Feature:: Support for keys without usage flags (#371)

Co-authored-by: James Morris <jmorris@securityinnovation.com>
2021-07-08 14:52:09 -05:00
parent 5534d863b1
commit 50ef17a9b1
4 changed files with 42 additions and 1 deletions
--- a/docs/source/examples/actions.rst
+++ b/docs/source/examples/actions.rst
@@ -120,3 +120,24 @@ someone else's public key. That can be done like so::
    # that same passphrase
    dec_message = enc_message.decrypt("S00per_Sekr3t")

+
+Ignoring Usage Flags
+^^^^^^^^^^^^^^^^^^^^
+
+.. warning:: Don't do this unless you're *really* sure you need to!
+
+Sometimes a key is created without the correct usage flags and an error is raised when you try to use the key::
+
+    >>> from pgpy import PGPKey, PGPMessage
+    >>> key, _ = PGPKey.from_file('path/to/key_without_usage_flags.asc')
+    >>> message = PGPMessage.new('secret message')
+    >>> encrypted_phrase = key.encrypt(message)
+    PGPError: Key 0123456789ABCDEF does not have the required usage flag EncryptStorage, EncryptCommunications
+
+To disable this check, set ``_require_usage_flags`` to ``False`` on the key before calling the problem function::
+
+    >>> from pgpy import PGPKey, PGPMessage
+    >>> key, _ = PGPKey.from_file('path/to/key_without_usage_flags.asc')
+    >>> key._require_usage_flags = False
+    >>> message = PGPMessage.new('secret message')
+    >>> encrypted_phrase = key.encrypt(message)
--- a/pgpy/decorators.py
+++ b/pgpy/decorators.py
@@ -93,7 +93,11 @@ class KeyAction(object):
                    break

            else:  # pragma: no cover
-                raise PGPError("Key {keyid:s} does not have the required usage flag {flags:s}".format(**em))
+                warning = "Key {keyid:s} does not have the required usage flag {flags:s}".format(**em)
+                if key._require_usage_flags:
+                    raise PGPError(warning)
+                else:
+                    logging.warning(warning)

        else:
            _key = key
--- a/pgpy/pgp.py
+++ b/pgpy/pgp.py
@@ -1618,6 +1618,7 @@ class PGPKey(Armorable, ParentRef, PGPObject):
        self._signatures = SorteDeque()
        self._uids = SorteDeque()
        self._sibling = None
+        self._require_usage_flags = True

    def __bytearray__(self):
        _bytes = bytearray()
--- a/tests/test_05_actions.py
+++ b/tests/test_05_actions.py
@@ -31,6 +31,7 @@ from pgpy.constants import PubKeyAlgorithm
 from pgpy.constants import RevocationReason
 from pgpy.constants import SignatureType
 from pgpy.constants import SymmetricKeyAlgorithm
+from pgpy.errors import PGPError
 from pgpy.packet import Packet
 from pgpy.packet.packets import PrivKeyV4
 from pgpy.packet.packets import PrivSubKeyV4
@@ -978,3 +979,17 @@ class TestPGPKey_Actions(object):
            warnings.simplefilter('ignore')
            dmsg = seckey.decrypt(emsg)
        assert bytes(dmsg.message) == b"This message will have been encrypted"
+
+    def test_ignore_flags(self):
+        # Test that ignoring key flags works properly
+        pubkey, _ = PGPKey.from_file('tests/testdata/keys/targette.pub.rsa.asc')
+        msg = PGPMessage.new('secret message')
+
+        with pytest.raises(PGPError):
+            pubkey.encrypt(msg)
+
+        pubkey._require_usage_flags = False
+        try:
+            pubkey.encrypt(msg)
+        except PGPError as e:
+            pytest.fail("Unexpected exception raised: {}".format(e))