Skip to content

Commit

Permalink
Make signer optional for encrypt
Browse files Browse the repository at this point in the history
Signed-off-by: Wiktor Kwapisiewicz <[email protected]>
  • Loading branch information
wiktor-k committed Mar 18, 2024
1 parent d485973 commit cb4c097
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 6 deletions.
3 changes: 3 additions & 0 deletions NEXT.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@
v0.1.23

New:
- `decrypt` accepts a function for supplying certificates for signature verification
- `encrypt` now does not require the `signer` argument
- the result of `decrypt` and `verify` exposes `valid_sigs` for retrieving a list of valid signatures

Changed:
- `verify` now accepts a callback for supplying signing certificates ([#20])
Expand Down
24 changes: 22 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,27 @@ print(f"Encrypted data: {encrypted}")

### decrypt

Decrypts data:
Decrypts plain data:

```python
from pysequoia import decrypt

sender = Cert.from_file("no-passwd.pgp")
receiver = Cert.from_file("passwd.pgp")

content = "Red Green Blue"

encrypted = encrypt(recipients = [receiver], bytes = content.encode("utf8"))

decrypted = decrypt(decryptor = receiver.secrets.decryptor("hunter22"), bytes = encrypted)

assert content == decrypted.bytes.decode("utf8");

# this message did not contain any valid signatures
assert len(decrypted.valid_sigs) == 0
```

Decrypt can also verify signatures while decrypting:

```python
from pysequoia import decrypt
Expand All @@ -149,7 +169,7 @@ def get_certs(key_ids):
decrypted = decrypt(decryptor = receiver.secrets.decryptor("hunter22"), bytes = encrypted, store = get_certs)

assert content == decrypted.bytes.decode("utf8");
print(decrypted.valid_sigs)

# let's check the valid signature's certificate and signing subkey fingerprints
assert decrypted.valid_sigs[0].certificate == sender.fingerprint
assert decrypted.valid_sigs[0].signing_key == sender.fingerprint
Expand Down
9 changes: 5 additions & 4 deletions src/encrypt.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@ use crate::signer::PySigner;

#[pyfunction]
pub fn encrypt(
signer: PySigner,
recipients: Vec<PyRef<Cert>>,
bytes: &[u8],
signer: Option<PySigner>,
) -> PyResult<Cow<'static, [u8]>> {
let mode = KeyFlags::empty()
.set_storage_encryption()
Expand Down Expand Up @@ -66,7 +66,7 @@ pub fn encrypt(

let message = Armorer::new(message).build()?;

let message = Encryptor::for_recipients(
let mut message = Encryptor::for_recipients(
message,
recipient_keys
.iter()
Expand All @@ -75,8 +75,9 @@ pub fn encrypt(
.build()
.context("Failed to create encryptor")?;

let message = Signer::new(message, signer).build()?;

if let Some(signer) = signer {
message = Signer::new(message, signer).build()?;
}
let mut message = LiteralWriter::new(message)
.build()
.context("Failed to create literal writer")?;
Expand Down

0 comments on commit cb4c097

Please sign in to comment.