From aa48da25c13c1565c72bf5f0cb93b49fbc27c29a Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 11 Mar 2013 12:20:11 -0300 Subject: Add recovery document export. --- src/leap/soledad/__init__.py | 36 ++++++++++++++++++++++++++++++++ src/leap/soledad/tests/test_encrypted.py | 32 ++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) (limited to 'src/leap/soledad') diff --git a/src/leap/soledad/__init__.py b/src/leap/soledad/__init__.py index 5fe49d0a..d883a8d0 100644 --- a/src/leap/soledad/__init__.py +++ b/src/leap/soledad/__init__.py @@ -66,6 +66,7 @@ class Soledad(object): 'shared_db_url': '', } + # TODO: separate username from provider, currently in user_email. def __init__(self, user_email, prefix=None, gnupg_home=None, secret_path=None, local_db_path=None, config_file=None, shared_db_url=None, auth_token=None, @@ -447,5 +448,40 @@ class Soledad(object): # TODO: create authentication scheme for sync with server. return self._db.sync(url, creds=None, autocreate=True) + #------------------------------------------------------------------------- + # Recovery document export and import + #------------------------------------------------------------------------- + + def export_recovery_document(self, passphrase): + """ + Exports username, provider, private key and key for symmetric + encryption, optionally encrypted with a password. + + The LEAP client gives the user the option to export a text file with a + complete copy of their private keys and authorization information, + either password protected or not. This "recovery document" can be + printed or saved electronically as the user sees fit. If the user + needs to recover their data, they can load this recover document into + any LEAP client. The user can also type the recovery document in + manually, although it will be long and very painful to copy manually. + + Contents of recovery document: + + - username + - provider + - private key. + - key for symmetric encryption + """ + data = json.dumps([ + self._user_email, + self._gpg.export_keys(self._fingerprint, secret=True), + self._secret + ]) + if passphrase: + data = str(self._gpg.encrypt(data, None, sign=None, + passphrase=passphrase, + symmetric=True)) + return data + __all__ = ['backends', 'util', 'server', 'shared_db'] diff --git a/src/leap/soledad/tests/test_encrypted.py b/src/leap/soledad/tests/test_encrypted.py index 4a48266e..0a4eb9cc 100644 --- a/src/leap/soledad/tests/test_encrypted.py +++ b/src/leap/soledad/tests/test_encrypted.py @@ -37,3 +37,35 @@ class EncryptedSyncTestCase(BaseSoledadTest): True, self._soledad._gpg.is_encrypted_sym(enc_json), "could not encrypt with passphrase.") + + def test_export_recovery_document_raw(self): + rd = self._soledad.export_recovery_document(None) + self.assertEqual( + [ + self._soledad._user_email, + self._soledad._gpg.export_keys(self._soledad._fingerprint, + secret=True), + self._soledad._secret + ], + json.loads(rd), + "Could not export raw recovery document." + ) + + def test_export_recovery_document_crypt(self): + rd = self._soledad.export_recovery_document('123456') + self.assertEqual(True, + self._soledad._gpg.is_encrypted_sym(rd)) + data = [ + self._soledad._user_email, + self._soledad._gpg.export_keys(self._soledad._fingerprint, + secret=True), + self._soledad._secret, + ] + raw_data = json.loads(str(self._soledad._gpg.decrypt( + rd, + passphrase='123456'))) + self.assertEqual( + raw_data, + data, + "Could not export raw recovery document." + ) -- cgit v1.2.3