1
2
3
4
5
6
7 """
8 Functions to verify, sign, encrypt and decrypt SMIME mail entity, build on top
9 of pysmime/core.
10 """
11
12 from M2Crypto import SMIME
13 from util import BIO_from_buffer
14 from core import encrypt, sign, decrypt, verify
15
16
17 -def mail_encrypt(mail, recipient_cert, keyring_source='file',
18 cypher='des_ede3_cbc'):
19 """
20 Encrypts the input mail data with public key of input certificate.
21
22 @type mail: str
23 @param mail: mail text to encrypt.
24 @type recipient_cert: filepath or M2Crypto.BIO or M2Crypto.X509.X509
25 @param recipient_cert: the recipient certificate reference from filepath,
26 could be from file, from memory or from pkcs11 smartcard, based on
27 keyring_source input parameter.
28 @type keyring_source: str
29 @keyword keyring_source: the type of the source for input certificate, used
30 to recall the appropriate method for encrypter settings. Ammitted
31 values are: file, memory, pkcs11.
32 @type cypher: str
33 @keyword cypher: the cypher to use for encryption of the data, run
34 "openssl enc -help" for supported cyphers, you have to choose a public
35 key cypher from availables.
36 @rtype: str
37 @return: the encrypted data in PEM format with MIME header.
38 """
39 p7 = encrypt(BIO_from_buffer(mail), recipient_cert, keyring_source, cypher)
40 encrypted_mail = BIO_from_buffer()
41 SMIME.SMIME().write(encrypted_mail, p7)
42 return encrypted_mail.read()
43
44
45 -def mail_decrypt(encrypted_mail, recipient_private_key, recipient_cert,
46 keyring_source='file', type='PEM'):
47 """
48 Decrypts the input mail data with input private key and input certificate.
49
50 @type encrypted_mail: str
51 @param encrypted_mail: encrypted mail body to decrypt.
52 @type recipient_private_key: filepath or M2Crypto.BIO or M2Crypto.EVP.PKey
53 @param recipient_private_key: recipient private key reference, could be
54 from file, from memory or from pkcs11 smartcard, based on
55 keyring_source input parameter.
56 @type recipient_cert: filepath or M2Crypto.BIO or M2Crypto.X509.X509
57 @param recipient_cert: recipient certificate, could be from filepath, from
58 memory or from pkcs11 smartcard, based on keyring_source input
59 parameter.
60 @type keyring_source: str
61 @keyword keyring_source: the type of the source for input certificate, used
62 to recall the appropriate method for decrypter settings. Ammitted
63 values are: file, memory, pkcs11.
64 @type type: str
65 @keyword type: specifies the type of input PKCS#7 data: PEM or DER
66 @rtype: str
67 @return: the decrypted data in plain form.
68 """
69 decrypted_mail = decrypt(BIO_from_buffer(encrypted_mail),
70 recipient_private_key, recipient_cert,
71 keyring_source, type)
72 return decrypted_mail
73
74
75 -def mail_sign(mail, sender_private_key, sender_cert, keyring_source='file',
76 type='PEM'):
77 """
78 Signs the input mail data with input private key and input certificate.
79
80 @type mail: str
81 @param mail: mail text to sign.
82 @type sender_private_key: filepath or M2Crypto.BIO or M2Crypto.EVP.PKey
83 @param sender_private_key: recipient private key reference, could be from
84 file, from memory or from pkcs11 smartcard, based on keyring_source
85 input parameter.
86 @type sender_cert: filepath or M2Crypto.BIO or M2Crypto.X509.X509
87 @param sender_cert: recipient certificate, could be from filepath, from
88 memory or from pkcs11 smartcard, based on keyring_source input
89 parameter.
90 @type keyring_source: str
91 @keyword keyring_source: the type of the source for input certificate, used
92 to recall the appropriate method for decrypter settings. Ammitted
93 values are: file, memory, pkcs11.
94 @type type: str
95 @keyword type: specifies the type of output PKCS#7 data: PEM or DER
96 @rtype: str
97 @return: the signed data in PEM format with MIME header.
98 """
99 p7 = sign(BIO_from_buffer(mail), sender_private_key, sender_cert,
100 keyring_source, type)
101 signed_mail = BIO_from_buffer()
102 SMIME.SMIME().write(signed_mail, p7, BIO_from_buffer(mail))
103 return signed_mail.read()
104
105
106 -def mail_verify(signed_mail, certstore_path, AUTO_SIGNED_CERT=False,
107 type='PEM'):
108 """
109 Verifies the input mail data against the certificates stored in file at
110 certstore path.
111
112 @type signed_mail: str
113 @parameter signed_mail: the signed mail text to verify.
114 @type certstore_path: filepath
115 @parameter certstore_path: path to the file of the trusted certificates,
116 for example /etc/ssl/certs/ca-certificats.crt.
117 @type AUTO_SIGNED_CERT: boolean
118 @parameter AUTO_SIGNED_CERT: to accept or not auto signed certificates as
119 valid for verification.
120 @type type: str
121 @keyword type: specifies the type of input PKCS#7 data: PEM or DER
122 @rtype: list
123 @return: list of the certificate of the signers verified.
124 """
125 signed_certs = []
126 signed_certs = verify(BIO_from_buffer(signed_mail), certstore_path,
127 AUTO_SIGNED_CERT, type)
128 if signed_certs:
129 return signed_certs
130 else:
131 return False
132