Pgp
snoop.data.analyzers.pgp
#
Tasks to decrypt gpg email and import keys.
Requires the passphrase be removed from the key and imported into the "gpghome" directory under the collection dataset root.
Functions#
decrypt(data)
#
Runs gpg --decrypt
on the given data with the given collection gpghome
dir.
Source code in snoop/data/analyzers/pgp.py
def decrypt(data):
"""Runs `gpg --decrypt` on the given data with the given collection `gpghome` dir."""
with collections.current().mount_gpghome() as gpghome:
gpghome = pathlib.Path(gpghome)
if not gpghome.exists():
raise SnoopTaskBroken("No gpghome folder", 'gpg_not_configured')
try:
result = subprocess.run(
['gpg', '--home', gpghome, '--decrypt'],
input=data,
check=True,
stdout=subprocess.PIPE,
)
return result.stdout
except subprocess.CalledProcessError as e:
# This may as well be a non-permanent error, but we have no way to tell
if e.output:
output = e.output.decode('latin-1')
else:
output = "(no output)"
raise SnoopTaskBroken('running gpg --decrypt failed: ' + output,
'gpg_decrypt_failed')
import_keys(keydata)
#
Runs gpg --import
on the given key data, to be saved in the collection gpghome
.
This requires that the keydata be with passphrase removed.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
keydata |
|
data supplied to |
required |
Source code in snoop/data/analyzers/pgp.py
def import_keys(keydata):
"""Runs `gpg --import` on the given key data, to be saved in the collection `gpghome`.
This requires that the keydata be with passphrase removed.
Arguments:
keydata: data supplied to `gpg` process stdin
"""
with collections.current().mount_gpghome() as gpghome:
subprocess.run(
['gpg', '--home', gpghome, '--import'],
input=keydata,
check=True,
)
is_encrypted(data)
#
Checks if string data encodes PGP encrypted message.
Only works in the text representation (that begins with -----BEGIN PGP MESSAGE-----
.
any binary encodings will not work.
Source code in snoop/data/analyzers/pgp.py
def is_encrypted(data):
"""Checks if string data encodes PGP encrypted message.
Only works in the text representation (that begins with `-----BEGIN PGP MESSAGE-----`.
any binary encodings will not work.
"""
return b'-----BEGIN PGP MESSAGE-----' in data