Package pysmime :: Module file
[hide private]
[frames] | no frames]

Source Code for Module pysmime.file

  1  # pysmime/file.py 
  2  # Lorenzo Gaggini <lg@libersoft.it> 
  3  # Libersoft <tech@libersoft.it> 
  4  # http://www.libersoft.it 
  5  # License: http://www.gnu.org/licenses/gpl.txt 
  6   
  7  """ 
  8  Functions to verify, sign, encrypt and decrypt SMIME files, build on top of 
  9  pysmime/core. 
 10  """ 
 11   
 12  import logging 
 13   
 14  from util import BIO_from_buffer, BIO_from_file_path 
 15  from core import encrypt, sign, decrypt, verify 
 16   
 17   
18 -def file_encrypt(input_file_path, recipient_cert, output_file_path=None, 19 keyring_source='file', cypher='des_ede3_cbc'):
20 """ 21 Encrypts the input file data with public key of input certificate. If an 22 output file path is present, the encrypted data is also written to that 23 file. 24 25 @type input_file_path: filepath 26 @param input_file_path: the filepath from where retrieve the data to 27 encrypt 28 @type recipient_cert: filepath or M2Crypto.BIO or M2Crypto.X509.X509 29 @param recipient_cert: the recipient certificate reference from filepath, 30 could be from file, from memory or from pkcs11 smartcard, based on 31 keyring_source input parameter. 32 @type output_file_path: filepath 33 @param output_file_path: if present, the filepath where to write the 34 encrypted data. 35 @type keyring_source: str 36 @keyword keyring_source: the type of the source for input certificate, used 37 to recall the appropriate method for encrypter settings. Ammitted 38 values are: file, memory, pkcs11. 39 @type cypher: str 40 @keyword cypher: the cypher to use for encryption of the data, run 41 "openssl enc -help" for supported cyphers, you have to choose a public 42 key cypher from availables. 43 @rtype: M2Crypto.SMIME.PKCS7 44 @return: the PKCS#7 encrypted data in DER format. 45 """ 46 file_bio = BIO_from_file_path(input_file_path) 47 p7 = encrypt(file_bio, recipient_cert, keyring_source, cypher) 48 encrypted_data = BIO_from_buffer() 49 p7.write_der(encrypted_data) 50 if output_file_path: 51 try: 52 with open(output_file_path, 'wb') as fd: 53 fd.write(encrypted_data.read()) 54 except IOError, e: 55 logging.error('IOError in writing encrypted file ' + str(e)) 56 raise 57 return encrypted_data
58 59
60 -def file_decrypt(input_file_path, recipient_private_key, recipient_cert, 61 output_file_path=None, keyring_source='file', type='DER'):
62 """ 63 Decrypts the input file data with input private key and input certificate. 64 If an output file path is present, the decrypted data is also written to 65 that file. 66 67 @type input_file_path: filepath 68 @param input_file_path: the filepath from where retrieve the data to 69 decrypt 70 @type recipient_private_key: filepath or M2Crypto.BIO or M2Crypto.EVP.PKey 71 @param recipient_private_key: recipient private key reference, could be 72 from file, from memory or from pkcs11 smartcard, based on 73 keyring_source input parameter. 74 @type recipient_cert: filepath or M2Crypto.BIO or M2Crypto.X509.X509 75 @param recipient_cert: recipient certificate, could be from filepath, from 76 memory or from pkcs11 smartcard, based on keyring_source input 77 parameter. 78 @type output_file_path: filepath 79 @param output_file_path: if present, the filepath where to write the 80 decrypted data. 81 @type keyring_source: str 82 @keyword keyring_source: the type of the source for input certificate, used 83 to recall the appropriate method for decrypter settings. Ammitted 84 values are: file, memory, pkcs11. 85 @type type: str 86 @keyword type: specifies the type of input PKCS#7 data: PEM or DER 87 @rtype: str 88 @return: the decrypted data in plain form. 89 """ 90 file_bio = BIO_from_file_path(input_file_path) 91 decrypted_data = decrypt(file_bio, recipient_private_key, recipient_cert, 92 keyring_source, type) 93 if output_file_path: 94 try: 95 with open(output_file_path, 'wb') as fd: 96 fd.write(decrypted_data) 97 except IOError, e: 98 logging.error('IOError in writing decrypted file ' + str(e)) 99 raise 100 return decrypted_data
101 102
103 -def file_sign(input_file_path, sender_private_key, sender_cert, 104 output_file_path=None, keyring_source='file', type='DER'):
105 """ 106 Signs the input file data with input private key and input certificate. 107 If an output file path is present, the signed data is also written to that 108 file. 109 110 @type input_file_path: filepath 111 @param input_file_path: the filepath from where retrieve the data to 112 sign. 113 @type sender_private_key: filepath or M2Crypto.BIO or M2Crypto.EVP.PKey 114 @param sender_private_key: recipient private key reference, could be from 115 file, from memory or from pkcs11 smartcard, based on keyring_source 116 input parameter. 117 @type sender_cert: filepath or M2Crypto.BIO or M2Crypto.X509.X509 118 @param sender_cert: recipient certificate, could be from filepath, from 119 memory or from pkcs11 smartcard, based on keyring_source input 120 parameter. 121 @type output_file_path: filepath 122 @param output_file_path: if present, the filepath where to write the 123 signed data. 124 @type keyring_source: str 125 @keyword keyring_source: the type of the source for input certificate, used 126 to recall the appropriate method for decrypter settings. Ammitted 127 values are: file, memory, pkcs11. 128 @type type: str 129 @keyword type: specifies the type of output PKCS#7 data: PEM or DER 130 @rtype: M2Crypto.SMIME.PKCS7 131 @return: the PKCS#7 signed data in DER format. 132 """ 133 file_bio = BIO_from_file_path(input_file_path) 134 p7 = sign(file_bio, sender_private_key, sender_cert, keyring_source, type) 135 signed_data = BIO_from_buffer() 136 p7.write_der(signed_data) 137 if output_file_path: 138 try: 139 with open(output_file_path, 'wb') as fd: 140 fd.write(signed_data.read()) 141 except IOError, e: 142 logging.error('IOError in writing signed files ' + str(e)) 143 raise 144 return signed_data
145 146
147 -def file_verify(input_file_path, certstore_path, AUTO_SIGNED_CERT=False, 148 type='DER'):
149 """ 150 Verifies the input file data against the certificates stored in file at 151 certstore path. 152 153 @type input_file_path: filepath 154 @parameter input_file_path: the filepath from where retrieve the data to 155 verify. 156 @type certstore_path: filepath 157 @parameter certstore_path: path to the file of the trusted certificates, 158 for example /etc/ssl/certs/ca-certificats.crt. 159 @type AUTO_SIGNED_CERT: boolean 160 @parameter AUTO_SIGNED_CERT: to accept or not auto signed certificates as 161 valid for verification. 162 @type type: str 163 @keyword type: specifies the type of input PKCS#7 data: PEM or DER 164 @rtype: list 165 @return: list of the certificate of the signer verified. 166 """ 167 signed_certs = [] 168 file_bio = BIO_from_file_path(input_file_path) 169 signed_certs = verify(file_bio, certstore_path, AUTO_SIGNED_CERT, type) 170 return signed_certs
171