1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
# License?
"""A U1DB implementation for using Object Stores as its persistence layer."""
import os
import string
import random
import cStringIO
import hmac
from soledad.util import GPGWrapper
class Soledad(object):
PREFIX = os.environ['HOME'] + '/.config/leap/soledad'
SECRET_PATH = PREFIX + '/secret.gpg'
GNUPG_HOME = PREFIX + '/gnupg'
SECRET_LENGTH = 50
def __init__(self, user_email, gpghome=None):
self._user_email = user_email
if not os.path.isdir(self.PREFIX):
os.makedirs(self.PREFIX)
if not gpghome:
gpghome = self.GNUPG_HOME
self._gpg = GPGWrapper(gpghome=gpghome)
# load OpenPGP keypair
if not self._has_openpgp_keypair():
self._gen_openpgp_keypair()
self._load_openpgp_keypair()
# load secret
if not self._has_secret():
self._gen_secret()
self._load_secret()
def _has_secret(self):
if os.path.isfile(self.SECRET_PATH):
return True
return False
def _load_secret(self):
try:
with open(self.SECRET_PATH) as f:
self._secret = str(self._gpg.decrypt(f.read()))
except IOError as e:
raise IOError('Failed to open secret file %s.' % self.SECRET_PATH)
def _gen_secret(self):
self._secret = ''.join(random.choice(string.ascii_uppercase + string.digits) for x in range(self.SECRET_LENGTH))
ciphertext = self._gpg.encrypt(self._secret, self._fingerprint, self._fingerprint)
f = open(self.SECRET_PATH, 'w')
f.write(str(ciphertext))
f.close()
def _has_openpgp_keypair(self):
try:
self._gpg.find_key(self._user_email)
return True
except LookupError:
return False
def _gen_openpgp_keypair(self):
params = self._gpg.gen_key_input(
key_type='RSA',
key_length=4096,
name_real=self._user_email,
name_email=self._user_email,
name_comment='Generated by LEAP Soledad.')
self._gpg.gen_key(params)
def _load_openpgp_keypair(self):
self._fingerprint = self._gpg.find_key(self._user_email)['fingerprint']
def encrypt(self, data, sign=None, passphrase=None, symmetric=False):
return str(self._gpg.encrypt(data, self._fingerprint, sign=sign,
passphrase=passphrase, symmetric=symmetric))
def encrypt_symmetric(self, doc_id, data, sign=None):
h = hmac.new(self._secret, doc_id).hexdigest()
return self.encrypt(data, sign=sign, passphrase=h, symmetric=True)
def decrypt(self, data, passphrase=None, symmetric=False):
return str(self._gpg.decrypt(data, passphrase=passphrase))
def decrypt_symmetric(self, doc_id, data):
h = hmac.new(self._secret, doc_id).hexdigest()
return self.decrypt(data, passphrase=h)
|