Skip to content

Commit

Permalink
Properly encrypt and sign to multiple recipients - will fix #41 (#42)
Browse files Browse the repository at this point in the history 
Refactor envelope.py to support multiple recipient certificates
and to use binary PKCS7 options for encryption

---------

Co-authored-by: G22147 <[email protected]>
  • Loading branch information
@k3mpaxl
k3mpaxl and G22147 authored Jan 7, 2025
1 parent b7cab63 commit 05d7743
Showing 1 changed file with 17 additions and 2 deletions.
19 changes: 17 additions & 2 deletions envelope/envelope.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1335,6 +1335,17 @@ def smime_sign_encrypt(self, email, sign, encrypt):
else:
pubkey = encrypt

certificates = encrypt

recipient_certs = []
for cert in certificates:
try:
c = load_pem_x509_certificate(cert)
except ValueError as e:
raise ValueError("failed to load certificate from file")

recipient_certs.append(c)

try:
pubkey = load_pem_x509_certificate(pubkey)
except ValueError as e:
Expand All @@ -1344,7 +1355,11 @@ def smime_sign_encrypt(self, email, sign, encrypt):
envelope_builder = pkcs7.PKCS7EnvelopeBuilder().set_data(signed_email)
envelope_builder = envelope_builder.add_recipient(pubkey)

options = [pkcs7.PKCS7Options.Text]
for recip in recipient_certs:
envelope_builder = envelope_builder.add_recipient(recip)


options = [pkcs7.PKCS7Options.Binary]
encrypted_email = envelope_builder.encrypt(serialization.Encoding.SMIME, options)
return encrypted_email

Expand Down Expand Up @@ -1397,7 +1412,7 @@ def _encrypt_smime_now(self, email, sign, encrypt: Union[None, bool, bytes, List
output = self.smime_sign_only(email, sign)

elif sign and encrypt:
output = self.smime_sign_encrypt(email, sign, encrypt[0])
output = self.smime_sign_encrypt(email, sign, encrypt)

elif not sign and encrypt:
output = self.smime_encrypt_only(email, encrypt)
Expand Down

0 comments on commit 05d7743

Please sign in to comment.