Package pysmime :: Module mail
[hide private]
[frames] | no frames]

Source Code for Module pysmime.mail

  1  # pysmime/mail.py 
  2  # Lorenzo Gaggini <lg@libersoft.it> 
  3  # Libersoft <tech@libersoft.it> 
  4  # http://www.libersoft.it 
  5  # License: http://www.gnu.org/licenses/gpl.txt 
  6   
  7  """ 
  8  Functions to verify, sign, encrypt and decrypt SMIME mail entity, build on top 
  9  of pysmime/core. 
 10  """ 
 11   
 12  from M2Crypto import SMIME 
 13  from util import BIO_from_buffer 
 14  from core import encrypt, sign, decrypt, verify 
 15   
 16   
17 -def mail_encrypt(mail, recipient_cert, keyring_source='file', 18 cypher='des_ede3_cbc'):
19 """ 20 Encrypts the input mail data with public key of input certificate. 21 22 @type mail: str 23 @param mail: mail text to encrypt. 24 @type recipient_cert: filepath or M2Crypto.BIO or M2Crypto.X509.X509 25 @param recipient_cert: the recipient certificate reference from filepath, 26 could be from file, from memory or from pkcs11 smartcard, based on 27 keyring_source input parameter. 28 @type keyring_source: str 29 @keyword keyring_source: the type of the source for input certificate, used 30 to recall the appropriate method for encrypter settings. Ammitted 31 values are: file, memory, pkcs11. 32 @type cypher: str 33 @keyword cypher: the cypher to use for encryption of the data, run 34 "openssl enc -help" for supported cyphers, you have to choose a public 35 key cypher from availables. 36 @rtype: str 37 @return: the encrypted data in PEM format with MIME header. 38 """ 39 p7 = encrypt(BIO_from_buffer(mail), recipient_cert, keyring_source, cypher) 40 encrypted_mail = BIO_from_buffer() 41 SMIME.SMIME().write(encrypted_mail, p7) 42 return encrypted_mail.read()
43 44
45 -def mail_decrypt(encrypted_mail, recipient_private_key, recipient_cert, 46 keyring_source='file', type='PEM'):
47 """ 48 Decrypts the input mail data with input private key and input certificate. 49 50 @type encrypted_mail: str 51 @param encrypted_mail: encrypted mail body to decrypt. 52 @type recipient_private_key: filepath or M2Crypto.BIO or M2Crypto.EVP.PKey 53 @param recipient_private_key: recipient private key reference, could be 54 from file, from memory or from pkcs11 smartcard, based on 55 keyring_source input parameter. 56 @type recipient_cert: filepath or M2Crypto.BIO or M2Crypto.X509.X509 57 @param recipient_cert: recipient certificate, could be from filepath, from 58 memory or from pkcs11 smartcard, based on keyring_source input 59 parameter. 60 @type keyring_source: str 61 @keyword keyring_source: the type of the source for input certificate, used 62 to recall the appropriate method for decrypter settings. Ammitted 63 values are: file, memory, pkcs11. 64 @type type: str 65 @keyword type: specifies the type of input PKCS#7 data: PEM or DER 66 @rtype: str 67 @return: the decrypted data in plain form. 68 """ 69 decrypted_mail = decrypt(BIO_from_buffer(encrypted_mail), 70 recipient_private_key, recipient_cert, 71 keyring_source, type) 72 return decrypted_mail
73 74
75 -def mail_sign(mail, sender_private_key, sender_cert, keyring_source='file', 76 type='PEM'):
77 """ 78 Signs the input mail data with input private key and input certificate. 79 80 @type mail: str 81 @param mail: mail text to sign. 82 @type sender_private_key: filepath or M2Crypto.BIO or M2Crypto.EVP.PKey 83 @param sender_private_key: recipient private key reference, could be from 84 file, from memory or from pkcs11 smartcard, based on keyring_source 85 input parameter. 86 @type sender_cert: filepath or M2Crypto.BIO or M2Crypto.X509.X509 87 @param sender_cert: recipient certificate, could be from filepath, from 88 memory or from pkcs11 smartcard, based on keyring_source input 89 parameter. 90 @type keyring_source: str 91 @keyword keyring_source: the type of the source for input certificate, used 92 to recall the appropriate method for decrypter settings. Ammitted 93 values are: file, memory, pkcs11. 94 @type type: str 95 @keyword type: specifies the type of output PKCS#7 data: PEM or DER 96 @rtype: str 97 @return: the signed data in PEM format with MIME header. 98 """ 99 p7 = sign(BIO_from_buffer(mail), sender_private_key, sender_cert, 100 keyring_source, type) 101 signed_mail = BIO_from_buffer() 102 SMIME.SMIME().write(signed_mail, p7, BIO_from_buffer(mail)) 103 return signed_mail.read()
104 105
106 -def mail_verify(signed_mail, certstore_path, AUTO_SIGNED_CERT=False, 107 type='PEM'):
108 """ 109 Verifies the input mail data against the certificates stored in file at 110 certstore path. 111 112 @type signed_mail: str 113 @parameter signed_mail: the signed mail text to verify. 114 @type certstore_path: filepath 115 @parameter certstore_path: path to the file of the trusted certificates, 116 for example /etc/ssl/certs/ca-certificats.crt. 117 @type AUTO_SIGNED_CERT: boolean 118 @parameter AUTO_SIGNED_CERT: to accept or not auto signed certificates as 119 valid for verification. 120 @type type: str 121 @keyword type: specifies the type of input PKCS#7 data: PEM or DER 122 @rtype: list 123 @return: list of the certificate of the signers verified. 124 """ 125 signed_certs = [] 126 signed_certs = verify(BIO_from_buffer(signed_mail), certstore_path, 127 AUTO_SIGNED_CERT, type) 128 if signed_certs: 129 return signed_certs 130 else: 131 return False
132