gpgme/lang/python/examples/howto/local-sign-group.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

from __future__ import absolute_import, division, unicode_literals

import gpg
import os.path
import subprocess
import sys

from groups import group_lists

# Copyright (C) 2018 Ben McGinnes <ben@gnupg.org>
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU Lesser General Public License as published by the Free
# Software Foundation; either version 2.1 of the License, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU General Public License and the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU General Public License and the GNU
# Lesser General Public along with this program; if not, see
# <https://www.gnu.org/licenses/>.

print("""
This script applies a local signature or certification to every key in a group.

Usage: local-sign-group.py <group name> [signing keyid] [gnupg homedir]
""")

c = gpg.Context(armor=True)
mkfpr = None
defkey_fpr = None
enckey_fpr = None
to_certify = []

if len(sys.argv) >= 4:
    clique = sys.argv[1]
    sigkey = sys.argv[2]
    homedir = sys.argv[3]
elif len(sys.argv) == 3:
    clique = sys.argv[1]
    sigkey = sys.argv[2]
    homedir = input("Enter the GPG configuration directory path (optional): ")
elif len(sys.argv) == 2:
    clique = sys.argv[1]
    sigkey = input("Enter the key ID to sign with (conditionally optional): ")
    homedir = input("Enter the GPG configuration directory path (optional): ")
else:
    clique = input("Enter the group matching the key(s) to locally sign: ")
    sigkey = input("Enter the key ID to sign with (conditionally optional): ")
    homedir = input("Enter the GPG configuration directory path (optional): ")

if len(homedir) == 0:
    homedir = None
elif homedir.startswith("~"):
    userdir = os.path.expanduser(homedir)
    if os.path.exists(userdir) is True:
        homedir = os.path.realpath(userdir)
    else:
        homedir = None
else:
    homedir = os.path.realpath(homedir)

if homedir is not None and os.path.exists(homedir) is False:
    homedir = None
elif homedir is not None and os.path.exists(homedir) is True:
    if os.path.isdir(homedir) is False:
        homedir = None
    else:
        pass

if homedir is not None:
    c.home_dir = homedir
else:
    pass

if len(sigkey) == 0:
    sigkey = None
else:
    pass

if sys.platform == "win32":
    gpgconfcmd = "gpgconf.exe --list-options gpg"
else:
    gpgconfcmd = "gpgconf --list-options gpg"

try:
    lines = subprocess.getoutput(gpgconfcmd).splitlines()
except:
    process = subprocess.Popen(gpgconfcmd.split(), stdout=subprocess.PIPE)
    procom = process.communicate()
    if sys.version_info[0] == 2:
        lines = procom[0].splitlines()
    else:
        lines = procom[0].decode().splitlines()

for i in range(len(lines)):
    if lines[i].startswith("default-key") is True:
        dline = lines[i]
    elif lines[i].startswith("encrypt-to") is True:
        eline = lines[i]
    else:
        pass

defkey_fpr = dline.split(":")[-1].replace('"', '').split(',')[0].upper()
enckey_fpr = eline.split(":")[-1].replace('"', '').split(',')[0].upper()

try:
    dkey = c.keylist(pattern=defkey_fpr, secret=True)
    dk = list(dkey)
except Exception as de:
    print(de)
    dk = None
    print("No valid default key.")

try:
    ekey = c.keylist(pattern=defkey_fpr, secret=True)
    ek = list(ekey)
except Exception as ee:
    print(ee)
    ek = None
    print("No valid always encrypt to key.")

if sigkey is not None:
    mykey = c.keylist(pattern=sigkey, secret=True)
    mk = list(mykey)
    mkfpr = mk[0].fpr.upper()
    c.signers = mk
else:
    if dk is None and ek is not None:
        c.signers = ek
    else:
        pass

for group in group_lists:
    if group[0] == clique:
        for logrus in group[1]:
            khole = c.keylist(pattern=logrus)
            k = list(khole)
            to_certify.append(k[0].fpr.upper())
    else:
        pass

if mkfpr is not None:
    if to_certify.count(mkfpr) > 0:
        for n in range(to_certify.count(mkfpr)):
            to_certify.remove(mkfpr)
    else:
        pass
else:
    pass

if defkey_fpr is not None:
    if to_certify.count(defkey_fpr) > 0:
        for n in range(to_certify.count(defkey_fpr)):
            to_certify.remove(defkey_fpr)
    else:
        pass
else:
    pass

if enckey_fpr is not None:
    if to_certify.count(enckey_fpr) > 0:
        for n in range(to_certify.count(enckey_fpr)):
            to_certify.remove(enckey_fpr)
    else:
        pass
else:
    pass

for fpr in to_certify:
    key = c.get_key(fpr)
    c.key_sign(key, uids=None, expires_in=False, local=True)
example: python bindings * lang/python/examples/howto/local-sign-group.py: locally sign every key in a group line except one's own keys. Intended to address the sort of thing one might see on lists like PGPNET or other closed groups amongst activists, journalists, etc. where everyone encrypts to all recipients, but may not sign everyone's keys publicly.. Signed-off-by: Ben McGinnes <ben@adversary.org> 2018-09-27 12:45:37 +00:00			`#!/usr/bin/env python3`
			`# -- coding: utf-8 --`

			`from __future__ import absolute_import, division, unicode_literals`

			`import gpg`
			`import os.path`
			`import subprocess`
			`import sys`

			`from groups import group_lists`

			`# Copyright (C) 2018 Ben McGinnes <ben@gnupg.org>`
			`#`
			`# This program is free software; you can redistribute it and/or modify it under`
			`# the terms of the GNU General Public License as published by the Free Software`
			`# Foundation; either version 2 of the License, or (at your option) any later`
			`# version.`
			`#`
			`# This program is free software; you can redistribute it and/or modify it under`
			`# the terms of the GNU Lesser General Public License as published by the Free`
			`# Software Foundation; either version 2.1 of the License, or (at your option)`
			`# any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful, but WITHOUT`
			`# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS`
			`# FOR A PARTICULAR PURPOSE. See the GNU General Public License and the GNU`
			`# Lesser General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License and the GNU`
			`# Lesser General Public along with this program; if not, see`
doc: use https:// for www.gnu.org -- Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2018-10-18 03:56:27 +00:00			`# <https://www.gnu.org/licenses/>.`
example: python bindings * lang/python/examples/howto/local-sign-group.py: locally sign every key in a group line except one's own keys. Intended to address the sort of thing one might see on lists like PGPNET or other closed groups amongst activists, journalists, etc. where everyone encrypts to all recipients, but may not sign everyone's keys publicly.. Signed-off-by: Ben McGinnes <ben@adversary.org> 2018-09-27 12:45:37 +00:00
			`print("""`
			`This script applies a local signature or certification to every key in a group.`

			`Usage: local-sign-group.py <group name> [signing keyid] [gnupg homedir]`
			`""")`

			`c = gpg.Context(armor=True)`
			`mkfpr = None`
			`defkey_fpr = None`
			`enckey_fpr = None`
			`to_certify = []`

			`if len(sys.argv) >= 4:`
			`clique = sys.argv[1]`
			`sigkey = sys.argv[2]`
			`homedir = sys.argv[3]`
			`elif len(sys.argv) == 3:`
			`clique = sys.argv[1]`
			`sigkey = sys.argv[2]`
			`homedir = input("Enter the GPG configuration directory path (optional): ")`
			`elif len(sys.argv) == 2:`
			`clique = sys.argv[1]`
			`sigkey = input("Enter the key ID to sign with (conditionally optional): ")`
			`homedir = input("Enter the GPG configuration directory path (optional): ")`
			`else:`
			`clique = input("Enter the group matching the key(s) to locally sign: ")`
			`sigkey = input("Enter the key ID to sign with (conditionally optional): ")`
			`homedir = input("Enter the GPG configuration directory path (optional): ")`

			`if len(homedir) == 0:`
			`homedir = None`
			`elif homedir.startswith("~"):`
			`userdir = os.path.expanduser(homedir)`
			`if os.path.exists(userdir) is True:`
			`homedir = os.path.realpath(userdir)`
			`else:`
			`homedir = None`
			`else:`
			`homedir = os.path.realpath(homedir)`

			`if homedir is not None and os.path.exists(homedir) is False:`
			`homedir = None`
			`elif homedir is not None and os.path.exists(homedir) is True:`
			`if os.path.isdir(homedir) is False:`
			`homedir = None`
			`else:`
			`pass`

			`if homedir is not None:`
			`c.home_dir = homedir`
			`else:`
			`pass`

			`if len(sigkey) == 0:`
			`sigkey = None`
			`else:`
			`pass`

			`if sys.platform == "win32":`
			`gpgconfcmd = "gpgconf.exe --list-options gpg"`
			`else:`
			`gpgconfcmd = "gpgconf --list-options gpg"`

			`try:`
			`lines = subprocess.getoutput(gpgconfcmd).splitlines()`
			`except:`
			`process = subprocess.Popen(gpgconfcmd.split(), stdout=subprocess.PIPE)`
			`procom = process.communicate()`
			`if sys.version_info[0] == 2:`
			`lines = procom[0].splitlines()`
			`else:`
			`lines = procom[0].decode().splitlines()`

			`for i in range(len(lines)):`
			`if lines[i].startswith("default-key") is True:`
			`dline = lines[i]`
			`elif lines[i].startswith("encrypt-to") is True:`
			`eline = lines[i]`
			`else:`
			`pass`

			`defkey_fpr = dline.split(":")[-1].replace('"', '').split(',')[0].upper()`
			`enckey_fpr = eline.split(":")[-1].replace('"', '').split(',')[0].upper()`

example: local signatures * lang/python/examples/howto/local-sign-group.py: added the bit where specifying the signing key is actually used for signing rather than just pruning the list of keys to certify. Signed-off-by: Ben McGinnes <ben@adversary.org> 2018-09-27 13:23:37 +00:00			`try:`
			`dkey = c.keylist(pattern=defkey_fpr, secret=True)`
			`dk = list(dkey)`
			`except Exception as de:`
			`print(de)`
			`dk = None`
			`print("No valid default key.")`

			`try:`
			`ekey = c.keylist(pattern=defkey_fpr, secret=True)`
			`ek = list(ekey)`
			`except Exception as ee:`
			`print(ee)`
			`ek = None`
			`print("No valid always encrypt to key.")`

example: python bindings * lang/python/examples/howto/local-sign-group.py: locally sign every key in a group line except one's own keys. Intended to address the sort of thing one might see on lists like PGPNET or other closed groups amongst activists, journalists, etc. where everyone encrypts to all recipients, but may not sign everyone's keys publicly.. Signed-off-by: Ben McGinnes <ben@adversary.org> 2018-09-27 12:45:37 +00:00			`if sigkey is not None:`
example: local signatures * lang/python/examples/howto/local-sign-group.py: added the bit where specifying the signing key is actually used for signing rather than just pruning the list of keys to certify. Signed-off-by: Ben McGinnes <ben@adversary.org> 2018-09-27 13:23:37 +00:00			`mykey = c.keylist(pattern=sigkey, secret=True)`
example: python bindings * lang/python/examples/howto/local-sign-group.py: locally sign every key in a group line except one's own keys. Intended to address the sort of thing one might see on lists like PGPNET or other closed groups amongst activists, journalists, etc. where everyone encrypts to all recipients, but may not sign everyone's keys publicly.. Signed-off-by: Ben McGinnes <ben@adversary.org> 2018-09-27 12:45:37 +00:00			`mk = list(mykey)`
			`mkfpr = mk[0].fpr.upper()`
example: local signatures * lang/python/examples/howto/local-sign-group.py: added the bit where specifying the signing key is actually used for signing rather than just pruning the list of keys to certify. Signed-off-by: Ben McGinnes <ben@adversary.org> 2018-09-27 13:23:37 +00:00			`c.signers = mk`
example: python bindings * lang/python/examples/howto/local-sign-group.py: locally sign every key in a group line except one's own keys. Intended to address the sort of thing one might see on lists like PGPNET or other closed groups amongst activists, journalists, etc. where everyone encrypts to all recipients, but may not sign everyone's keys publicly.. Signed-off-by: Ben McGinnes <ben@adversary.org> 2018-09-27 12:45:37 +00:00			`else:`
example: local signatures * lang/python/examples/howto/local-sign-group.py: added the bit where specifying the signing key is actually used for signing rather than just pruning the list of keys to certify. Signed-off-by: Ben McGinnes <ben@adversary.org> 2018-09-27 13:23:37 +00:00			`if dk is None and ek is not None:`
			`c.signers = ek`
			`else:`
			`pass`
example: python bindings * lang/python/examples/howto/local-sign-group.py: locally sign every key in a group line except one's own keys. Intended to address the sort of thing one might see on lists like PGPNET or other closed groups amongst activists, journalists, etc. where everyone encrypts to all recipients, but may not sign everyone's keys publicly.. Signed-off-by: Ben McGinnes <ben@adversary.org> 2018-09-27 12:45:37 +00:00
			`for group in group_lists:`
			`if group[0] == clique:`
			`for logrus in group[1]:`
			`khole = c.keylist(pattern=logrus)`
			`k = list(khole)`
			`to_certify.append(k[0].fpr.upper())`
			`else:`
			`pass`

			`if mkfpr is not None:`
			`if to_certify.count(mkfpr) > 0:`
			`for n in range(to_certify.count(mkfpr)):`
			`to_certify.remove(mkfpr)`
			`else:`
			`pass`
			`else:`
			`pass`

			`if defkey_fpr is not None:`
			`if to_certify.count(defkey_fpr) > 0:`
			`for n in range(to_certify.count(defkey_fpr)):`
			`to_certify.remove(defkey_fpr)`
			`else:`
			`pass`
			`else:`
			`pass`

			`if enckey_fpr is not None:`
			`if to_certify.count(enckey_fpr) > 0:`
			`for n in range(to_certify.count(enckey_fpr)):`
			`to_certify.remove(enckey_fpr)`
			`else:`
			`pass`
			`else:`
			`pass`

			`for fpr in to_certify:`
			`key = c.get_key(fpr)`
			`c.key_sign(key, uids=None, expires_in=False, local=True)`