diff options
| author | Ruben Pollan <meskio@sindominio.net> | 2018-10-26 11:45:11 -0500 |
|---|---|---|
| committer | Ruben Pollan <meskio@sindominio.net> | 2018-11-01 11:15:09 -0600 |
| commit | 13d4afeda738ff85da5f0b62d19c29a68c4e5689 (patch) | |
| tree | 0fe595ab4d53515a2cdc954ce957acadce306551 /alot/crypto.py | |
| parent | f1972c5f824c41d0851e116a1f9fe9c1fa58bc10 (diff) | |
crypto: deal with bad signatures on session-decrypt
When the key is known or just the signature is invalid gpgme raises
'BadSignatures'. Up to now we were not acknoledging it when using
session-keys, making impossible to open emails without the signing key.
Diffstat (limited to 'alot/crypto.py')
| -rw-r--r-- | alot/crypto.py | 41 |
1 files changed, 26 insertions, 15 deletions
diff --git a/alot/crypto.py b/alot/crypto.py index 38b8727a..cb9eba03 100644 --- a/alot/crypto.py +++ b/alot/crypto.py @@ -223,16 +223,7 @@ def decrypt_verify(encrypted, session_keys=None): pass ctx = gpg.core.Context() - try: - plaintext, _, verify_result = ctx.decrypt(encrypted, verify=True) - sigs = verify_result.signatures - except gpg.errors.GPGMEError as e: - raise GPGProblem(str(e), code=e.getcode()) - except gpg.errors.BadSignatures as e: - plaintext, _, _ = ctx.decrypt(encrypted, verify=False) - sigs = e.result.signatures - - return sigs, plaintext + return _decrypt_verify_with_context(ctx, encrypted) def _decrypt_verify_session_keys(encrypted, session_keys): @@ -243,20 +234,40 @@ def _decrypt_verify_session_keys(encrypted, session_keys): :param list[str] session_keys: a list OpenPGP session keys :returns: the signatures and decrypted plaintext data :rtype: tuple[list[gpg.resuit.Signature], str] - :raises: :class:`~alot.errors.GPGProblem` if the decryption fails + :raises alot.errors.GPGProblem: if the decryption fails """ for key in session_keys: ctx = gpg.core.Context() ctx.set_ctx_flag("override-session-key", key) try: - (plaintext, _, verify_result) = ctx.decrypt( - encrypted, verify=True) - except gpg.errors.GPGMEError as e: + return _decrypt_verify_with_context(ctx, encrypted) + except GPGProblem: continue - return verify_result.signatures, plaintext raise GPGProblem("No valid session key", code=GPGCode.NOT_FOUND) +def _decrypt_verify_with_context(ctx, encrypted): + """Decrypts the given ciphertext string using the gpg context + and returns both the signatures (if any) and the plaintext. + + :param gpg.Context ctx: the gpg context + :param bytes encrypted: the mail to decrypt + :returns: the signatures and decrypted plaintext data + :rtype: tuple[list[gpg.resuit.Signature], str] + :raises alot.errors.GPGProblem: if the decryption fails + """ + try: + (plaintext, _, verify_result) = ctx.decrypt( + encrypted, verify=True) + sigs = verify_result.signatures + except gpg.errors.GPGMEError as e: + raise GPGProblem(str(e), code=e.getcode()) + except gpg.errors.BadSignatures as e: + (plaintext, _, _) = ctx.decrypt(encrypted, verify=False) + sigs = e.result.signatures + return sigs, plaintext + + def validate_key(key, sign=False, encrypt=False): """Assert that a key is valide and optionally that it can be used for signing or encrypting. Raise GPGProblem otherwise. |