diff options
author | Dylan Baker <dylan@pnwbakers.com> | 2018-02-21 09:43:20 -0800 |
---|---|---|
committer | Dylan Baker <dylan@pnwbakers.com> | 2018-03-01 10:34:56 -0800 |
commit | 7805f34f55f7143e1ebfca982b0654a3ef42e1d0 (patch) | |
tree | 508e38cc7de1c0777e122918cdcd157b88526491 | |
parent | 62c0e7354d64ddbfbb0130f690a5768185e3eb92 (diff) |
Fix crypto
This makes me a little nervous. I wonder if we're better off leaving the
bits that gpg works with as bytes while gpg is working with them and do
the string transformation later.
-rw-r--r-- | alot/crypto.py | 16 | ||||
-rw-r--r-- | tests/crypto_test.py | 14 |
2 files changed, 17 insertions, 13 deletions
diff --git a/alot/crypto.py b/alot/crypto.py index 4ebb72f7..cfb148ac 100644 --- a/alot/crypto.py +++ b/alot/crypto.py @@ -8,6 +8,7 @@ from __future__ import absolute_import import gpg from .errors import GPGProblem, GPGCode +from . import helper def RFC3156_micalg_from_algo(hash_algo): @@ -152,9 +153,9 @@ def detached_signature_for(plaintext_str, keys): """ ctx = gpg.core.Context(armor=True) ctx.signers = keys - (sigblob, sign_result) = ctx.sign(plaintext_str, + (sigblob, sign_result) = ctx.sign(plaintext_str.encode('utf-8'), mode=gpg.constants.SIG_MODE_DETACH) - return sign_result.signatures, sigblob + return sign_result.signatures, sigblob.decode('ascii') def encrypt(plaintext_str, keys): @@ -168,9 +169,9 @@ def encrypt(plaintext_str, keys): """ assert keys, 'Must provide at least one key to encrypt with' ctx = gpg.core.Context(armor=True) - out = ctx.encrypt(plaintext_str, recipients=keys, sign=False, + out = ctx.encrypt(plaintext_str.encode('utf-8'), recipients=keys, sign=False, always_trust=True)[0] - return out + return out.decode('ascii') NO_ERROR = None @@ -200,7 +201,7 @@ def verify_detached(message, signature): """ ctx = gpg.core.Context() try: - verify_results = ctx.verify(message, signature)[1] + verify_results = ctx.verify(message.encode('utf-8'), signature.encode('ascii'))[1] return verify_results.signatures except gpg.errors.BadSignatures as e: raise GPGProblem(bad_signatures_to_str(e), code=GPGCode.BAD_SIGNATURE) @@ -219,12 +220,13 @@ def decrypt_verify(encrypted): """ ctx = gpg.core.Context() try: - (plaintext, _, verify_result) = ctx.decrypt(encrypted, verify=True) + (plaintext, _, verify_result) = ctx.decrypt( + encrypted.encode('utf-8'), verify=True) except gpg.errors.GPGMEError as e: raise GPGProblem(str(e), code=e.getcode()) # what if the signature is bad? - return verify_result.signatures, plaintext + return verify_result.signatures, helper.try_decode(plaintext) def validate_key(key, sign=False, encrypt=False): diff --git a/tests/crypto_test.py b/tests/crypto_test.py index d481d64e..b059cc82 100644 --- a/tests/crypto_test.py +++ b/tests/crypto_test.py @@ -14,6 +14,7 @@ import gpg import mock from alot import crypto +from alot import helper from alot.errors import GPGProblem, GPGCode from . import utilities @@ -57,7 +58,8 @@ def tearDownModule(): # Kill any gpg-agent's that have been opened lookfor = 'gpg-agent --homedir {}'.format(os.environ['GNUPGHOME']) - out = subprocess.check_output(['ps', 'xo', 'pid,cmd'], stderr=DEVNULL) + out = helper.try_decode( + subprocess.check_output(['ps', 'xo', 'pid,cmd'], stderr=DEVNULL)) for each in out.strip().split('\n'): pid, cmd = each.strip().split(' ', 1) if cmd.startswith(lookfor): @@ -113,12 +115,12 @@ class TestDetachedSignatureFor(unittest.TestCase): with gpg.core.Context() as ctx: _, detached = crypto.detached_signature_for(to_sign, [ctx.get_key(FPR)]) - with tempfile.NamedTemporaryFile(delete=False) as f: + with tempfile.NamedTemporaryFile(mode='w+', delete=False) as f: f.write(detached) sig = f.name self.addCleanup(os.unlink, f.name) - with tempfile.NamedTemporaryFile(delete=False) as f: + with tempfile.NamedTemporaryFile(mode='w+', delete=False) as f: f.write(to_sign) text = f.name self.addCleanup(os.unlink, f.name) @@ -363,13 +365,13 @@ class TestEncrypt(unittest.TestCase): to_encrypt = "this is a string\nof data." encrypted = crypto.encrypt(to_encrypt, keys=[crypto.get_key(FPR)]) - with tempfile.NamedTemporaryFile(delete=False) as f: + with tempfile.NamedTemporaryFile(mode='w+', delete=False) as f: f.write(encrypted) enc_file = f.name self.addCleanup(os.unlink, enc_file) - dec = subprocess.check_output(['gpg', '--decrypt', enc_file], - stderr=DEVNULL) + dec = helper.try_decode(subprocess.check_output( + ['gpg', '--decrypt', enc_file], stderr=DEVNULL)) self.assertEqual(to_encrypt, dec) |