Back to index

obnam  1.1
Classes | Functions
obnamlib.encryption Namespace Reference

Classes

class  SymmetricKeyCache
class  Keyring
class  SecretKeyring

Functions

def generate_symmetric_key
def _gpg_pipe
def encrypt_symmetric
def decrypt_symmetric
def _gpg
def get_public_key
def encrypt_with_keyring
def decrypt_with_secret_keys

Function Documentation

def obnamlib.encryption._gpg (   args,
  stdin = '',
  gpghome = None 
) [private]
Run gpg and return its output.

Definition at line 110 of file encryption.py.

00110 
00111 def _gpg(args, stdin='', gpghome=None):
00112     '''Run gpg and return its output.'''
00113     
00114     env = dict()
00115     env.update(os.environ)
00116     if gpghome is not None:
00117         env['GNUPGHOME'] = gpghome
00118         tracing.trace('gpghome=%s' % gpghome)
00119     
00120     argv = ['gpg', '-q', '--batch'] + args
00121     tracing.trace('argv=%s', repr(argv))
00122     p = subprocess.Popen(argv, stdin=subprocess.PIPE, stdout=subprocess.PIPE,
00123                          stderr=subprocess.PIPE, env=env)
00124     out, err = p.communicate(stdin)
00125     
00126     # Return output data, or deal with errors.
00127     if p.returncode: # pragma: no cover
00128         raise obnamlib.Error(err)
00129         
00130     return out
00131 

Here is the caller graph for this function:

def obnamlib.encryption._gpg_pipe (   args,
  data,
  passphrase 
) [private]
Pipe things through gpg.

With the right args, this can be either an encryption or a decryption
operation.

For safety, we give the passphrase to gpg via a file descriptor.
The argument list is modified to include the relevant options for that.

The data is fed to gpg via a temporary file, readable only by
the owner, to avoid congested pipes.

Definition at line 60 of file encryption.py.

00060 
00061 def _gpg_pipe(args, data, passphrase):
00062     '''Pipe things through gpg.
00063     
00064     With the right args, this can be either an encryption or a decryption
00065     operation.
00066     
00067     For safety, we give the passphrase to gpg via a file descriptor.
00068     The argument list is modified to include the relevant options for that.
00069     
00070     The data is fed to gpg via a temporary file, readable only by
00071     the owner, to avoid congested pipes.
00072     
00073     '''
00074     
00075     # Open pipe for passphrase, and write it there. If passphrase is
00076     # very long (more than 4 KiB by default), this might block. A better
00077     # implementation would be to have a loop around select(2) to do pipe
00078     # I/O when it can be done without blocking. Patches most welcome.
00079 
00080     keypipe = os.pipe()
00081     os.write(keypipe[1], passphrase + '\n')
00082     os.close(keypipe[1])
00083     
00084     # Actually run gpg.
00085     
00086     argv = ['gpg', '--passphrase-fd', str(keypipe[0]), '-q', '--batch'] + args
00087     tracing.trace('argv=%s', repr(argv))
00088     p = subprocess.Popen(argv, stdin=subprocess.PIPE, stdout=subprocess.PIPE,
00089                          stderr=subprocess.PIPE)
00090     out, err = p.communicate(data)
00091     
00092     os.close(keypipe[0])
00093     
00094     # Return output data, or deal with errors.
00095     if p.returncode: # pragma: no cover
00096         raise obnamlib.Error(err)
00097         
00098     return out
00099     
    

Here is the caller graph for this function:

def obnamlib.encryption.decrypt_symmetric (   encrypted,
  key 
)
Decrypt encrypted data with symmetric encryption.

Definition at line 105 of file encryption.py.

00105 
00106 def decrypt_symmetric(encrypted, key):
00107     '''Decrypt encrypted data with symmetric encryption.'''
00108     return _gpg_pipe(['-d'], encrypted, key)
00109 

Here is the call graph for this function:

def obnamlib.encryption.decrypt_with_secret_keys (   encrypted,
  gpghome = None 
)
Decrypt data using secret keys GnuPG finds on its own.

Definition at line 246 of file encryption.py.

00246 
00247 def decrypt_with_secret_keys(encrypted, gpghome=None):
00248     '''Decrypt data using secret keys GnuPG finds on its own.'''
00249     return _gpg(['-d'], stdin=encrypted, gpghome=gpghome)
00250 

Here is the call graph for this function:

def obnamlib.encryption.encrypt_symmetric (   cleartext,
  key 
)
Encrypt data with symmetric encryption.

Definition at line 100 of file encryption.py.

00100 
00101 def encrypt_symmetric(cleartext, key):
00102     '''Encrypt data with symmetric encryption.'''
00103     return _gpg_pipe(['-c'], cleartext, key)
00104     
    

Here is the call graph for this function:

def obnamlib.encryption.encrypt_with_keyring (   cleartext,
  keyring 
)
Encrypt data with all keys in a keyring.

Definition at line 232 of file encryption.py.

00232 
00233 def encrypt_with_keyring(cleartext, keyring):
00234     '''Encrypt data with all keys in a keyring.'''
00235     recipients = []
00236     for keyid in keyring.keyids():
00237         recipients += ['-r', keyid]
00238     return keyring.gpg(False, 
00239                         ['-e', 
00240                          '--trust-model', 'always',
00241                          '--no-encrypt-to',
00242                          '--no-default-recipient',
00243                             ] + recipients,
00244                        stdin=cleartext)
00245     
    
def obnamlib.encryption.generate_symmetric_key (   numbits,
  filename = '/dev/random' 
)
Generate a random key of at least numbits for symmetric encryption.

Definition at line 26 of file encryption.py.

00026 
00027 def generate_symmetric_key(numbits, filename='/dev/random'):
00028     '''Generate a random key of at least numbits for symmetric encryption.'''
00029 
00030     tracing.trace('numbits=%d', numbits)
00031     
00032     bytes = (numbits + 7) / 8
00033     f = open(filename, 'rb')
00034     key = f.read(bytes)
00035     f.close()
00036     
00037     return key.encode('hex')
00038 

def obnamlib.encryption.get_public_key (   keyid,
  gpghome = None 
)
Return the ASCII armored export form of a given public key.

Definition at line 132 of file encryption.py.

00132 
00133 def get_public_key(keyid, gpghome=None):
00134     '''Return the ASCII armored export form of a given public key.'''
00135     return _gpg(['--export', '--armor', keyid], gpghome=gpghome)
00136 
00137 

Here is the call graph for this function: