GPG storage.
+ :type key_data: str
+ :return: An instance of the key.
+ :rtype: OpenPGPKey
+ """
+ return OpenPGPKey(
+ address,
+ key_id=key['keyid'],
+ fingerprint=key['fingerprint'],
+ key_data=key_data,
+ private=True if key['type'] == 'sec' else False,
+ length=key['length'],
+ expiry_date=key['expires'],
+ validation=None, # TODO: verify for validation.
+ )
+# The OpenPGP wrapper
+class OpenPGPKey(EncryptionKey):
+ """
+ Base class for OpenPGP keys.
+ """
+class OpenPGPScheme(EncryptionScheme):
+ """
+ A wrapper for OpenPGP keys.
+ """
+ def __init__(self, soledad):
+ """
+ Initialize the OpenPGP wrapper.
+ :param soledad: A Soledad instance for key storage.
+ :type soledad: leap.soledad.Soledad
+ """
+ EncryptionScheme.__init__(self, soledad)
+ def gen_key(self, address):
+ """
+ Generate an OpenPGP keypair bound to C{address}.
+ :param address: The address bound to the key.
+ :type address: str
+ :return: The key bound to C{address}.
+ :rtype: OpenPGPKey
+ @raise KeyAlreadyExists: If key already exists in local database.
+ """
+ # make sure the key does not already exist
+ leap_assert(is_address(address), 'Not an user address: %s' % address)
+ try:
+ self.get_key(address)
+ raise errors.KeyAlreadyExists(address)
+ except errors.KeyNotFound:
+ pass
+ def _gen_key(gpg):
+ params = gpg.gen_key_input(
+ key_type='RSA',
+ key_length=4096,
+ name_real=address,
+ name_email=address,
+ name_comment='Generated by LEAP Key Manager.')
+ gpg.gen_key(params)
+ pubkeys = gpg.list_keys()
+ # assert for new key characteristics
+ leap_assert(
+ len(pubkeys) is 1, # a unitary keyring!
+ 'Keyring has wrong number of keys: %d.' % len(pubkeys))
+ key = gpg.list_keys(secret=True).pop()
+ leap_assert(
+ len(key['uids']) is 1, # with just one uid!
+ 'Wrong number of uids for key: %d.' % len(key['uids']))
+ leap_assert(
+ re.match('.*<%s>$' % address, key['uids'][0]) is not None,
+ 'Key not correctly bound to address.')
+ # insert both public and private keys in storage
+ for secret in [True, False]:
+ key = gpg.list_keys(secret=secret).pop()
+ openpgp_key = _build_key_from_gpg(
+ address, key,
+ gpg.export_keys(key['fingerprint'], secret=secret))
+ self.put_key(openpgp_key)
+ with temporary_gpgwrapper() as gpg:
+ # TODO: inspect result, or use decorator
+ _gen_key(gpg)
+ return self.get_key(address, private=True)
+ def get_key(self, address, private=False):
+ """
+ Get key bound to C{address} from local storage.
+ :param address: The address bound to the key.
+ :type address: str
+ :param private: Look for a private key instead of a public one?
+ :type private: bool
+ :return: The key bound to C{address}.
+ :rtype: OpenPGPKey
+ @raise KeyNotFound: If the key was not found on local storage.
+ """
+ leap_assert(is_address(address), 'Not an user address: %s' % address)
+ doc = self._get_key_doc(address, private)
+ if doc is None:
+ raise errors.KeyNotFound(address)
+ return build_key_from_dict(OpenPGPKey, address, doc.content)
+ def put_ascii_key(self, key_data):
+ """
+ Put key contained in ascii-armored C{key_data} in local storage.
+ :param key_data: The key data to be stored.
+ :type key_data: str
+ """
+ leap_assert_type(key_data, str)
+ # TODO: add more checks for correct key data.
+ leap_assert(key_data is not None, 'Data does not represent a key.')
+ def _put_ascii_key(gpg):
+ gpg.import_keys(key_data)
+ privkey = None
+ pubkey = None
+ try:
+ privkey = gpg.list_keys(secret=True).pop()
+ except IndexError:
+ pass
+ pubkey = gpg.list_keys(secret=False).pop() # unitary keyring
+ # extract adress from first uid on key
+ match = re.match('.*<([\w.-]+@[\w.-]+)>.*', pubkey['uids'].pop())
+ leap_assert(match is not None, 'No user address in key data.')
+ address =
+ if privkey is not None:
+ match = re.match(
+ '.*<([\w.-]+@[\w.-]+)>.*', privkey['uids'].pop())
+ leap_assert(match is not None, 'No user address in key data.')
+ privaddress =
+ leap_assert(
+ address == privaddress,
+ 'Addresses in pub and priv key differ.')
+ leap_assert(
+ pubkey['fingerprint'] == privkey['fingerprint'],
+ 'Fingerprints for pub and priv key differ.')
+ # insert private key in storage
+ openpgp_privkey = _build_key_from_gpg(
+ address, privkey,
+ gpg.export_keys(privkey['fingerprint'], secret=True))
+ self.put_key(openpgp_privkey)
+ # insert public key in storage
+ openpgp_pubkey = _build_key_from_gpg(
+ address, pubkey,
+ gpg.export_keys(pubkey['fingerprint'], secret=False))
+ self.put_key(openpgp_pubkey)
+ with temporary_gpgwrapper() as gpg:
+ # TODO: inspect result, or use decorator
+ _put_ascii_key(gpg)
+ def put_key(self, key):
+ """
+ Put C{key} in local storage.
+ :param key: The key to be stored.
+ :type key: OpenPGPKey
+ """
+ doc = self._get_key_doc(key.address, private=key.private)
+ if doc is None:
+ self._soledad.create_doc_from_json(key.get_json())
+ else:
+ doc.set_json(key.get_json())
+ self._soledad.put_doc(doc)
+ def _get_key_doc(self, address, private=False):
+ """
+ Get the document with a key (public, by default) bound to C{address}.
+ If C{private} is True, looks for a private key instead of a public.
+ :param address: The address bound to the key.
+ :type address: str
+ :param private: Whether to look for a private key.
+ :type private: bool
+ :return: The document with the key or None if it does not exist.
+ :rtype: leap.soledad.document.SoledadDocument
+ """
+ doclist = self._soledad.get_from_index(
+ address,
+ '1' if private else '0')
+ if len(doclist) is 0:
+ return None
+ leap_assert(
+ len(doclist) is 1,
+ 'Found more than one %s key for address!' %
+ 'private' if private else 'public')
+ return doclist.pop()
+ def delete_key(self, key):
+ """
+ Remove C{key} from storage.
+ :param key: The key to be removed.
+ :type key: EncryptionKey
+ """
+ leap_assert(key.__class__ is OpenPGPKey, 'Wrong key type.')
+ stored_key = self.get_key(key.address, private=key.private)
+ if stored_key is None:
+ raise errors.KeyNotFound(key)
+ if stored_key.__dict__ != key.__dict__:
+ raise errors.KeyAttributesDiffer(key)
+ doc = self._get_key_doc(key.address, key.private)
+ self._soledad.delete_doc(doc)
diff --git a/keymanager/src/leap/keymanager/tests/ b/keymanager/src/leap/keymanager/tests/
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/keymanager/src/leap/keymanager/tests/
diff --git a/keymanager/src/leap/keymanager/tests/ b/keymanager/src/leap/keymanager/tests/
new file mode 100644
index 00000000..09a61838
--- /dev/null
+++ b/keymanager/src/leap/keymanager/tests/
@@ -0,0 +1,676 @@
+## -*- coding: utf-8 -*-
+# Copyright (C) 2013 LEAP
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <>.
+Tests for the Key Manager.
+from mock import Mock
+from leap.common.testing.basetest import BaseLeapTest
+from leap.soledad import Soledad
+from leap.keymanager import (
+ KeyManager,
+ openpgp,
+ KeyNotFound,
+ NoPasswordGiven,
+ errors,
+from leap.keymanager.openpgp import OpenPGPKey
+from leap.keymanager.keys import (
+ is_address,
+ build_key_from_dict,
+ADDRESS_2 = ''
+class KeyManagerUtilTestCase(BaseLeapTest):
+ def setUp(self):
+ pass
+ def tearDown(self):
+ pass
+ def test_is_address(self):
+ self.assertTrue(
+ is_address(''),
+ 'Incorrect address detection.')
+ self.assertFalse(
+ is_address(''),
+ 'Incorrect address detection.')
+ self.assertFalse(
+ is_address('user@'),
+ 'Incorrect address detection.')
+ self.assertFalse(
+ is_address(''),
+ 'Incorrect address detection.')
+ def test_build_key_from_dict(self):
+ kdict = {
+ 'address': ADDRESS,
+ 'key_id': 'key_id',
+ 'fingerprint': 'fingerprint',
+ 'key_data': 'key_data',
+ 'private': 'private',
+ 'length': 'length',
+ 'expiry_date': 'expiry_date',
+ 'first_seen_at': 'first_seen_at',
+ 'last_audited_at': 'last_audited_at',
+ 'validation': 'validation',
+ }
+ key = build_key_from_dict(OpenPGPKey, ADDRESS, kdict)
+ self.assertEqual(
+ kdict['address'], key.address,
+ 'Wrong data in key.')
+ self.assertEqual(
+ kdict['key_id'], key.key_id,
+ 'Wrong data in key.')
+ self.assertEqual(
+ kdict['fingerprint'], key.fingerprint,
+ 'Wrong data in key.')
+ self.assertEqual(
+ kdict['key_data'], key.key_data,
+ 'Wrong data in key.')
+ self.assertEqual(
+ kdict['private'], key.private,
+ 'Wrong data in key.')
+ self.assertEqual(
+ kdict['length'], key.length,
+ 'Wrong data in key.')
+ self.assertEqual(
+ kdict['expiry_date'], key.expiry_date,
+ 'Wrong data in key.')
+ self.assertEqual(
+ kdict['first_seen_at'], key.first_seen_at,
+ 'Wrong data in key.')
+ self.assertEqual(
+ kdict['last_audited_at'], key.last_audited_at,
+ 'Wrong data in key.')
+ self.assertEqual(
+ kdict['validation'], key.validation,
+ 'Wrong data in key.')
+class KeyManagerWithSoledadTestCase(BaseLeapTest):
+ def setUp(self):
+ # mock key fetching and storing so Soledad doesn't fail when trying to
+ # reach the server.
+ Soledad._get_secrets_from_shared_db = Mock(return_value=None)
+ Soledad._put_secrets_in_shared_db = Mock(return_value=None)
+ self._soledad = Soledad(
+ "",
+ "123456",
+ secrets_path=self.tempdir + "/secret.gpg",
+ local_db_path=self.tempdir + "/soledad.u1db",
+ server_url='',
+ cert_file=None,
+ auth_token=None,
+ )
+ def tearDown(self):
+ km = self._key_manager()
+ for key in km.get_all_keys_in_local_db():
+ km._wrapper_map[key.__class__].delete_key(key)
+ for key in km.get_all_keys_in_local_db(private=True):
+ km._wrapper_map[key.__class__].delete_key(key)
+ def _key_manager(self, user=ADDRESS, url=''):
+ return KeyManager(user, url, self._soledad)
+class OpenPGPCryptoTestCase(KeyManagerWithSoledadTestCase):
+ def _test_openpgp_gen_key(self):
+ pgp = openpgp.OpenPGPScheme(self._soledad)
+ self.assertRaises(KeyNotFound, pgp.get_key, '')
+ key = pgp.gen_key('')
+ self.assertIsInstance(key, openpgp.OpenPGPKey)
+ self.assertEqual(
+ '', key.address, 'Wrong address bound to key.')
+ self.assertEqual(
+ '4096', key.length, 'Wrong key length.')
+ def test_openpgp_put_delete_key(self):
+ pgp = openpgp.OpenPGPScheme(self._soledad)
+ self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS)
+ pgp.put_ascii_key(PUBLIC_KEY)
+ key = pgp.get_key(ADDRESS, private=False)
+ pgp.delete_key(key)
+ self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS)
+ def test_openpgp_put_ascii_key(self):
+ pgp = openpgp.OpenPGPScheme(self._soledad)
+ self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS)
+ pgp.put_ascii_key(PUBLIC_KEY)
+ key = pgp.get_key(ADDRESS, private=False)
+ self.assertIsInstance(key, openpgp.OpenPGPKey)
+ self.assertEqual(
+ ADDRESS, key.address, 'Wrong address bound to key.')
+ self.assertEqual(
+ '4096', key.length, 'Wrong key length.')
+ pgp.delete_key(key)
+ self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS)
+ def test_get_public_key(self):
+ pgp = openpgp.OpenPGPScheme(self._soledad)
+ self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS)
+ pgp.put_ascii_key(PUBLIC_KEY)
+ self.assertRaises(
+ KeyNotFound, pgp.get_key, ADDRESS, private=True)
+ key = pgp.get_key(ADDRESS, private=False)
+ self.assertEqual(ADDRESS, key.address)
+ self.assertFalse(key.private)
+ self.assertEqual(KEY_FINGERPRINT, key.fingerprint)
+ pgp.delete_key(key)
+ self.assertRaises(KeyNotFound, pgp.get_key, ADDRESS)
+ def test_openpgp_encrypt_decrypt_asym(self):
+ # encrypt
+ pgp = openpgp.OpenPGPScheme(self._soledad)
+ pgp.put_ascii_key(PUBLIC_KEY)
+ pubkey = pgp.get_key(ADDRESS, private=False)
+ cyphertext = openpgp.encrypt_asym('data', pubkey)
+ # assert
+ self.assertTrue(cyphertext is not None)
+ self.assertTrue(cyphertext != '')
+ self.assertTrue(cyphertext != 'data')
+ self.assertTrue(openpgp.is_encrypted_asym(cyphertext))
+ self.assertTrue(openpgp.is_encrypted(cyphertext))
+ # decrypt
+ self.assertRaises(
+ KeyNotFound, pgp.get_key, ADDRESS, private=True)
+ pgp.put_ascii_key(PRIVATE_KEY)
+ privkey = pgp.get_key(ADDRESS, private=True)
+ plaintext = openpgp.decrypt_asym(cyphertext, privkey)
+ pgp.delete_key(pubkey)
+ pgp.delete_key(privkey)
+ self.assertRaises(
+ KeyNotFound, pgp.get_key, ADDRESS, private=False)
+ self.assertRaises(
+ KeyNotFound, pgp.get_key, ADDRESS, private=True)
+ def test_verify_with_private_raises(self):
+ pgp = openpgp.OpenPGPScheme(self._soledad)
+ pgp.put_ascii_key(PRIVATE_KEY)
+ data = 'data'
+ privkey = pgp.get_key(ADDRESS, private=True)
+ signed = openpgp.sign(data, privkey)
+ self.assertRaises(
+ AssertionError,
+ openpgp.verify, signed, privkey)
+ def test_sign_with_public_raises(self):
+ pgp = openpgp.OpenPGPScheme(self._soledad)
+ pgp.put_ascii_key(PUBLIC_KEY)
+ data = 'data'
+ pubkey = pgp.get_key(ADDRESS, private=False)
+ self.assertRaises(
+ AssertionError,
+ openpgp.sign, data, pubkey)
+ def test_verify_with_wrong_key_raises(self):
+ pgp = openpgp.OpenPGPScheme(self._soledad)
+ pgp.put_ascii_key(PRIVATE_KEY)
+ data = 'data'
+ privkey = pgp.get_key(ADDRESS, private=True)
+ signed = openpgp.sign(data, privkey)
+ pgp.put_ascii_key(PUBLIC_KEY_2)
+ wrongkey = pgp.get_key(ADDRESS_2)
+ self.assertRaises(
+ errors.InvalidSignature,
+ openpgp.verify, signed, wrongkey)
+ def test_encrypt_asym_sign_with_public_raises(self):
+ pgp = openpgp.OpenPGPScheme(self._soledad)
+ pgp.put_ascii_key(PRIVATE_KEY)
+ data = 'data'
+ privkey = pgp.get_key(ADDRESS, private=True)
+ pubkey = pgp.get_key(ADDRESS, private=False)
+ self.assertRaises(
+ AssertionError,
+ openpgp.encrypt_asym, data, privkey, sign=pubkey)
+ def test_decrypt_asym_verify_with_private_raises(self):
+ pgp = openpgp.OpenPGPScheme(self._soledad)
+ pgp.put_ascii_key(PRIVATE_KEY)
+ data = 'data'
+ privkey = pgp.get_key(ADDRESS, private=True)
+ pubkey = pgp.get_key(ADDRESS, private=False)
+ encrypted_and_signed = openpgp.encrypt_asym(
+ data, pubkey, sign=privkey)
+ self.assertRaises(
+ AssertionError,
+ openpgp.decrypt_asym,
+ encrypted_and_signed, privkey, verify=privkey)
+ def test_decrypt_asym_verify_with_wrong_key_raises(self):
+ pgp = openpgp.OpenPGPScheme(self._soledad)
+ pgp.put_ascii_key(PRIVATE_KEY)
+ data = 'data'
+ privkey = pgp.get_key(ADDRESS, private=True)
+ pubkey = pgp.get_key(ADDRESS, private=False)
+ encrypted_and_signed = openpgp.encrypt_asym(data, pubkey, sign=privkey)
+ pgp.put_ascii_key(PUBLIC_KEY_2)
+ wrongkey = pgp.get_key(ADDRESS_2)
+ self.assertRaises(
+ errors.InvalidSignature,
+ openpgp.verify, encrypted_and_signed, wrongkey)
+ def test_sign_verify(self):
+ pgp = openpgp.OpenPGPScheme(self._soledad)
+ pgp.put_ascii_key(PRIVATE_KEY)
+ data = 'data'
+ privkey = pgp.get_key(ADDRESS, private=True)
+ signed = openpgp.sign(data, privkey)
+ pubkey = pgp.get_key(ADDRESS, private=False)
+ self.assertTrue(openpgp.verify(signed, pubkey))
+ def test_encrypt_asym_sign_decrypt_verify(self):
+ pgp = openpgp.OpenPGPScheme(self._soledad)
+ pgp.put_ascii_key(PRIVATE_KEY)
+ pubkey = pgp.get_key(ADDRESS, private=False)
+ privkey = pgp.get_key(ADDRESS, private=True)
+ pgp.put_ascii_key(PRIVATE_KEY_2)
+ pubkey2 = pgp.get_key(ADDRESS_2, private=False)
+ privkey2 = pgp.get_key(ADDRESS_2, private=True)
+ data = 'data'
+ encrypted_and_signed = openpgp.encrypt_asym(
+ data, pubkey2, sign=privkey)
+ res = openpgp.decrypt_asym(
+ encrypted_and_signed, privkey2, verify=pubkey)
+ self.assertTrue(data, res)
+class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase):
+ def test_get_all_keys_in_db(self):
+ km = self._key_manager()
+ km._wrapper_map[OpenPGPKey].put_ascii_key(PRIVATE_KEY)
+ # get public keys
+ keys = km.get_all_keys_in_local_db(False)
+ self.assertEqual(len(keys), 1, 'Wrong number of keys')
+ self.assertEqual(ADDRESS, keys[0].address)
+ self.assertFalse(keys[0].private)
+ # get private keys
+ keys = km.get_all_keys_in_local_db(True)
+ self.assertEqual(len(keys), 1, 'Wrong number of keys')
+ self.assertEqual(ADDRESS, keys[0].address)
+ self.assertTrue(keys[0].private)
+ def test_get_public_key(self):
+ km = self._key_manager()
+ km._wrapper_map[OpenPGPKey].put_ascii_key(PRIVATE_KEY)
+ # get the key
+ key = km.get_key(ADDRESS, OpenPGPKey, private=False,
+ fetch_remote=False)
+ self.assertTrue(key is not None)
+ self.assertEqual(key.address, ADDRESS)
+ self.assertEqual(
+ key.fingerprint.lower(), KEY_FINGERPRINT.lower())
+ self.assertFalse(key.private)
+ def test_get_private_key(self):
+ km = self._key_manager()
+ km._wrapper_map[OpenPGPKey].put_ascii_key(PRIVATE_KEY)
+ # get the key
+ key = km.get_key(ADDRESS, OpenPGPKey, private=True,
+ fetch_remote=False)
+ self.assertTrue(key is not None)
+ self.assertEqual(key.address, ADDRESS)
+ self.assertEqual(
+ key.fingerprint.lower(), KEY_FINGERPRINT.lower())
+ self.assertTrue(key.private)
+ def test_send_key_raises_key_not_found(self):
+ km = self._key_manager()
+ self.assertRaises(
+ KeyNotFound,
+ km.send_key, OpenPGPKey)
+ def test_send_key(self):
+ """
+ Test that request is well formed when sending keys to server.
+ """
+ km = self._key_manager()
+ km._wrapper_map[OpenPGPKey].put_ascii_key(PUBLIC_KEY)
+ km._fetcher.put = Mock()
+ # the following data will be used on the send
+ km.ca_cert_path = 'capath'
+ km.session_id = 'sessionid'
+ km.uid = 'myuid'
+ km.api_uri = 'apiuri'
+ km.api_version = 'apiver'
+ km.send_key(OpenPGPKey)
+ # setup expected args
+ data = {
+ km.PUBKEY_KEY: km.get_key(km._address, OpenPGPKey).key_data,
+ }
+ url = '%s/%s/users/%s.json' % ('apiuri', 'apiver', 'myuid')
+ km._fetcher.put.assert_called_once_with(
+ url, data=data, verify='capath',
+ cookies={'_session_id': 'sessionid'},
+ )
+ def test__fetch_keys_from_server(self):
+ """
+ Test that the request is well formed when fetching keys from server.
+ """
+ km = self._key_manager(url='http://nickserver.domain')
+ class Response(object):
+ status_code = 200
+ headers = {'content-type': 'application/json'}
+ def json(self):
+ return {'address': ADDRESS_2, 'openpgp': PUBLIC_KEY_2}
+ def raise_for_status(self):
+ pass
+ # mock the fetcher so it returns the key for ADDRESS_2
+ km._fetcher.get = Mock(
+ return_value=Response())
+ km.ca_cert_path = 'cacertpath'
+ # do the fetch
+ km._fetch_keys_from_server(ADDRESS_2)
+ # and verify the call
+ km._fetcher.get.assert_called_once_with(
+ 'http://nickserver.domain',
+ data={'address': ADDRESS_2},
+ verify='cacertpath',
+ )
+ def test_refresh_keys_does_not_refresh_own_key(self):
+ """
+ Test that refreshing keys will not attempt to refresh our own key.
+ """
+ km = self._key_manager()
+ # we add 2 keys but we expect it to only refresh the second one.
+ km._wrapper_map[OpenPGPKey].put_ascii_key(PUBLIC_KEY)
+ km._wrapper_map[OpenPGPKey].put_ascii_key(PUBLIC_KEY_2)
+ # mock the key fetching
+ km._fetch_keys_from_server = Mock(return_value=[])
+ km.ca_cert_path = '' # some bogus path so the km does not complain.
+ # do the refreshing
+ km.refresh_keys()
+ km._fetch_keys_from_server.assert_called_once_with(
+ )
+ def test_get_key_fetches_from_server(self):
+ """
+ Test that getting a key successfuly fetches from server.
+ """
+ km = self._key_manager(url='http://nickserver.domain')
+ class Response(object):
+ status_code = 200
+ headers = {'content-type': 'application/json'}
+ def json(self):
+ return {'address': ADDRESS_2, 'openpgp': PUBLIC_KEY_2}
+ def raise_for_status(self):
+ pass
+ # mock the fetcher so it returns the key for ADDRESS_2
+ km._fetcher.get = Mock(return_value=Response())
+ km.ca_cert_path = 'cacertpath'
+ # try to key get without fetching from server
+ self.assertRaises(
+ KeyNotFound, km.get_key, ADDRESS_2, OpenPGPKey,
+ fetch_remote=False
+ )
+ # try to get key fetching from server.
+ key = km.get_key(ADDRESS_2, OpenPGPKey)
+ self.assertIsInstance(key, OpenPGPKey)
+ self.assertEqual(ADDRESS_2, key.address)
+# Key material for testing
+# key 24D18DDF: public key "Leap Test Key <>"
+KEY_FINGERPRINT = "E36E738D69173C13D709E44F2F455E2824D18DDF"
+Version: GnuPG v1.4.10 (GNU/Linux)
+Version: GnuPG v1.4.10 (GNU/Linux)
+# key 7FEE575A: public key "anotheruser <>"
+PUBLIC_KEY_2 = """
+Version: GnuPG v1.4.10 (GNU/Linux)
+PRIVATE_KEY_2 = """
+Version: GnuPG v1.4.10 (GNU/Linux)
+import unittest
+if __name__ == "__main__":
+ unittest.main()