diff --git a/komrade/backend/keymaker.py b/komrade/backend/keymaker.py index 4e43216..9b20428 100644 --- a/komrade/backend/keymaker.py +++ b/komrade/backend/keymaker.py @@ -63,142 +63,69 @@ class Keymaker(Logger): return key except ThemisError as e: self.log('!! decryption failed:',e) - - - # def assemble_key(self, key_encr, key_decr, passphrases={}, keychain_encr={}, keychain_decr={}, keyname=''): - - # key_decr_decr_key,key_decr_decr_cell = self.getkey_decr_decr_keycell(passphrases=passphrases,keyname=keyname) - # self.log(f'about to decrypt {key_decr_encr} ({keyname}) with cell {key_decr_decr_cell}') - # try: - # key_decr = key_decr_decr_cell.decrypt(key_decr_encr) - # except ThemisError as e: - # self.log('!!',e) - # return - # self.log(f'{keyname}bkey_decr <--',pubkey_decr) - # return pubkey_decr - - def buildkey(self, uri, passphrases={}, keychain_encr={}, keychain_decr={}, keyname='pubkey'): - # if the decryption keys have been provided to me - key_decr = None - key_encr = None - - if keychain_decr: - # get the relevant decryption key - key_decr = keychain_decr.get(f'{keyname}_decr'): - - # see if I have the right encrypted key - key_encr = self.getkey_encr(uri, keyname=keyname+'_encr', **kwargs) - - # conversely, if the encryption keys have been provided to me - elif keychain_encr: - # get the relevant encryption key - key_encr = keychain_encr.get(f'{keyname}_encr'): - - # see if I have the right decryption key stored - key_decr = self.getkey_decr(uri, keyname=keyname, ) - - # then, once I have both: put them together - if not key_decr and not key_encr: return - try: - key = SCellSeal(key=key_decr).decrypt(key_encr) - except ThemisError as e: - self.log('key recovery failed',e) - return key + # Concrete keys + ## (1) Final keys def pubkey(self, **kwargs): - return self.getkey(uri=self.name,keyname='pub',**kwargs) + return self.getkey(keyname='pubkey',uri=self.name,**kwargs) def privkey(self, **kwargs): - return self.getkey(uri=self.pubkey(**kwargs),keyname='priv',**kwargs) + return self.getkey(keyname='privkey',uri=self.pubkey(**kwargs),**kwargs) def adminkey(self, **kwargs): - return self.getkey(uri=self.privkey(**kwargs),keyname='admin',**kwargs) - - - - ## (1-X) ENCRYPTED KEYS - def getkey_encr(self, uri, passphrases={}, keychain_decr={}, keyname='pub_encr'): - # can I find the key? - found_key = self.crypt_keys.get(uri,prefix=f'/{keyname}/') - if found_key: return found_key - # otherwise, get it by encrypting its components? - key_made = self.buildkey_encr(passphrases=passphrases) - if key_made: return key_made - # flag error - self.log(f'!! could not get {keyname}key_encr') + return self.getkey(keyname='adminkey',uri=self.privkey(**kwargs),**kwargs) + + ## (1-X) Encrypted halves def pubkey_encr(self, **kwargs): - return self.getkey_encr(uri=self.name,keyname='pub',**kwargs) + return self.getkey(uri=self.name,keyname='pubkey_encr',**kwargs) def privkey_encr(self, **kwargs): - return self.getkey(uri=self.pubkey_encr(**kargs),keyname='priv',**kwargs) + return self.getkey(uri=self.pubkey_encr(**kargs),keyname='privkey_encr',**kwargs) def adminkey_encr(self, **kwargs): - return self.getkey(uri=self.privkey_encr(**kargs),keyname='admin',**kwargs) - def buildkey_encr(self, passphrases={}, keyname='pub'): - # get decrypted key - key_encr_decr = self.getkey_encr_decr(keyname=keyname) - # get encrypted key - key_encr_encr_key,key_encr_encr_cell = self.getkey_encr_encr_keycell(passphrases=passphrases,keyname=keyname) - self.log(f'about to encrypt {key_encr_decr} ({keyname}) with cell {key_encr_encr_cell}') - try: - key_encr = key_encr_encr_cell.encrypt(key_encr_decr) - except ThemisError as e: - self.log('!!',e) - return - self.log(f'{keyname}bkey_encr <--',pubkey_encr) - return pubkey_encr + return self.getkey(uri=self.privkey_encr(**kargs),keyname='adminkey_encr',**kwargs) - - ### (1-Y) DECRYPTION KEYS - def getkey_decr(self, uri, passphrases={}, keychain_encr={}, keyname=''): - # can I find the key? - found_key = self.crypt_keys.get(uri,prefix=f'/{keyname}_decr/') - if found_key: return found_key - # otherwise, get it by decrypting its components? - key_made = self.buildkey_decr(passphrases=passphrases) - if key_made: return key_made - # flag error - self.log(f'!! could not get {keyname}key_decr') + ## (1-Y) Decrpytor halves def pubkey_decr(self, **kwargs): - return self.getkey_decr(uri=self.name,keyname='pub',**kwargs) + return self.getkey(uri=self.name,keyname='pubkey_decr',**kwargs) def privkey_decr(self, **kwargs): - return self.getkey(uri=self.pubkey_decr(**kargs),keyname='priv',**kwargs) + return self.getkey(uri=self.pubkey_decr(**kargs),keyname='privkey_decr',**kwargs) def adminkey_decr(self, **kwargs): - return self.getkey(uri=self.privkey_decr(**kargs),keyname='admin',**kwargs) - def buildkey_decr(self, passphrases={}, keyname='pub'): - # get encrypted key - key_decr_encr = self.getkey_decr_encr(keyname=keyname) - # get decrypted key - key_decr_decr_key,key_decr_decr_cell = self.getkey_decr_decr_keycell(passphrases=passphrases,keyname=keyname) - self.log(f'about to decrypt {key_decr_encr} ({keyname}) with cell {key_decr_decr_cell}') - try: - key_decr = key_decr_decr_cell.decrypt(key_decr_encr) - except ThemisError as e: - self.log('!!',e) - return - self.log(f'{keyname}bkey_decr <--',pubkey_decr) - return pubkey_decr - - - ## MAGIC KEY ATTRIBUTES - # loading keys back - - ### DECR DECR KEYCELL - + return self.getkey(uri=self.privkey_decr(**kargs),keyname='adminkey_decr',**kwargs) + + ## Second halving! + ## (1-X-X) + def pubkey_encr_encr(self, **kwargs): + return self.getkey(uri=self.name,keyname='pubkey_encr_encr',**kwargs) + def privkey_encr_encr(self, **kwargs): + return self.getkey(uri=self.pubkey_encr_encr(**kargs),keyname='privkey_encr_encr',**kwargs) + def adminkey_encr_encr(self, **kwargs): + return self.getkey(uri=self.privkey_encr_encr(**kargs),keyname='adminkey_encr_encr',**kwargs) + + ## (1-X-Y) + def pubkey_encr_decr(self, **kwargs): + return self.getkey(uri=self.name,keyname='pubkey_encr_decr',**kwargs) + def privkey_encr_decr(self, **kwargs): + return self.getkey(uri=self.pubkey_encr_decr(**kargs),keyname='privkey_encr_decr',**kwargs) + def adminkey_encr_decr(self, **kwargs): + return self.getkey(uri=self.privkey_encr_decr(**kargs),keyname='adminkey_encr_decr',**kwargs) + + ## (1-Y-X) + def pubkey_decr_encr(self, **kwargs): + return self.getkey(uri=self.name,keyname='pubkey_decr_encr',**kwargs) + def privkey_decr_encr(self, **kwargs): + return self.getkey(uri=self.pubkey_decr_encr(**kargs),keyname='privkey_decr_encr',**kwargs) + def adminkey_decr_encr(self, **kwargs): + return self.getkey(uri=self.privkey_decr_encr(**kargs),keyname='adminkey_decr_encr',**kwargs) + + ## (1-Y-Y) + def pubkey_decr_decr(self, **kwargs): + return self.getkey(uri=self.name,keyname='pubkey_decr_decr',**kwargs) + def privkey_decr_decr(self, **kwargs): + return self.getkey(uri=self.pubkey_decr_decr(**kargs),keyname='privkey_decr_decr',**kwargs) + def adminkey_decr_decr(self, **kwargs): + return self.getkey(uri=self.privkey_decr_decr(**kargs),keyname='adminkey_decr_decr',**kwargs) ### DECR ENCR KEYS ## Third level: splitting (encrypted/decryption key) the encrypted keys and decryption keys above - def getkey_decr_encr(self,crypt_key = None,keyname='pub'): - if not crypt_key: crypt_key = self.name - key_decr_encr = self.crypt_keys.get(self.name,prefix=f'/{keyname}_decr_encr/') - self.log(f'{keyname}key_decr_encr <--',key_decr_encr) - return key_decr_encr - def pubkey_decr_encr(self,passphrases={}): - return self.getkey_decr_encr(crypt_key=self.name, keyname='pub') - def privkey_decr_encr(self,passphrases={}): - pubkey_decr = self.pubkey_decr(passphrase=passphrase) - return self.getkey_decr_encr(crypt_key=pubkey_decr, keyname='priv') - def adminkey_decr_encr(self,passphrases={}): - privkey_decr=self.privkey_decr(passphrase=passphrase) - return self.getkey_decr_encr(crypt_key=privkey_decr, keyname='admin') # Get key de-cryptors @@ -215,40 +142,3 @@ class Keymaker(Logger): self.log(f'pass_cell [{q_name}] <--',pass_cell) return (pass_key, pass_cell) - - def getkey_decr_keycell(self, passphrases={}, keyname='pub_decr_decr_key'): - # get or make - decr_key = None - decr_cell = None - - passphrase=passphrases.get(keyname+'_pass') - if passphrase: - decr_key=None - decr_cell = SCellSeal(passphrase=passphrase) - return (decr_key,decr_cell) - - # do I have a decryption key stored? - decr_key = self.crypt_keys.get(self.name,prefix=f'/{keyname}/') - if decr_key: - decr_cell = SCellSeal(key=decr_key) - return (decr_key,decr_cell) - - # otherwise, make a new decryption key and cell - if not decr_cell: - return self.genkey_pass_keycell() - - return (decr_key,decr_cell) - - def pubkey_decr_decr_keycell(self,passphrases={}): - return self.getkey_decr_decr_keycell(passphrase=passphrase, keyname='pub') - def privkey_decr_decr_keycell(self,passphrases={}): - return self.getkey_decr_decr_keycell(passphrase=passphrase, keyname='priv') - def adminkey_decr_decr_keycell(self,passphrases={}): - return self.getkey_decr_decr_keycell(passphrase=passphrase, keyname='admin') - - - - - ### DECR KEYS - -