Add basic openpgp key handling to Key Manager

6 files changed, 922 insertions, 104 deletions

diff --git a/src/leap/common/keymanager/__init__.py b/src/leap/common/keymanager/__init__.py
index 71aaddd..10acb36 100644
--- a/src/leap/common/keymanager/__init__.py
+++ b/src/leap/common/keymanager/__init__.py
@@ -27,114 +27,22 @@ except ImportError:
     import json  # noqa
 
 
-from abc import ABCMeta, abstractmethod
 from u1db.errors import HTTPError
 
 
-#
-# Key types
-#
-
-class EncryptionKey(object):
-    """
-    Abstract class for encryption keys.
-
-    A key is "validated" if the nicknym agent has bound the user address to a
-    public key. Nicknym supports three different levels of key validation:
-
-    * Level 3 - path trusted: A path of cryptographic signatures can be traced
-      from a trusted key to the key under evaluation. By default, only the
-      provider key from the user's provider is a "trusted key".
-    * level 2 - provider signed: The key has been signed by a provider key for
-      the same domain, but the provider key is not validated using a trust
-      path (i.e. it is only registered)
-    * level 1 - registered: The key has been encountered and saved, it has no
-      signatures (that are meaningful to the nicknym agent).
-    """
-
-    __metaclass__ = ABCMeta
-
-    def __init__(self, address, key_id=None, fingerprint=None,
-                 key_data=None, length=None, expiry_date=None,
-                 validation=None, first_seen_at=None,
-                 last_audited_at=None):
-        self.address = address
-        self.key_id = key_id
-        self.fingerprint = fingerprint
-        self.key_data = key_data
-        self.length = length
-        self.expiry_date = expiry_date
-        self.validation = validation
-        self.first_seen_at = first_seen_at
-        self.last_audited_at = last_audited_at
-
-    @abstractmethod
-    def get_json(self):
-        """
-        Return a JSON string describing this key.
-
-        @return: The JSON string describing this key.
-        @rtype: str
-        """
-
-
-#
-# Key wrappers
-#
-
-class KeyTypeWrapper(object):
-    """
-    Abstract class for Key Type Wrappers.
-
-    A wrapper for a certain key type should know how to get and put keys in
-    local storage using Soledad and also how to generate new keys.
-    """
-
-    __metaclass__ = ABCMeta
-
-    @abstractmethod
-    def get_key(self, address):
-        """
-        Get key from local storage.
-
-        @param address: The address bound to the key.
-        @type address: str
-
-        @return: The key bound to C{address}.
-        @rtype: EncryptionKey
-        @raise KeyNotFound: If the key was not found on local storage.
-        """
-
-    @abstractmethod
-    def put_key(self, key):
-        """
-        Put a key in local storage.
-
-        @param key: The key to be stored.
-        @type key: EncryptionKey
-        """
-
-    @abstractmethod
-    def gen_key(self, address):
-        """
-        Generate a new key.
-
-        @param address: The address bound to the key.
-        @type address: str
-        @return: The key bound to C{address}.
-        @rtype: EncryptionKey
-        """
-
-
-#
-# Key manager
-#
+from leap.common.keymanager.errors import (
+    KeyNotFound,
+    KeyAlreadyExists,
+)
+from leap.common.keymanager.openpgp import (
+    OpenPGPKey,
+    OpenPGPWrapper,
+)
 
 
-class KeyNotFound(Exception):
-    """
-    Raised when key was no found on keyserver.
-    """
+wrapper_map = {
+    OpenPGPKey: OpenPGPWrapper(),
+}
 
 
 class KeyManager(object):
@@ -195,7 +103,7 @@ class KeyManager(object):
         except KeyNotFound:
             key = filter(lambda k: isinstance(k, ktype),
                          self._fetch_keys(address))
-            if key is None
+            if key is None:
                 raise KeyNotFound()
             wrapper_map[ktype].put_key(key)
             return key
diff --git a/src/leap/common/keymanager/errors.py b/src/leap/common/keymanager/errors.py
new file mode 100644
index 0000000..f5bb1ab
--- /dev/null
+++ b/src/leap/common/keymanager/errors.py
@@ -0,0 +1,29 @@
+# -*- coding: utf-8 -*-
+# errors.py
+# Copyright (C) 2013 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+
+class KeyNotFound(Exception):
+    """
+    Raised when key was no found on keyserver.
+    """
+
+
+class KeyAlreadyExists(Exception):
+    """
+    Raised when attempted to create a key that already exists.
+    """
diff --git a/src/leap/common/keymanager/gpg.py b/src/leap/common/keymanager/gpg.py
new file mode 100644
index 0000000..dc5d791
--- /dev/null
+++ b/src/leap/common/keymanager/gpg.py
@@ -0,0 +1,398 @@
+# -*- coding: utf-8 -*-
+# gpgwrapper.py
+# Copyright (C) 2013 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+"""
+A GPG wrapper used to handle OpenPGP keys.
+
+This is a temporary class that will be superseded by the a revised version of
+python-gnupg.
+"""
+
+
+import os
+import gnupg
+import re
+from gnupg import (
+    logger,
+    _is_sequence,
+    _make_binary_stream,
+)
+
+
+class ListPackets():
+    """
+    Handle status messages for --list-packets.
+    """
+
+    def __init__(self, gpg):
+        """
+        Initialize the packet listing handling class.
+
+        @param gpg: GPG object instance.
+        @type gpg: gnupg.GPG
+        """
+        self.gpg = gpg
+        self.nodata = None
+        self.key = None
+        self.need_passphrase = None
+        self.need_passphrase_sym = None
+        self.userid_hint = None
+
+    def handle_status(self, key, value):
+        """
+        Handle one line of the --list-packets status message.
+
+        @param key: The status message key.
+        @type key: str
+        @param value: The status message value.
+        @type value: str
+        """
+        # TODO: write tests for handle_status
+        if key == 'NODATA':
+            self.nodata = True
+        if key == 'ENC_TO':
+            # This will only capture keys in our keyring. In the future we
+            # may want to include multiple unknown keys in this list.
+            self.key, _, _ = value.split()
+        if key == 'NEED_PASSPHRASE':
+            self.need_passphrase = True
+        if key == 'NEED_PASSPHRASE_SYM':
+            self.need_passphrase_sym = True
+        if key == 'USERID_HINT':
+            self.userid_hint = value.strip().split()
+
+
+class GPGWrapper(gnupg.GPG):
+    """
+    This is a temporary class for handling GPG requests, and should be
+    replaced by a more general class used throughout the project.
+    """
+
+    GNUPG_HOME = os.environ['HOME'] + "/.config/leap/gnupg"
+    GNUPG_BINARY = "/usr/bin/gpg"  # this has to be changed based on OS
+
+    def __init__(self, gpgbinary=GNUPG_BINARY, gnupghome=GNUPG_HOME,
+                 verbose=False, use_agent=False, keyring=None, options=None):
+        """
+        Initialize a GnuPG process wrapper.
+
+        @param gpgbinary: Name for GnuPG binary executable.
+        @type gpgbinary: C{str}
+        @param gpghome: Full pathname to directory containing the public and
+            private keyrings.
+        @type gpghome: C{str}
+        @param keyring: Name of alternative keyring file to use. If specified,
+            the default keyring is not used.
+        @param verbose: Should some verbose info be output?
+        @type verbose: bool
+        @param use_agent: Should pass `--use-agent` to GPG binary?
+        @type use_agent: bool
+        @param keyring: Path for the keyring to use.
+        @type keyring: str
+        @options: A list of additional options to pass to the GPG binary.
+        @type options: list
+
+        @raise: RuntimeError with explanation message if there is a problem
+            invoking gpg.
+        """
+        gnupg.GPG.__init__(self, gnupghome=gnupghome, gpgbinary=gpgbinary,
+                           verbose=verbose, use_agent=use_agent,
+                           keyring=keyring, options=options)
+        self.result_map['list-packets'] = ListPackets
+
+    def find_key_by_email(self, email, secret=False):
+        """
+        Find user's key based on their email.
+
+        @param email: Email address of key being searched for.
+        @type email: str
+        @param secret: Should we search for a secret key?
+        @type secret: bool
+
+        @return: The fingerprint of the found key.
+        @rtype: str
+        """
+        for key in self.list_keys(secret=secret):
+            for uid in key['uids']:
+                if re.search(email, uid):
+                    return key
+        raise LookupError("GnuPG public key for email %s not found!" % email)
+
+    def find_key_by_subkey(self, subkey, secret=False):
+        """
+        Find user's key based on a subkey fingerprint.
+
+        @param email: Subkey fingerprint of the key being searched for.
+        @type email: str
+        @param secret: Should we search for a secret key?
+        @type secret: bool
+
+        @return: The fingerprint of the found key.
+        @rtype: str
+        """
+        for key in self.list_keys(secret=secret):
+            for sub in key['subkeys']:
+                if sub[0] == subkey:
+                    return key
+        raise LookupError(
+            "GnuPG public key for subkey %s not found!" % subkey)
+
+    def find_key_by_keyid(self, keyid, secret=False):
+        """
+        Find user's key based on the key ID.
+
+        @param email: The key ID of the key being searched for.
+        @type email: str
+        @param secret: Should we search for a secret key?
+        @type secret: bool
+
+        @return: The fingerprint of the found key.
+        @rtype: str
+        """
+        for key in self.list_keys(secret=secret):
+            if keyid == key['keyid']:
+                return key
+        raise LookupError(
+            "GnuPG public key for keyid %s not found!" % keyid)
+
+    def find_key_by_fingerprint(self, fingerprint, secret=False):
+        """
+        Find user's key based on the key fingerprint.
+
+        @param email: The fingerprint of the key being searched for.
+        @type email: str
+        @param secret: Should we search for a secret key?
+        @type secret: bool
+
+        @return: The fingerprint of the found key.
+        @rtype: str
+        """
+        for key in self.list_keys(secret=secret):
+            if fingerprint == key['fingerprint']:
+                return key
+        raise LookupError(
+            "GnuPG public key for fingerprint %s not found!" % fingerprint)
+
+    def encrypt(self, data, recipient, sign=None, always_trust=True,
+                passphrase=None, symmetric=False):
+        """
+        Encrypt data using GPG.
+
+        @param data: The data to be encrypted.
+        @type data: str
+        @param recipient: The address of the public key to be used.
+        @type recipient: str
+        @param sign: Should the encrypted content be signed?
+        @type sign: bool
+        @param always_trust: Skip key validation and assume that used keys
+            are always fully trusted?
+        @type always_trust: bool
+        @param passphrase: The passphrase to be used if symmetric encryption
+            is desired.
+        @type passphrase: str
+        @param symmetric: Should we encrypt to a password?
+        @type symmetric: bool
+
+        @return: An object with encrypted result in the `data` field.
+        @rtype: gnupg.Crypt
+        """
+        # TODO: devise a way so we don't need to "always trust".
+        return gnupg.GPG.encrypt(self, data, recipient, sign=sign,
+                                 always_trust=always_trust,
+                                 passphrase=passphrase,
+                                 symmetric=symmetric,
+                                 cipher_algo='AES256')
+
+    def decrypt(self, data, always_trust=True, passphrase=None):
+        """
+        Decrypt data using GPG.
+
+        @param data: The data to be decrypted.
+        @type data: str
+        @param always_trust: Skip key validation and assume that used keys
+            are always fully trusted?
+        @type always_trust: bool
+        @param passphrase: The passphrase to be used if symmetric encryption
+            is desired.
+        @type passphrase: str
+
+        @return: An object with decrypted result in the `data` field.
+        @rtype: gnupg.Crypt
+        """
+        # TODO: devise a way so we don't need to "always trust".
+        return gnupg.GPG.decrypt(self, data, always_trust=always_trust,
+                                 passphrase=passphrase)
+
+    def send_keys(self, keyserver, *keyids):
+        """
+        Send keys to a keyserver
+
+        @param keyserver: The keyserver to send the keys to.
+        @type keyserver: str
+        @param keyids: The key ids to send.
+        @type keyids: list
+
+        @return: A list of keys sent to server.
+        @rtype: gnupg.ListKeys
+        """
+        # TODO: write tests for this.
+        # TODO: write a SendKeys class to handle status for this.
+        result = self.result_map['list'](self)
+        gnupg.logger.debug('send_keys: %r', keyids)
+        data = gnupg._make_binary_stream("", self.encoding)
+        args = ['--keyserver', keyserver, '--send-keys']
+        args.extend(keyids)
+        self._handle_io(args, data, result, binary=True)
+        gnupg.logger.debug('send_keys result: %r', result.__dict__)
+        data.close()
+        return result
+
+    def encrypt_file(self, file, recipients, sign=None,
+                     always_trust=False, passphrase=None,
+                     armor=True, output=None, symmetric=False,
+                     cipher_algo=None):
+        """
+        Encrypt the message read from the file-like object 'file'.
+
+        @param file: The file to be encrypted.
+        @type data: file
+        @param recipient: The address of the public key to be used.
+        @type recipient: str
+        @param sign: Should the encrypted content be signed?
+        @type sign: bool
+        @param always_trust: Skip key validation and assume that used keys
+            are always fully trusted?
+        @type always_trust: bool
+        @param passphrase: The passphrase to be used if symmetric encryption
+            is desired.
+        @type passphrase: str
+        @param armor: Create ASCII armored output?
+        @type armor: bool
+        @param output: Path of file to write results in.
+        @type output: str
+        @param symmetric: Should we encrypt to a password?
+        @type symmetric: bool
+        @param cipher_algo: Algorithm to use.
+        @type cipher_algo: str
+
+        @return: An object with encrypted result in the `data` field.
+        @rtype: gnupg.Crypt
+        """
+        args = ['--encrypt']
+        if symmetric:
+            args = ['--symmetric']
+            if cipher_algo:
+                args.append('--cipher-algo %s' % cipher_algo)
+        else:
+            args = ['--encrypt']
+            if not _is_sequence(recipients):
+                recipients = (recipients,)
+            for recipient in recipients:
+                args.append('--recipient "%s"' % recipient)
+        if armor:  # create ascii-armored output - set to False for binary
+            args.append('--armor')
+        if output:  # write the output to a file with the specified name
+            if os.path.exists(output):
+                os.remove(output)  # to avoid overwrite confirmation message
+            args.append('--output "%s"' % output)
+        if sign:
+            args.append('--sign --default-key "%s"' % sign)
+        if always_trust:
+            args.append("--always-trust")
+        result = self.result_map['crypt'](self)
+        self._handle_io(args, file, result, passphrase=passphrase, binary=True)
+        logger.debug('encrypt result: %r', result.data)
+        return result
+
+    def list_packets(self, data):
+        """
+        List the sequence of packets.
+
+        @param data: The data to extract packets from.
+        @type data: str
+
+        @return: An object with packet info.
+        @rtype ListPackets
+        """
+        args = ["--list-packets"]
+        result = self.result_map['list-packets'](self)
+        self._handle_io(
+            args,
+            _make_binary_stream(data, self.encoding),
+            result,
+        )
+        return result
+
+    def encrypted_to(self, data):
+        """
+        Return the key to which data is encrypted to.
+
+        @param data: The data to be examined.
+        @type data: str
+
+        @return: The fingerprint of the key to which data is encrypted to.
+        @rtype: str
+        """
+        # TODO: make this support multiple keys.
+        result = self.list_packets(data)
+        if not result.key:
+            raise LookupError(
+                "Content is not encrypted to a GnuPG key!")
+        try:
+            return self.find_key_by_keyid(result.key)
+        except:
+            return self.find_key_by_subkey(result.key)
+
+    def is_encrypted_sym(self, data):
+        """
+        Say whether some chunk of data is encrypted to a symmetric key.
+
+        @param data: The data to be examined.
+        @type data: str
+
+        @return: Whether data is encrypted to a symmetric key.
+        @rtype: bool
+        """
+        result = self.list_packets(data)
+        return bool(result.need_passphrase_sym)
+
+    def is_encrypted_asym(self, data):
+        """
+        Say whether some chunk of data is encrypted to a private key.
+
+        @param data: The data to be examined.
+        @type data: str
+
+        @return: Whether data is encrypted to a private key.
+        @rtype: bool
+        """
+        result = self.list_packets(data)
+        return bool(result.key)
+
+    def is_encrypted(self, data):
+        """
+        Say whether some chunk of data is encrypted to a key.
+
+        @param data: The data to be examined.
+        @type data: str
+
+        @return: Whether data is encrypted to a key.
+        @rtype: bool
+        """
+        self.is_encrypted_asym() or self.is_encrypted_sym()
+
diff --git a/src/leap/common/keymanager/keys.py b/src/leap/common/keymanager/keys.py
new file mode 100644
index 0000000..13e3c0b
--- /dev/null
+++ b/src/leap/common/keymanager/keys.py
@@ -0,0 +1,127 @@
+# -*- coding: utf-8 -*-
+# keys.py
+# Copyright (C) 2013 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+"""
+Abstact key type and wrapper representations.
+"""
+
+
+from abc import ABCMeta, abstractmethod
+
+
+class EncryptionKey(object):
+    """
+    Abstract class for encryption keys.
+
+    A key is "validated" if the nicknym agent has bound the user address to a
+    public key. Nicknym supports three different levels of key validation:
+
+    * Level 3 - path trusted: A path of cryptographic signatures can be traced
+      from a trusted key to the key under evaluation. By default, only the
+      provider key from the user's provider is a "trusted key".
+    * level 2 - provider signed: The key has been signed by a provider key for
+      the same domain, but the provider key is not validated using a trust
+      path (i.e. it is only registered)
+    * level 1 - registered: The key has been encountered and saved, it has no
+      signatures (that are meaningful to the nicknym agent).
+    """
+
+    __metaclass__ = ABCMeta
+
+    def __init__(self, address, key_id=None, fingerprint=None,
+                 key_data=None, length=None, expiry_date=None,
+                 validation=None, first_seen_at=None,
+                 last_audited_at=None):
+        self.address = address
+        self.key_id = key_id
+        self.fingerprint = fingerprint
+        self.key_data = key_data
+        self.length = length
+        self.expiry_date = expiry_date
+        self.validation = validation
+        self.first_seen_at = first_seen_at
+        self.last_audited_at = last_audited_at
+
+    def get_json(self):
+        """
+        Return a JSON string describing this key.
+
+        @return: The JSON string describing this key.
+        @rtype: str
+        """
+        return json.dumps({
+            'address': self.address,
+            'type': str(self.__type__),
+            'key_id': self.key_id,
+            'fingerprint': self.fingerprint,
+            'key_data': self.key_data,
+            'length': self.length,
+            'expiry_date': self.expiry_date,
+            'validation': self.validation,
+            'first_seen_at': self.first_seen_at,
+            'last_audited_at': self.last_audited_at,
+        })
+
+
+#
+# Key wrappers
+#
+
+class KeyTypeWrapper(object):
+    """
+    Abstract class for Key Type Wrappers.
+
+    A wrapper for a certain key type should know how to get and put keys in
+    local storage using Soledad and also how to generate new keys.
+    """
+
+    __metaclass__ = ABCMeta
+
+    @abstractmethod
+    def get_key(self, address):
+        """
+        Get key from local storage.
+
+        @param address: The address bound to the key.
+        @type address: str
+
+        @return: The key bound to C{address}.
+        @rtype: EncryptionKey
+        @raise KeyNotFound: If the key was not found on local storage.
+        """
+
+    @abstractmethod
+    def put_key(self, key):
+        """
+        Put a key in local storage.
+
+        @param key: The key to be stored.
+        @type key: EncryptionKey
+        """
+
+    @abstractmethod
+    def gen_key(self, address):
+        """
+        Generate a new key.
+
+        @param address: The address bound to the key.
+        @type address: str
+        @return: The key bound to C{address}.
+        @rtype: EncryptionKey
+        """
+
diff --git a/src/leap/common/keymanager/openpgp.py b/src/leap/common/keymanager/openpgp.py
new file mode 100644
index 0000000..bb73089
--- /dev/null
+++ b/src/leap/common/keymanager/openpgp.py
@@ -0,0 +1,126 @@
+# -*- coding: utf-8 -*-
+# openpgpwrapper.py
+# Copyright (C) 2013 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+"""
+Infrastructure for using OpenPGP keys in Key Manager.
+"""
+
+
+import re
+
+from leap.common.keymanager.errors import (
+    KeyNotFound,
+    KeyAlreadyExists,
+)
+from leap.common.keymanager.keys import (
+    EncryptionKey,
+    KeyTypeWrapper,
+)
+from leap.common.keymanager.gpg import GPGWrapper
+
+
+class OpenPGPKey(EncryptionKey):
+    """
+    Base class for OpenPGP keys.
+    """
+
+
+class OpenPGPWrapper(KeyTypeWrapper):
+    """
+    A wrapper for OpenPGP keys.
+    """
+
+    def __init__(self, gnupghome=None):
+        self._gpg = GPGWrapper(gnupghome=gnupghome)
+
+    def _build_key(self, address, result):
+        """
+        Build an OpenPGPWrapper key for C{address} based on C{result} from
+        local storage.
+
+        @param address: The address bound to the key.
+        @type address: str
+        @param result: Result obtained from GPG storage.
+        @type result: dict
+        """
+        key_data = self._gpg.export_keys(result['fingerprint'], secret=False)
+        return OpenPGPKey(
+            address,
+            key_id=result['keyid'],
+            fingerprint=result['fingerprint'],
+            key_data=key_data,
+            length=result['length'],
+            expiry_date=result['expires'],
+            validation=None,  # TODO: verify for validation.
+        )
+
+    def gen_key(self, address):
+        """
+        Generate an OpenPGP keypair for C{address}.
+
+        @param address: The address bound to the key.
+        @type address: str
+        @return: The key bound to C{address}.
+        @rtype: OpenPGPKey
+        @raise KeyAlreadyExists: If key already exists in local database.
+        """
+        try:
+            self.get_key(address)
+            raise KeyAlreadyExists()
+        except KeyNotFound:
+            pass
+        params = self._gpg.gen_key_input(
+            key_type='RSA',
+            key_length=4096,
+            name_real=address,
+            name_email=address,
+            name_comment='Generated by LEAP Key Manager.')
+        self._gpg.gen_key(params)
+        return self.get_key(address)
+
+    def get_key(self, address):
+        """
+        Get key bound to C{address} from local storage.
+
+        @param address: The address bound to the key.
+        @type address: str
+
+        @return: The key bound to C{address}.
+        @rtype: OpenPGPKey
+        @raise KeyNotFound: If the key was not found on local storage.
+        """
+        m = re.compile('.*<%s>$' % address)
+        keys = self._gpg.list_keys(secret=False)
+
+        def bound_to_address(key):
+             return bool(filter(lambda u: m.match(u), key['uids']))
+
+        try:
+            bound_key = filter(bound_to_address, keys).pop()
+            return self._build_key(address, bound_key)
+        except IndexError:
+            raise KeyNotFound(address)
+
+    def put_key(self, data):
+        """
+        Put key contained in {data} in local storage.
+
+        @param key: The key data to be stored.
+        @type key: str
+        """
+        self._gpg.import_keys(data)
diff --git a/src/leap/common/tests/test_keymanager.py b/src/leap/common/tests/test_keymanager.py
new file mode 100644
index 0000000..4189aac
--- /dev/null
+++ b/src/leap/common/tests/test_keymanager.py
@@ -0,0 +1,230 @@
+## -*- coding: utf-8 -*-
+# test_keymanager.py
+# Copyright (C) 2013 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+"""
+Tests for the Key Manager.
+"""
+
+
+import unittest
+
+
+from leap.common.testing.basetest import BaseLeapTest
+from leap.common.keymanager import KeyManager, openpgp, KeyNotFound
+
+
+class KeyManagerTestCase(BaseLeapTest):
+
+    def setUp(self):
+        pass
+
+    def tearDown(self):
+        pass
+
+    def _key_manager(user='user@leap.se', url='https://domain.org:6425'):
+        return KeyManager(user, url)
+
+    def test_openpgp_gen_key(self):
+        pgp = openpgp.OpenPGPWrapper(self.tempdir+'/gnupg')
+        try:
+            pgp.get_key('user@leap.se')
+        except KeyNotFound:
+            key = pgp.gen_key('user@leap.se')
+            self.assertIsInstance(key, openpgp.OpenPGPKey)
+            self.assertEqual(
+                'user@leap.se', key.address, 'Wrong address bound to key.')
+            self.assertEqual(
+                '4096', key.length, 'Wrong key length.')
+
+    def test_openpgp_put_key(self):
+        pgp = openpgp.OpenPGPWrapper(self.tempdir+'/gnupg2')
+        try:
+            pgp.get_key('leap@leap.se')
+        except KeyNotFound:
+            pgp.put_key(PUBLIC_KEY)
+            key = pgp.get_key('leap@leap.se')
+            self.assertIsInstance(key, openpgp.OpenPGPKey)
+            self.assertEqual(
+                'leap@leap.se', key.address, 'Wrong address bound to key.')
+            self.assertEqual(
+                '4096', key.length, 'Wrong key length.')
+
+
+
+# Key material for testing
+KEY_FINGERPRINT = "E36E738D69173C13D709E44F2F455E2824D18DDF"
+PUBLIC_KEY = """
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+
+mQINBFC9+dkBEADNRfwV23TWEoGc/x0wWH1P7PlXt8MnC2Z1kKaKKmfnglVrpOiz
+iLWoiU58sfZ0L5vHkzXHXCBf6Eiy/EtUIvdiWAn+yASJ1mk5jZTBKO/WMAHD8wTO
+zpMsFmWyg3xc4DkmFa9KQ5EVU0o/nqPeyQxNMQN7px5pPwrJtJFmPxnxm+aDkPYx
+irDmz/4DeDNqXliazGJKw7efqBdlwTHkl9Akw2gwy178pmsKwHHEMOBOFFvX61AT
+huKqHYmlCGSliwbrJppTG7jc1/ls3itrK+CWTg4txREkSpEVmfcASvw/ZqLbjgfs
+d/INMwXnR9U81O8+7LT6yw/ca4ppcFoJD7/XJbkRiML6+bJ4Dakiy6i727BzV17g
+wI1zqNvm5rAhtALKfACha6YO43aJzairO4II1wxVHvRDHZn2IuKDDephQ3Ii7/vb
+hUOf6XCSmchkAcpKXUOvbxm1yfB1LRa64mMc2RcZxf4mW7KQkulBsdV5QG2276lv
+U2UUy2IutXcGP5nXC+f6sJJGJeEToKJ57yiO/VWJFjKN8SvP+7AYsQSqINUuEf6H
+T5gCPCraGMkTUTPXrREvu7NOohU78q6zZNaL3GW8ai7eSeANSuQ8Vzffx7Wd8Y7i
+Pw9sYj0SMFs1UgjbuL6pO5ueHh+qyumbtAq2K0Bci0kqOcU4E9fNtdiovQARAQAB
+tBxMZWFwIFRlc3QgS2V5IDxsZWFwQGxlYXAuc2U+iQI3BBMBCAAhBQJQvfnZAhsD
+BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEC9FXigk0Y3fT7EQAKH3IuRniOpb
+T/DDIgwwjz3oxB/W0DDMyPXowlhSOuM0rgGfntBpBb3boezEXwL86NPQxNGGruF5
+hkmecSiuPSvOmQlqlS95NGQp6hNG0YaKColh+Q5NTspFXCAkFch9oqUje0LdxfSP
+QfV9UpeEvGyPmk1I9EJV/YDmZ4+Djge1d7qhVZInz4Rx1NrSyF/Tc2EC0VpjQFsU
+Y9Kb2YBBR7ivG6DBc8ty0jJXi7B4WjkFcUEJviQpMF2dCLdonCehYs1PqsN1N7j+
+eFjQd+hqVMJgYuSGKjvuAEfClM6MQw7+FmFwMyLgK/Ew/DttHEDCri77SPSkOGSI
+txCzhTg6798f6mJr7WcXmHX1w1Vcib5FfZ8vTDFVhz/XgAgArdhPo9V6/1dgSSiB
+KPQ/spsco6u5imdOhckERE0lnAYvVT6KE81TKuhF/b23u7x+Wdew6kK0EQhYA7wy
+7LmlaNXc7rMBQJ9Z60CJ4JDtatBWZ0kNrt2VfdDHVdqBTOpl0CraNUjWE5YMDasr
+K2dF5IX8D3uuYtpZnxqg0KzyLg0tzL0tvOL1C2iudgZUISZNPKbS0z0v+afuAAnx
+2pTC3uezbh2Jt8SWTLhll4i0P4Ps5kZ6HQUO56O+/Z1cWovX+mQekYFmERySDR9n
+3k1uAwLilJmRmepGmvYbB8HloV8HqwgguQINBFC9+dkBEAC0I/xn1uborMgDvBtf
+H0sEhwnXBC849/32zic6udB6/3Efk9nzbSpL3FSOuXITZsZgCHPkKarnoQ2ztMcS
+sh1ke1C5gQGms75UVmM/nS+2YI4vY8OX/GC/on2vUyncqdH+bR6xH5hx4NbWpfTs
+iQHmz5C6zzS/kuabGdZyKRaZHt23WQ7JX/4zpjqbC99DjHcP9BSk7tJ8wI4bkMYD
+uFVQdT9O6HwyKGYwUU4sAQRAj7XCTGvVbT0dpgJwH4RmrEtJoHAx4Whg8mJ710E0
+GCmzf2jqkNuOw76ivgk27Kge+Hw00jmJjQhHY0yVbiaoJwcRrPKzaSjEVNgrpgP3
+lXPRGQArgESsIOTeVVHQ8fhK2YtTeCY9rIiO+L0OX2xo9HK7hfHZZWL6rqymXdyS
+fhzh/f6IPyHFWnvj7Brl7DR8heMikygcJqv+ed2yx7iLyCUJ10g12I48+aEj1aLe
+dP7lna32iY8/Z0SHQLNH6PXO9SlPcq2aFUgKqE75A/0FMk7CunzU1OWr2ZtTLNO1
+WT/13LfOhhuEq9jTyTosn0WxBjJKq18lnhzCXlaw6EAtbA7CUwsD3CTPR56aAXFK
+3I7KXOVAqggrvMe5Tpdg5drfYpI8hZovL5aAgb+7Y5ta10TcJdUhS5K3kFAWe/td
+U0cmWUMDP1UMSQ5Jg6JIQVWhSwARAQABiQIfBBgBCAAJBQJQvfnZAhsMAAoJEC9F
+Xigk0Y3fRwsP/i0ElYCyxeLpWJTwo1iCLkMKz2yX1lFVa9nT1BVTPOQwr/IAc5OX
+NdtbJ14fUsKL5pWgW8OmrXtwZm1y4euI1RPWWubG01ouzwnGzv26UcuHeqC5orZj
+cOnKtL40y8VGMm8LoicVkRJH8blPORCnaLjdOtmA3rx/v2EXrJpSa3AhOy0ZSRXk
+ZSrK68AVNwamHRoBSYyo0AtaXnkPX4+tmO8X8BPfj125IljubvwZPIW9VWR9UqCE
+VPfDR1XKegVb6VStIywF7kmrknM1C5qUY28rdZYWgKorw01hBGV4jTW0cqde3N51
+XT1jnIAa+NoXUM9uQoGYMiwrL7vNsLlyyiW5ayDyV92H/rIuiqhFgbJsHTlsm7I8
+oGheR784BagAA1NIKD1qEO9T6Kz9lzlDaeWS5AUKeXrb7ZJLI1TTCIZx5/DxjLqM
+Tt/RFBpVo9geZQrvLUqLAMwdaUvDXC2c6DaCPXTh65oCZj/hqzlJHH+RoTWWzKI+
+BjXxgUWF9EmZUBrg68DSmI+9wuDFsjZ51BcqvJwxyfxtTaWhdoYqH/UQS+D1FP3/
+diZHHlzwVwPICzM9ooNTgbrcDzyxRkIVqsVwBq7EtzcvgYUyX53yG25Giy6YQaQ2
+ZtQ/VymwFL3XdUWV6B/hU4PVAFvO3qlOtdJ6TpE+nEWgcWjCv5g7RjXX
+=MuOY
+-----END PGP PUBLIC KEY BLOCK-----
+"""
+PRIVATE_KEY = """
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+
+lQcYBFC9+dkBEADNRfwV23TWEoGc/x0wWH1P7PlXt8MnC2Z1kKaKKmfnglVrpOiz
+iLWoiU58sfZ0L5vHkzXHXCBf6Eiy/EtUIvdiWAn+yASJ1mk5jZTBKO/WMAHD8wTO
+zpMsFmWyg3xc4DkmFa9KQ5EVU0o/nqPeyQxNMQN7px5pPwrJtJFmPxnxm+aDkPYx
+irDmz/4DeDNqXliazGJKw7efqBdlwTHkl9Akw2gwy178pmsKwHHEMOBOFFvX61AT
+huKqHYmlCGSliwbrJppTG7jc1/ls3itrK+CWTg4txREkSpEVmfcASvw/ZqLbjgfs
+d/INMwXnR9U81O8+7LT6yw/ca4ppcFoJD7/XJbkRiML6+bJ4Dakiy6i727BzV17g
+wI1zqNvm5rAhtALKfACha6YO43aJzairO4II1wxVHvRDHZn2IuKDDephQ3Ii7/vb
+hUOf6XCSmchkAcpKXUOvbxm1yfB1LRa64mMc2RcZxf4mW7KQkulBsdV5QG2276lv
+U2UUy2IutXcGP5nXC+f6sJJGJeEToKJ57yiO/VWJFjKN8SvP+7AYsQSqINUuEf6H
+T5gCPCraGMkTUTPXrREvu7NOohU78q6zZNaL3GW8ai7eSeANSuQ8Vzffx7Wd8Y7i
+Pw9sYj0SMFs1UgjbuL6pO5ueHh+qyumbtAq2K0Bci0kqOcU4E9fNtdiovQARAQAB
+AA/+JHtlL39G1wsH9R6UEfUQJGXR9MiIiwZoKcnRB2o8+DS+OLjg0JOh8XehtuCs
+E/8oGQKtQqa5bEIstX7IZoYmYFiUQi9LOzIblmp2vxOm+HKkxa4JszWci2/ZmC3t
+KtaA4adl9XVnshoQ7pijuCMUKB3naBEOAxd8s9d/JeReGIYkJErdrnVfNk5N71Ds
+FmH5Ll3XtEDvgBUQP3nkA6QFjpsaB94FHjL3gDwum/cxzj6pCglcvHOzEhfY0Ddb
+J967FozQTaf2JW3O+w3LOqtcKWpq87B7+O61tVidQPSSuzPjCtFF0D2LC9R/Hpky
+KTMQ6CaKja4MPhjwywd4QPcHGYSqjMpflvJqi+kYIt8psUK/YswWjnr3r4fbuqVY
+VhtiHvnBHQjz135lUqWvEz4hM3Xpnxydx7aRlv5NlevK8+YIO5oFbWbGNTWsPZI5
+jpoFBpSsnR1Q5tnvtNHauvoWV+XN2qAOBTG+/nEbDYH6Ak3aaE9jrpTdYh0CotYF
+q7csANsDy3JvkAzeU6WnYpsHHaAjqOGyiZGsLej1UcXPFMosE/aUo4WQhiS8Zx2c
+zOVKOi/X5vQ2GdNT9Qolz8AriwzsvFR+bxPzyd8V6ALwDsoXvwEYinYBKK8j0OPv
+OOihSR6HVsuP9NUZNU9ewiGzte/+/r6pNXHvR7wTQ8EWLcEIAN6Zyrb0bHZTIlxt
+VWur/Ht2mIZrBaO50qmM5RD3T5oXzWXi/pjLrIpBMfeZR9DWfwQwjYzwqi7pxtYx
+nJvbMuY505rfnMoYxb4J+cpRXV8MS7Dr1vjjLVUC9KiwSbM3gg6emfd2yuA93ihv
+Pe3mffzLIiQa4mRE3wtGcioC43nWuV2K2e1KjxeFg07JhrezA/1Cak505ab/tmvP
+4YmjR5c44+yL/YcQ3HdFgs4mV+nVbptRXvRcPpolJsgxPccGNdvHhsoR4gwXMS3F
+RRPD2z6x8xeN73Q4KH3bm01swQdwFBZbWVfmUGLxvN7leCdfs9+iFJyqHiCIB6Iv
+mQfp8F0IAOwSo8JhWN+V1dwML4EkIrM8wUb4yecNLkyR6TpPH/qXx4PxVMC+vy6x
+sCtjeHIwKE+9vqnlhd5zOYh7qYXEJtYwdeDDmDbL8oks1LFfd+FyAuZXY33DLwn0
+cRYsr2OEZmaajqUB3NVmj3H4uJBN9+paFHyFSXrH68K1Fk2o3n+RSf2EiX+eICwI
+L6rqoF5sSVUghBWdNegV7qfy4anwTQwrIMGjgU5S6PKW0Dr/3iO5z3qQpGPAj5OW
+ATqPWkDICLbObPxD5cJlyyNE2wCA9VVc6/1d6w4EVwSq9h3/WTpATEreXXxTGptd
+LNiTA1nmakBYNO2Iyo3djhaqBdWjk+EIAKtVEnJH9FAVwWOvaj1RoZMA5DnDMo7e
+SnhrCXl8AL7Z1WInEaybasTJXn1uQ8xY52Ua4b8cbuEKRKzw/70NesFRoMLYoHTO
+dyeszvhoDHberpGRTciVmpMu7Hyi33rM31K9epA4ib6QbbCHnxkWOZB+Bhgj1hJ8
+xb4RBYWiWpAYcg0+DAC3w9gfxQhtUlZPIbmbrBmrVkO2GVGUj8kH6k4UV6kUHEGY
+HQWQR0HcbKcXW81ZXCCD0l7ROuEWQtTe5Jw7dJ4/QFuqZnPutXVRNOZqpl6eRShw
+7X2/a29VXBpmHA95a88rSQsL+qm7Fb3prqRmuMCtrUZgFz7HLSTuUMR867QcTGVh
+cCBUZXN0IEtleSA8bGVhcEBsZWFwLnNlPokCNwQTAQgAIQUCUL352QIbAwULCQgH
+AwUVCgkICwUWAgMBAAIeAQIXgAAKCRAvRV4oJNGN30+xEACh9yLkZ4jqW0/wwyIM
+MI896MQf1tAwzMj16MJYUjrjNK4Bn57QaQW926HsxF8C/OjT0MTRhq7heYZJnnEo
+rj0rzpkJapUveTRkKeoTRtGGigqJYfkOTU7KRVwgJBXIfaKlI3tC3cX0j0H1fVKX
+hLxsj5pNSPRCVf2A5mePg44HtXe6oVWSJ8+EcdTa0shf03NhAtFaY0BbFGPSm9mA
+QUe4rxugwXPLctIyV4uweFo5BXFBCb4kKTBdnQi3aJwnoWLNT6rDdTe4/nhY0Hfo
+alTCYGLkhio77gBHwpTOjEMO/hZhcDMi4CvxMPw7bRxAwq4u+0j0pDhkiLcQs4U4
+Ou/fH+pia+1nF5h19cNVXIm+RX2fL0wxVYc/14AIAK3YT6PVev9XYEkogSj0P7Kb
+HKOruYpnToXJBERNJZwGL1U+ihPNUyroRf29t7u8flnXsOpCtBEIWAO8Muy5pWjV
+3O6zAUCfWetAieCQ7WrQVmdJDa7dlX3Qx1XagUzqZdAq2jVI1hOWDA2rKytnReSF
+/A97rmLaWZ8aoNCs8i4NLcy9Lbzi9QtornYGVCEmTTym0tM9L/mn7gAJ8dqUwt7n
+s24dibfElky4ZZeItD+D7OZGeh0FDuejvv2dXFqL1/pkHpGBZhEckg0fZ95NbgMC
+4pSZkZnqRpr2GwfB5aFfB6sIIJ0HGARQvfnZARAAtCP8Z9bm6KzIA7wbXx9LBIcJ
+1wQvOPf99s4nOrnQev9xH5PZ820qS9xUjrlyE2bGYAhz5Cmq56ENs7THErIdZHtQ
+uYEBprO+VFZjP50vtmCOL2PDl/xgv6J9r1Mp3KnR/m0esR+YceDW1qX07IkB5s+Q
+us80v5LmmxnWcikWmR7dt1kOyV/+M6Y6mwvfQ4x3D/QUpO7SfMCOG5DGA7hVUHU/
+Tuh8MihmMFFOLAEEQI+1wkxr1W09HaYCcB+EZqxLSaBwMeFoYPJie9dBNBgps39o
+6pDbjsO+or4JNuyoHvh8NNI5iY0IR2NMlW4mqCcHEazys2koxFTYK6YD95Vz0RkA
+K4BErCDk3lVR0PH4StmLU3gmPayIjvi9Dl9saPRyu4Xx2WVi+q6spl3ckn4c4f3+
+iD8hxVp74+wa5ew0fIXjIpMoHCar/nndsse4i8glCddINdiOPPmhI9Wi3nT+5Z2t
+9omPP2dEh0CzR+j1zvUpT3KtmhVICqhO+QP9BTJOwrp81NTlq9mbUyzTtVk/9dy3
+zoYbhKvY08k6LJ9FsQYySqtfJZ4cwl5WsOhALWwOwlMLA9wkz0eemgFxStyOylzl
+QKoIK7zHuU6XYOXa32KSPIWaLy+WgIG/u2ObWtdE3CXVIUuSt5BQFnv7XVNHJllD
+Az9VDEkOSYOiSEFVoUsAEQEAAQAP/1AagnZQZyzHDEgw4QELAspYHCWLXE5aZInX
+wTUJhK31IgIXNn9bJ0hFiSpQR2xeMs9oYtRuPOu0P8oOFMn4/z374fkjZy8QVY3e
+PlL+3EUeqYtkMwlGNmVw5a/NbNuNfm5Darb7pEfbYd1gPcni4MAYw7R2SG/57GbC
+9gucvspHIfOSfBNLBthDzmK8xEKe1yD2eimfc2T7IRYb6hmkYfeds5GsqvGI6mwI
+85h4uUHWRc5JOlhVM6yX8hSWx0L60Z3DZLChmc8maWnFXd7C8eQ6P1azJJbW71Ih
+7CoK0XW4LE82vlQurSRFgTwfl7wFYszW2bOzCuhHDDtYnwH86Nsu0DC78ZVRnvxn
+E8Ke/AJgrdhIOo4UAyR+aZD2+2mKd7/waOUTUrUtTzc7i8N3YXGi/EIaNReBXaq+
+ZNOp24BlFzRp+FCF/pptDW9HjPdiV09x0DgICmeZS4Gq/4vFFIahWctg52NGebT0
+Idxngjj+xDtLaZlLQoOz0n5ByjO/Wi0ANmMv1sMKCHhGvdaSws2/PbMR2r4caj8m
+KXpIgdinM/wUzHJ5pZyF2U/qejsRj8Kw8KH/tfX4JCLhiaP/mgeTuWGDHeZQERAT
+xPmRFHaLP9/ZhvGNh6okIYtrKjWTLGoXvKLHcrKNisBLSq+P2WeFrlme1vjvJMo/
+jPwLT5o9CADQmcbKZ+QQ1ZM9v99iDZol7SAMZX43JC019sx6GK0u6xouJBcLfeB4
+OXacTgmSYdTa9RM9fbfVpti01tJ84LV2SyL/VJq/enJF4XQPSynT/tFTn1PAor6o
+tEAAd8fjKdJ6LnD5wb92SPHfQfXqI84rFEO8rUNIE/1ErT6DYifDzVCbfD2KZdoF
+cOSp7TpD77sY1bs74ocBX5ejKtd+aH99D78bJSMM4pSDZsIEwnomkBHTziubPwJb
+OwnATy0LmSMAWOw5rKbsh5nfwCiUTM20xp0t5JeXd+wPVWbpWqI2EnkCEN+RJr9i
+7dp/ymDQ+Yt5wrsN3NwoyiexPOG91WQVCADdErHsnglVZZq9Z8Wx7KwecGCUurJ2
+H6lKudv5YOxPnAzqZS5HbpZd/nRTMZh2rdXCr5m2YOuewyYjvM757AkmUpM09zJX
+MQ1S67/UX2y8/74TcRF97Ncx9HeELs92innBRXoFitnNguvcO6Esx4BTe1OdU6qR
+ER3zAmVf22Le9ciXbu24DN4mleOH+OmBx7X2PqJSYW9GAMTsRB081R6EWKH7romQ
+waxFrZ4DJzZ9ltyosEJn5F32StyLrFxpcrdLUoEaclZCv2qka7sZvi0EvovDVEBU
+e10jOx9AOwf8Gj2ufhquQ6qgVYCzbP+YrodtkFrXRS3IsljIchj1M2ffB/0bfoUs
+rtER9pLvYzCjBPg8IfGLw0o754Qbhh/ReplCRTusP/fQMybvCvfxreS3oyEriu/G
+GufRomjewZ8EMHDIgUsLcYo2UHZsfF7tcazgxMGmMvazp4r8vpgrvW/8fIN/6Adu
+tF+WjWDTvJLFJCe6O+BFJOWrssNrrra1zGtLC1s8s+Wfpe+bGPL5zpHeebGTwH1U
+22eqgJArlEKxrfarz7W5+uHZJHSjF/K9ZvunLGD0n9GOPMpji3UO3zeM8IYoWn7E
+/EWK1XbjnssNemeeTZ+sDh+qrD7BOi+vCX1IyBxbfqnQfJZvmcPWpruy1UsO+aIC
+0GY8Jr3OL69dDQ21jueJAh8EGAEIAAkFAlC9+dkCGwwACgkQL0VeKCTRjd9HCw/+
+LQSVgLLF4ulYlPCjWIIuQwrPbJfWUVVr2dPUFVM85DCv8gBzk5c121snXh9Swovm
+laBbw6ate3BmbXLh64jVE9Za5sbTWi7PCcbO/bpRy4d6oLmitmNw6cq0vjTLxUYy
+bwuiJxWREkfxuU85EKdouN062YDevH+/YResmlJrcCE7LRlJFeRlKsrrwBU3BqYd
+GgFJjKjQC1peeQ9fj62Y7xfwE9+PXbkiWO5u/Bk8hb1VZH1SoIRU98NHVcp6BVvp
+VK0jLAXuSauSczULmpRjbyt1lhaAqivDTWEEZXiNNbRyp17c3nVdPWOcgBr42hdQ
+z25CgZgyLCsvu82wuXLKJblrIPJX3Yf+si6KqEWBsmwdOWybsjygaF5HvzgFqAAD
+U0goPWoQ71PorP2XOUNp5ZLkBQp5etvtkksjVNMIhnHn8PGMuoxO39EUGlWj2B5l
+Cu8tSosAzB1pS8NcLZzoNoI9dOHrmgJmP+GrOUkcf5GhNZbMoj4GNfGBRYX0SZlQ
+GuDrwNKYj73C4MWyNnnUFyq8nDHJ/G1NpaF2hiof9RBL4PUU/f92JkceXPBXA8gL
+Mz2ig1OButwPPLFGQhWqxXAGrsS3Ny+BhTJfnfIbbkaLLphBpDZm1D9XKbAUvdd1
+RZXoH+FTg9UAW87eqU610npOkT6cRaBxaMK/mDtGNdc=
+=JTFu
+-----END PGP PRIVATE KEY BLOCK-----
+"""