From 22247f658ce2f8e527c26746358cfc2643c4832f Mon Sep 17 00:00:00 2001 From: Ben McGinnes Date: Sun, 25 Mar 2018 10:01:14 +1100 Subject: [PATCH 01/18] doc: python bindings howto * Fixed the plaintext, result and verify_result references in the decryption section. --- lang/python/docs/GPGMEpythonHOWTOen.org | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lang/python/docs/GPGMEpythonHOWTOen.org b/lang/python/docs/GPGMEpythonHOWTOen.org index 1e8dd9fa..4d1124f0 100644 --- a/lang/python/docs/GPGMEpythonHOWTOen.org +++ b/lang/python/docs/GPGMEpythonHOWTOen.org @@ -675,10 +675,10 @@ nfile.write(plaintext) #+end_src - The data available in plaintext in this example is the decrypted - content as a byte object in =plaintext[0]=, the recipient key IDs - and algorithms in =plaintext[1]= and the results of verifying any - signatures of the data in =plaintext[0]=. + The data available in =plaintext= in this example is the decrypted + content as a byte object, the recipient key IDs and algorithms in + =result= and the results of verifying any signatures of the data in + =verify_result=. ** Signing text and files From dde1aae312958776fab475d6c0cdfa19cc255863 Mon Sep 17 00:00:00 2001 From: Ben McGinnes Date: Sun, 25 Mar 2018 11:26:26 +1100 Subject: [PATCH 02/18] script: temporary homedir creation * Script to create a temporary gnupg homedir in the user's directory for testing or scripting purposes. * Creates a hidden directory on POSIX systems with the correct permissions (700). * Creates a gpg.conf in that directory containing the same configuration options as used in the "Danger Mouse" example in the HOWTO with the correct permissions (600). --- .../examples/howto/temp-homedir-config.py | 119 ++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100755 lang/python/examples/howto/temp-homedir-config.py diff --git a/lang/python/examples/howto/temp-homedir-config.py b/lang/python/examples/howto/temp-homedir-config.py new file mode 100755 index 00000000..f49de633 --- /dev/null +++ b/lang/python/examples/howto/temp-homedir-config.py @@ -0,0 +1,119 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, unicode_literals + +# Copyright (C) 2018 Ben McGinnes +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU Lesser General Public License as published by the Free +# Software Foundation; either version 2.1 of the License, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License and the GNU +# Lesser General Public Licensefor more details. +# +# You should have received a copy of the GNU General Public License and the GNU +# Lesser General Public along with this program; if not, see +# . + +import os +import os.path +import sys + +intro = """ +This script creates a temporary directory to use as a homedir for +testing key generation tasks with the correct permissions, along +with a gpg.conf file containing the same configuration options +listed in the HOWTO. + +You may wish to change the order of the cipher preferences or +remove those not relevant to your installation. These +configuration parameters assume that all ciphers and digests are +installed and available rather than limiting to the default +ciphers and digests. + +The script prompts for a directory name to be installed as a hidden +directory in the user's home directory on POSIX systems. So if you +enter "gnupg-temp" on a Linux, BSD or OS X system, it will create +"~/.gnupg-temp" (you do not need to enter the leading dot). + +This script has not been tested on Windows systems and may have +unpredictable results. That said, it will not delete or copy over +existing data. + +If the directory already exists, the script will terminate with a +message telling you to specify a new directory name. There is no +default directory name. +""" + +gpgconf = """# gpg.conf settings for key generation: +expert +allow-freeform-uid +allow-secret-key-import +trust-model tofu+pgp +tofu-default-policy unknown +enable-large-rsa +enable-dsa2 +cert-digest-algo SHA512 +default-preference-list TWOFISH CAMELLIA256 AES256 CAMELLIA192 AES192 CAMELLIA128 AES BLOWFISH IDEA CAST5 3DES SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1 ZLIB BZIP2 ZIP Uncompressed +personal-cipher-preferences TWOFISH CAMELLIA256 AES256 CAMELLIA192 AES192 CAMELLIA128 AES BLOWFISH IDEA CAST5 3DES +personal-digest-preferences SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1 +personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed +""" + +if len(sys.argv) == 1: + print(intro) + new_homedir = input("Enter the temporary gnupg homedir name: ") +elif len(sys.argv) == 2: + new_homedir = sys.argv[1] +else: + new_homedir = " ".join(sys.argv[1:]) + +userdir = os.path.expanduser("~") + +if new_homedir.startswith("~"): + new_homdir.replace("~", "") +else: + pass + +if new_homedir.startswith("/"): + new_homdir.replace("/", "") +else: + pass + +if new_homedir.startswith("."): + new_homdir.replace(".", "_") +else: + pass + +if new_homedir.count(" ") > 0: + new_homedir.replace(" ", "_") +else: + pass + +nh = "{0}/.{1}".format(userdir, new_homedir) + +if os.path.exists(nh) is True: + print("The {0} directory already exists.".format(nh)) +else: + print("Creating the {0} directory.".format(nh)) + os.mkdir(nh) + os.chmod(nh, 0o700) + with open("{0}/{1}".format(nh, "gpg.conf"), "w") as f: + f.write(gpgconf) + os.chmod("{0}/{1}".format(nh, "gpg.conf"), 0o600) + print("""You may now use the {0} directory as an alternative GPG homedir: + +gpg --homedir {0} +gpg --homedir --full-gen-key + +Or with GPGME scripts, including the GPGME Python bindings. +""") From 3b724aae423f2de01812165d54df2a7b524c82f6 Mon Sep 17 00:00:00 2001 From: Ben McGinnes Date: Sun, 25 Mar 2018 11:35:11 +1100 Subject: [PATCH 03/18] doc: python bindings howto * Added a reference to new script which will setup a temporary homedir for a user. --- lang/python/docs/GPGMEpythonHOWTOen.org | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lang/python/docs/GPGMEpythonHOWTOen.org b/lang/python/docs/GPGMEpythonHOWTOen.org index 4d1124f0..08f9ef75 100644 --- a/lang/python/docs/GPGMEpythonHOWTOen.org +++ b/lang/python/docs/GPGMEpythonHOWTOen.org @@ -1091,6 +1091,10 @@ permissions set to only permit access by the directory owner. On posix systems this means setting the directory permissions to 700. + The =temp-homedir-config.py= script in the HOWTO examples directory + will create an alternative homedir with these configuration options + already set and the correct directory and file permissions. + The successful generation of the key can be confirmed via the returned =GenkeyResult= object, which includes the following data: From 40a9dea5d56506400b67b0c11f6e55a1629dc6fe Mon Sep 17 00:00:00 2001 From: Ben McGinnes Date: Sun, 25 Mar 2018 11:54:05 +1100 Subject: [PATCH 04/18] script: temp homedir * Fixed whitespace. --- lang/python/examples/howto/temp-homedir-config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lang/python/examples/howto/temp-homedir-config.py b/lang/python/examples/howto/temp-homedir-config.py index f49de633..368cace1 100755 --- a/lang/python/examples/howto/temp-homedir-config.py +++ b/lang/python/examples/howto/temp-homedir-config.py @@ -51,7 +51,7 @@ existing data. If the directory already exists, the script will terminate with a message telling you to specify a new directory name. There is no -default directory name. +default directory name. """ gpgconf = """# gpg.conf settings for key generation: From 5b32efbaf37920b2e99d4bb87cb383b2809b1688 Mon Sep 17 00:00:00 2001 From: Ben McGinnes Date: Sun, 25 Mar 2018 22:25:52 +1100 Subject: [PATCH 05/18] doc: python bindings howto * Testing the addition of a HTML header set in org-mode in order to had RSS update links for files. * This should work with any [X]HTML export from current versions of Org-Mode, but if it also works on website generated pages then it'll tick off one of the wishlist itmes. --- lang/python/docs/GPGMEpythonHOWTOen.org | 1 + 1 file changed, 1 insertion(+) diff --git a/lang/python/docs/GPGMEpythonHOWTOen.org b/lang/python/docs/GPGMEpythonHOWTOen.org index 08f9ef75..77ddba22 100644 --- a/lang/python/docs/GPGMEpythonHOWTOen.org +++ b/lang/python/docs/GPGMEpythonHOWTOen.org @@ -6,6 +6,7 @@ #+LATEX_HEADER: \usepackage[margin=1in]{geometry} #+LATEX_HEADER: \setmainfont[Ligatures={Common}]{Times New Roman} #+LATEX_HEADER: \author{Ben McGinnes } +#+HTML_HEAD_EXTRA: * Introduction From 1b5da37a47ceef41545e0b2474738613f36be949 Mon Sep 17 00:00:00 2001 From: Ben McGinnes Date: Tue, 27 Mar 2018 12:16:29 +1100 Subject: [PATCH 06/18] script: temp homedir config * added passphrase caching of 5 minutes. --- lang/python/examples/howto/temp-homedir-config.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/lang/python/examples/howto/temp-homedir-config.py b/lang/python/examples/howto/temp-homedir-config.py index 368cace1..ddd79327 100755 --- a/lang/python/examples/howto/temp-homedir-config.py +++ b/lang/python/examples/howto/temp-homedir-config.py @@ -69,6 +69,10 @@ personal-digest-preferences SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1 personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed """ +agentconf = """# gpg-agent.conf settings for key generation: +default-cache-ttl 300 +""" + if len(sys.argv) == 1: print(intro) new_homedir = input("Enter the temporary gnupg homedir name: ") @@ -107,9 +111,12 @@ else: print("Creating the {0} directory.".format(nh)) os.mkdir(nh) os.chmod(nh, 0o700) - with open("{0}/{1}".format(nh, "gpg.conf"), "w") as f: - f.write(gpgconf) + with open("{0}/{1}".format(nh, "gpg.conf"), "w") as f1: + f1.write(gpgconf) os.chmod("{0}/{1}".format(nh, "gpg.conf"), 0o600) + with open("{0}/{1}".format(nh, "gpg-agent.conf"), "w") as f2: + f2.write(gpgconf) + os.chmod("{0}/{1}".format(nh, "gpg-agent.conf"), 0o600) print("""You may now use the {0} directory as an alternative GPG homedir: gpg --homedir {0} From f9159b1d75d3209b1c22bbb0ed4472800b60a522 Mon Sep 17 00:00:00 2001 From: Ben McGinnes Date: Tue, 27 Mar 2018 12:29:08 +1100 Subject: [PATCH 07/18] example: key creation * Script to generate a new key with encryption subkey taking input from interactive prompts. * Will also take a passphrase via pinentry and uses passphrase caching of five minutes when used in conjunction with the temp homedir script. --- lang/python/examples/howto/create-key.py | 95 ++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100755 lang/python/examples/howto/create-key.py diff --git a/lang/python/examples/howto/create-key.py b/lang/python/examples/howto/create-key.py new file mode 100755 index 00000000..429ab1f7 --- /dev/null +++ b/lang/python/examples/howto/create-key.py @@ -0,0 +1,95 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, unicode_literals + +# Copyright (C) 2018 Ben McGinnes +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU Lesser General Public License as published by the Free +# Software Foundation; either version 2.1 of the License, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License and the GNU +# Lesser General Public Licensefor more details. +# +# You should have received a copy of the GNU General Public License and the GNU +# Lesser General Public along with this program; if not, see +# . + +import gpg +import os.path + +print(""" +This script generates a new key which does not expire. + +The gpg-agent and pinentry are invoked to set the passphrase. +""") + +c = gpg.Context() + +homedir = input("Enter the GPG configuration directory path (optional): ") +uid_name = input("Enter the name of the user ID: ") +uid_email = input("Enter the email address of the user ID: ") +uid_cmnt = input("Enter a comment to include (optional): ") +key_algo = input("Enter the key algorithm, RSA or DSA (default is RSA): ") +key_size = input("Enter the key size (2048-4096, default is 2048): ") + +if homedir.startswith("~"): + if os.path.exists(os.path.expanduser(homedir)) is True: + c.home_dir = os.path.expanduser(homedir) + else: + pass +elif os.path.exists(homedir) is True: + c.home_dir = homedir +else: + pass + +if len(uid_cmnt) > 0: + userid = "{0} ({1}) <{2}>".format(uid_name, uid_cmnt, uid_email) +else: + userid = "{0} <{2}>".format(uid_name, uid_email) + +if key_algo.lower() == "dsa": + ka = "dsa" +else: + ka = "rsa" + +if len(key_size) == 4: + try: + ks0 = int(key_size) + except ValueError: + ks0 = None + if ks0 is None: + ks = "2048" + else: + if ks0 < 2048: + ks = "2048" + elif ka == "dsa" and ks0 > 3072: + ks = "3072" + elif ka == "rsa" and ks0 > 4096: + ks = "4096" + else: + ks = key_size +else: + ks = "2048" + +keyalgo = "{0}{1}".format(ka, ks) + +newkey = c.create_key(userid, algorithm=keyalgo, expires=False, + passphrase=True, certify=True) +key = c.get_key(newkey.fpr, secret=True) + +if ka == "rsa": + newsub = c.create_subkey(key, algorithm=keyalgo, expires=False, + passphrase=True, encrypt=True) +else: + newsub = c.create_subkey(key, expires=False, passphrase=True, + encrypt=True) From a2eedef630891397f8eccb5bb426a0728588bf41 Mon Sep 17 00:00:00 2001 From: Ben McGinnes Date: Tue, 27 Mar 2018 12:42:06 +1100 Subject: [PATCH 08/18] doc: python bindings howto * Fixed some minor PEP8 compliance issues in the key creation examples. --- lang/python/docs/GPGMEpythonHOWTOen.org | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lang/python/docs/GPGMEpythonHOWTOen.org b/lang/python/docs/GPGMEpythonHOWTOen.org index 77ddba22..5e1e0abb 100644 --- a/lang/python/docs/GPGMEpythonHOWTOen.org +++ b/lang/python/docs/GPGMEpythonHOWTOen.org @@ -1079,8 +1079,8 @@ c.home_dir = "~/.gnupg-dm" userid = "Danger Mouse " - dmkey = c.create_key(userid, algorithm = "rsa3072", expires_in = 31536000, - sign = True, certify = True) + dmkey = c.create_key(userid, algorithm="rsa3072", expires_in=31536000, + sign=True, certify=True) #+end_src One thing to note here is the use of setting the =c.home_dir= @@ -1173,8 +1173,8 @@ c.home_dir = "~/.gnupg-dm" key = c.get_key(dmkey.fpr, secret = True) - dmsub = c.create_subkey(key, algorithm = "rsa3072", expires_in = 15768000, - encrypt = True) + dmsub = c.create_subkey(key, algorithm="rsa3072", expires_in=15768000, + encrypt=True) #+end_src As with the primary key, the results here can be checked with: @@ -1278,8 +1278,8 @@ uid = "Danger Mouse " dmfpr = "177B7C25DB99745EE2EE13ED026D2F19E99E63AA" - key = c.get_key(dmfpr, secret = True) - c.key_sign(key, uids = uid, expires_in = 2764800) + key = c.get_key(dmfpr, secret=True) + c.key_sign(key, uids=uid, expires_in=2764800) #+end_src From 7c220e387d511b0cf66f99370759c36b729cc444 Mon Sep 17 00:00:00 2001 From: Andre Heinecke Date: Tue, 27 Mar 2018 11:24:55 +0200 Subject: [PATCH 09/18] core: Initialize key return value in gpgme_get_key * src/keylist.c (gpgme_get_key): Set r_key to NULL. -- The c++ bindings and others assumed that r_key is set to NULL on error. This is the behavior gpgme_op_keylist_next also has. Even if it is not specified what happens to r_key on error setting it to NULL should not hurt and is more expected behavior. This directly fixes an uninitialized memory access error in the c++ bindings / Kleopatra: GnuPG-Bug-Id: T3865 And will fix some additional random crashes in Kleopatra and GpgOL. --- src/keylist.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/keylist.c b/src/keylist.c index 7956935b..9c5bd4ea 100644 --- a/src/keylist.c +++ b/src/keylist.c @@ -1269,6 +1269,8 @@ gpgme_get_key (gpgme_ctx_t ctx, const char *fpr, gpgme_key_t *r_key, if (!ctx || !r_key || !fpr) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + *r_key = NULL; + if (strlen (fpr) < 8) /* We have at least a key ID. */ return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); From 4b2fa657d195382d14ac99be40b66327e0fc855c Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 28 Mar 2018 20:50:54 +0200 Subject: [PATCH 10/18] json: Make native messaging work. * src/gpgme-json.c (opt_debug): New. (process_request): Add optional arg nm_mode. In this mode take the request from a "message" object. (native_messaging_repl): Add debug output and call process_request in NM_MODE. (main): Add option --debug. Parse envvar GPGME_JSON_DEBUG as an alternative way to enable this. Use a default log file. -- Note that the default log file is ~/.gnupg/S.gpgme-json.log . Thus to debug a javascript application you should start watchgnupg --time-only --force ~/.gnupg/S.gpgme-json.log in a separate tty and then use GPGME_JSON_DEBUG=1 firefox & to run firefox. Signed-off-by: Werner Koch --- src/gpgme-json.c | 77 ++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 64 insertions(+), 13 deletions(-) diff --git a/src/gpgme-json.c b/src/gpgme-json.c index e38f9d89..e5c84bb7 100644 --- a/src/gpgme-json.c +++ b/src/gpgme-json.c @@ -56,7 +56,8 @@ static char *error_object_string (const char *message, /* True if interactive mode is active. */ static int opt_interactive; - +/* True is debug mode is active. */ +static int opt_debug; /* @@ -754,9 +755,10 @@ op_help (cjson_t request, cjson_t result) /* Process a request and return the response. The response is a newly - * allocated staring or NULL in case of an error. */ + * allocated staring or NULL in case of an error. With NM_MODE set + * the actual request is taken from a "message" object. */ static char * -process_request (const char *request) +process_request (const char *request, int nm_mode) { static struct { const char *op; @@ -770,6 +772,7 @@ process_request (const char *request) { NULL } }; size_t erroff; + cjson_t json_orig; cjson_t json; cjson_t j_tmp, j_op; cjson_t response; @@ -780,7 +783,7 @@ process_request (const char *request) response = xjson_CreateObject (); - json = cJSON_Parse (request, &erroff); + json = json_orig = cJSON_Parse (request, &erroff); if (!json) { log_string (GPGRT_LOGLVL_INFO, request); @@ -788,6 +791,16 @@ process_request (const char *request) error_object (response, "invalid JSON object at offset %zu\n", erroff); goto leave; } + if (nm_mode) + { + json = cJSON_GetObjectItem (json, "message"); + if (!json) + { + log_info ("no \"message\" object in request\n"); + error_object (response, "no \"message\" object in request\n"); + goto leave; + } + } j_tmp = cJSON_GetObjectItem (json, "help"); helpmode = (j_tmp && cjson_is_true (j_tmp)); @@ -844,8 +857,7 @@ process_request (const char *request) } leave: - cJSON_Delete (json); - json = NULL; + cJSON_Delete (json_orig); if (opt_interactive) res = cJSON_Print (response); else @@ -930,7 +942,7 @@ process_meta_commands (const char *request) "\"\\nMeta commands:\\n" " ,help This help\\n" " ,quit Terminate process\"" - "}"); + "}", 0); else if (!strncmp (request, "quit", 4) && (spacep (request+4) || !request[4])) exit (0); else @@ -1029,7 +1041,7 @@ interactive_repl (void) } else if (request) { - response = process_request (request); + response = process_request (request, 0); } xfree (request); request = NULL; @@ -1072,7 +1084,7 @@ interactive_repl (void) } -/* Read and process asingle request. */ +/* Read and process a single request. */ static void read_and_process_single_request (void) { @@ -1093,7 +1105,7 @@ read_and_process_single_request (void) if (request) { xfree (response); - response = process_request (request); + response = process_request (request, 0); if (response) { es_fputs (response, es_stdout); @@ -1126,6 +1138,7 @@ native_messaging_repl (void) * binary mode. */ es_set_binary (es_stdin); es_set_binary (es_stdout); + es_setbuf (es_stdin, NULL); for (;;) { @@ -1149,7 +1162,7 @@ native_messaging_repl (void) { log_error ("error reading request: request too long (%zu MiB)\n", (size_t)nrequest / (1024*1024)); - /* Fixme: Shall we read the request t the bit bucket and + /* Fixme: Shall we read the request to the bit bucket and * return an error reponse or just return an error reponse * and terminate? Needs some testing. */ break; @@ -1181,8 +1194,12 @@ native_messaging_repl (void) } else /* Process request */ { + if (opt_debug) + log_debug ("request='%s'\n", request); xfree (response); - response = process_request (request); + response = process_request (request, 1); + if (opt_debug) + log_debug ("response='%s'\n", response); } nresponse = strlen (response); @@ -1263,12 +1280,18 @@ main (int argc, char *argv[]) enum { CMD_DEFAULT = 0, CMD_INTERACTIVE = 'i', CMD_SINGLE = 's', - CMD_LIBVERSION = 501 + CMD_LIBVERSION = 501, } cmd = CMD_DEFAULT; + enum { + OPT_DEBUG = 600 + }; + static gpgrt_opt_t opts[] = { ARGPARSE_c (CMD_INTERACTIVE, "interactive", "Interactive REPL"), ARGPARSE_c (CMD_SINGLE, "single", "Single request mode"), ARGPARSE_c (CMD_LIBVERSION, "lib-version", "Show library version"), + ARGPARSE_s_n(OPT_DEBUG, "debug", "Flyswatter"), + ARGPARSE_end() }; gpgrt_argparse_t pargs = { &argc, &argv}; @@ -1298,6 +1321,8 @@ main (int argc, char *argv[]) cmd = pargs.r_opt; break; + case OPT_DEBUG: opt_debug = 1; break; + default: pargs.err = ARGPARSE_PRINT_WARNING; break; @@ -1305,6 +1330,29 @@ main (int argc, char *argv[]) } gpgrt_argparse (NULL, &pargs, NULL); + if (!opt_debug) + { + const char *s = getenv ("GPGME_JSON_DEBUG"); + if (s && atoi (s) > 0) + opt_debug = 1; + } + + if (opt_debug) + { + const char *home = getenv ("HOME"); + char *file = xstrconcat ("socket://", + home? home:"/tmp", + "/.gnupg/S.gpgme-json.log", NULL); + log_set_file (file); + xfree (file); + } + + if (opt_debug) + { int i; + for (i=0; argv[i]; i++) + log_debug ("argv[%d]='%s'\n", i, argv[i]); + } + switch (cmd) { case CMD_DEFAULT: @@ -1327,6 +1375,9 @@ main (int argc, char *argv[]) break; } + if (opt_debug) + log_debug ("ready"); + #endif /* This is a modern libgp-error. */ return 0; } From 3345a17dda2222e3c1592235e8a1cd9493192777 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 28 Mar 2018 21:21:10 +0200 Subject: [PATCH 11/18] json: Remove the "message" object thingy again. * src/gpgme-json.c (process_request): Remove 'nm_mode'. -- This was an error in the javascript testing code. Thus the Mozilla specs are correct that the request is send verbatim. Signed-off-by: Werner Koch --- src/gpgme-json.c | 30 +++++++++--------------------- 1 file changed, 9 insertions(+), 21 deletions(-) diff --git a/src/gpgme-json.c b/src/gpgme-json.c index e5c84bb7..5f16daf6 100644 --- a/src/gpgme-json.c +++ b/src/gpgme-json.c @@ -755,10 +755,9 @@ op_help (cjson_t request, cjson_t result) /* Process a request and return the response. The response is a newly - * allocated staring or NULL in case of an error. With NM_MODE set - * the actual request is taken from a "message" object. */ + * allocated string or NULL in case of an error. */ static char * -process_request (const char *request, int nm_mode) +process_request (const char *request) { static struct { const char *op; @@ -772,7 +771,6 @@ process_request (const char *request, int nm_mode) { NULL } }; size_t erroff; - cjson_t json_orig; cjson_t json; cjson_t j_tmp, j_op; cjson_t response; @@ -783,7 +781,7 @@ process_request (const char *request, int nm_mode) response = xjson_CreateObject (); - json = json_orig = cJSON_Parse (request, &erroff); + json = cJSON_Parse (request, &erroff); if (!json) { log_string (GPGRT_LOGLVL_INFO, request); @@ -791,16 +789,6 @@ process_request (const char *request, int nm_mode) error_object (response, "invalid JSON object at offset %zu\n", erroff); goto leave; } - if (nm_mode) - { - json = cJSON_GetObjectItem (json, "message"); - if (!json) - { - log_info ("no \"message\" object in request\n"); - error_object (response, "no \"message\" object in request\n"); - goto leave; - } - } j_tmp = cJSON_GetObjectItem (json, "help"); helpmode = (j_tmp && cjson_is_true (j_tmp)); @@ -857,7 +845,7 @@ process_request (const char *request, int nm_mode) } leave: - cJSON_Delete (json_orig); + cJSON_Delete (json); if (opt_interactive) res = cJSON_Print (response); else @@ -942,7 +930,7 @@ process_meta_commands (const char *request) "\"\\nMeta commands:\\n" " ,help This help\\n" " ,quit Terminate process\"" - "}", 0); + "}"); else if (!strncmp (request, "quit", 4) && (spacep (request+4) || !request[4])) exit (0); else @@ -1041,7 +1029,7 @@ interactive_repl (void) } else if (request) { - response = process_request (request, 0); + response = process_request (request); } xfree (request); request = NULL; @@ -1105,7 +1093,7 @@ read_and_process_single_request (void) if (request) { xfree (response); - response = process_request (request, 0); + response = process_request (request); if (response) { es_fputs (response, es_stdout); @@ -1138,7 +1126,7 @@ native_messaging_repl (void) * binary mode. */ es_set_binary (es_stdin); es_set_binary (es_stdout); - es_setbuf (es_stdin, NULL); + es_setbuf (es_stdin, NULL); /* stdin needs to be unbuffered! */ for (;;) { @@ -1197,7 +1185,7 @@ native_messaging_repl (void) if (opt_debug) log_debug ("request='%s'\n", request); xfree (response); - response = process_request (request, 1); + response = process_request (request); if (opt_debug) log_debug ("response='%s'\n", response); } From 5cd419341807d8ae23fec7bd9bb7025a8a2dcb3c Mon Sep 17 00:00:00 2001 From: Ben McGinnes Date: Thu, 29 Mar 2018 06:36:14 +1100 Subject: [PATCH 12/18] example: add user ID * Added script to add a UID to an existing key. --- lang/python/examples/howto/add-userid.py | 62 ++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100755 lang/python/examples/howto/add-userid.py diff --git a/lang/python/examples/howto/add-userid.py b/lang/python/examples/howto/add-userid.py new file mode 100755 index 00000000..b8689792 --- /dev/null +++ b/lang/python/examples/howto/add-userid.py @@ -0,0 +1,62 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, unicode_literals + +# Copyright (C) 2018 Ben McGinnes +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU Lesser General Public License as published by the Free +# Software Foundation; either version 2.1 of the License, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License and the GNU +# Lesser General Public Licensefor more details. +# +# You should have received a copy of the GNU General Public License and the GNU +# Lesser General Public along with this program; if not, see +# . + +import gpg +import os.path + +print(""" +This script adds a new user ID to an existing key. + +The gpg-agent and pinentry are invoked to enter the passphrase. +""") + +c = gpg.Context() + +homedir = input("Enter the GPG configuration directory path (optional): ") +fpr0 = input("Enter the fingerprint of the key to modify: ") +uid_name = input("Enter the name of the user ID: ") +uid_email = input("Enter the email address of the user ID: ") +uid_cmnt = input("Enter a comment to include (optional): ") + +if homedir.startswith("~"): + if os.path.exists(os.path.expanduser(homedir)) is True: + c.home_dir = os.path.expanduser(homedir) + else: + pass +elif os.path.exists(homedir) is True: + c.home_dir = homedir +else: + pass + +fpr = "".join(fpr0.split()) + +if len(uid_cmnt) > 0: + userid = "{0} ({1}) <{2}>".format(uid_name, uid_cmnt, uid_email) +else: + userid = "{0} <{2}>".format(uid_name, uid_email) + +key = c.get_key(fpr, secret=True) +c.key_add_uid(key, userid) From 2f507b045909d32bf29d23da04db02b078e5fb9d Mon Sep 17 00:00:00 2001 From: Ben McGinnes Date: Thu, 29 Mar 2018 07:22:37 +1100 Subject: [PATCH 13/18] docs python bindings howto * PEP8 compliance: a collection of minor edits across multiple example code snippets. --- lang/python/docs/GPGMEpythonHOWTOen.org | 35 ++++++++++++++----------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/lang/python/docs/GPGMEpythonHOWTOen.org b/lang/python/docs/GPGMEpythonHOWTOen.org index 5e1e0abb..1be93691 100644 --- a/lang/python/docs/GPGMEpythonHOWTOen.org +++ b/lang/python/docs/GPGMEpythonHOWTOen.org @@ -165,7 +165,7 @@ This package is the origin of these bindings, though they are somewhat different now. For details of when and how the PyME package was folded back into GPGME itself see the /Short History/ - document[fn:1] in this Python bindings =docs= directory.[fn:2] + document[fn:1] in the Python bindings =docs= directory.[fn:2] The PyME package was first released in 2002 and was also the first attempt to implement a low level binding to GPGME. In doing so it @@ -537,8 +537,7 @@ c = gpg.Context(armor=True) rkey = list(c.keylist(pattern=a_key, secret=False)) ciphertext, result, sign_result = c.encrypt(text, recipients=rkey, - sign=True, always_trust=True, - add_encrypt_to=True) + sign=True, always_trust=True, add_encrypt_to=True) with open("secret_plans.txt.asc", "wb") as afile: afile.write(ciphertext) @@ -589,10 +588,10 @@ logrus.append(rpattern[i]) ciphertext, result, sign_result = c.encrypt(text, recipients=logrus, sign=False, - always_trust=True) + always_trust=True) with open("secret_plans.txt.asc", "wb") as afile: - afile.write(ciphertext) + afile.write(ciphertext) #+end_src All it would take to change the above example to sign the message @@ -601,7 +600,7 @@ #+begin_src python ciphertext, result, sign_result = c.encrypt(text, recipients=logrus, - always_trust=True, + always_trust=True, add_encrypt_to=True) #+end_src @@ -619,7 +618,7 @@ import gpg with open("secret_plans.txt.asc", "rb") as afile: - text = afile.read() + text = afile.read() c = gpg.Context(armor=True) rpattern = list(c.keylist(pattern="@gnupg.org", secret=False)) @@ -630,21 +629,23 @@ logrus.append(rpattern[i]) try: - ciphertext, result, sign_result = c.encrypt(text, recipients=logrus, add_encrypt_to=True) + ciphertext, result, sign_result = c.encrypt(text, recipients=logrus, + add_encrypt_to=True) except gpg.errors.InvalidRecipients as e: for i in range(len(e.recipients)): for n in range(len(logrus)): if logrus[n].fpr == e.recipients[i].fpr: logrus.remove(logrus[n]) - else: - pass + else: + pass try: - ciphertext, result, sign_result = c.encrypt(text, recipients=logrus, add_encrypt_to=True) + ciphertext, result, sign_result = c.encrypt(text, recipients=logrus, + add_encrypt_to=True) except: pass with open("secret_plans.txt.asc", "wb") as afile: - afile.write(ciphertext) + afile.write(ciphertext) #+end_src This will attempt to encrypt to all the keys searched for, then @@ -670,10 +671,12 @@ ciphertext = input("Enter path and filename of encrypted file: ") newfile = input("Enter path and filename of file to save decrypted data to: ") + with open(ciphertext, "rb") as cfile: - plaintext, result, verify_result = gpg.Context().decrypt(cfile) + plaintext, result, verify_result = gpg.Context().decrypt(cfile) + with open(newfile, "wb") as nfile: - nfile.write(plaintext) + nfile.write(plaintext) #+end_src The data available in =plaintext= in this example is the decrypted @@ -1172,7 +1175,7 @@ c = gpg.Context() c.home_dir = "~/.gnupg-dm" - key = c.get_key(dmkey.fpr, secret = True) + key = c.get_key(dmkey.fpr, secret=True) dmsub = c.create_subkey(key, algorithm="rsa3072", expires_in=15768000, encrypt=True) #+end_src @@ -1223,7 +1226,7 @@ c.home_dir = "~/.gnupg-dm" dmfpr = "177B7C25DB99745EE2EE13ED026D2F19E99E63AA" - key = c.get_key(dmfpr, secret = True) + key = c.get_key(dmfpr, secret=True) uid = "Danger Mouse " c.key_add_uid(key, uid) From 5a553f5a317e5ad5ab0274d58854df1ecf390e0d Mon Sep 17 00:00:00 2001 From: Ben McGinnes Date: Thu, 29 Mar 2018 09:22:17 +1100 Subject: [PATCH 14/18] doc: python bindings howto * Fixed a typo. --- lang/python/docs/GPGMEpythonHOWTOen.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lang/python/docs/GPGMEpythonHOWTOen.org b/lang/python/docs/GPGMEpythonHOWTOen.org index 1be93691..4cd4098b 100644 --- a/lang/python/docs/GPGMEpythonHOWTOen.org +++ b/lang/python/docs/GPGMEpythonHOWTOen.org @@ -1259,7 +1259,7 @@ The =key_sign= method takes four arguments: =key=, =uids=, =expires_in= and =local=. The default value of =uids= is =None= and which results in all user IDs being selected. The default - values of =expires_in= snd =local= is =False=; which result in the + values of =expires_in= and =local= is =False=; which result in the signature never expiring and being able to be exported. The =key= is the key being signed rather than the key doing the From 56bbfd39acea90eb87a28b11a515b0314cdda54c Mon Sep 17 00:00:00 2001 From: Ben McGinnes Date: Thu, 29 Mar 2018 09:49:08 +1100 Subject: [PATCH 15/18] example: key signing * Added script for signing or certifying keys. --- lang/python/examples/howto/sign-key.py | 63 ++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100755 lang/python/examples/howto/sign-key.py diff --git a/lang/python/examples/howto/sign-key.py b/lang/python/examples/howto/sign-key.py new file mode 100755 index 00000000..b1afe13c --- /dev/null +++ b/lang/python/examples/howto/sign-key.py @@ -0,0 +1,63 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, unicode_literals + +# Copyright (C) 2018 Ben McGinnes +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU Lesser General Public License as published by the Free +# Software Foundation; either version 2.1 of the License, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License and the GNU +# Lesser General Public Licensefor more details. +# +# You should have received a copy of the GNU General Public License and the GNU +# Lesser General Public along with this program; if not, see +# . + +import gpg +import os.path + +print(""" +This script signs or certifies a key. + +The gpg-agent and pinentry are invoked to enter the passphrase. +""") + +c = gpg.Context() + +homedir = input("Enter the GPG configuration directory path (optional): ") +fpr0 = input("Enter the fingerprint of the key to sign: ") +userid = input("Enter the UID to sign (case sensitive, optional): ") +sig_type = input("Enter the certification type (local or normal): ") + +if homedir.startswith("~"): + if os.path.exists(os.path.expanduser(homedir)) is True: + c.home_dir = os.path.expanduser(homedir) + else: + pass +elif os.path.exists(homedir) is True: + c.home_dir = homedir +else: + pass + +fpr = "".join(fpr0.split()) +key = c.get_key(fpr, secret=False) + +if len(userid) > 0 and sig_type.lower() == "local": + c.key_sign(key, uids=userid, local=True) +elif len(userid) > 0 and sig_type.lower() != "local": + c.key_sign(key, uids=userid) +elif len(userid) == 0 and sig_type.lower() == "local": + c.key_sign(key, local=True) +else: + c.key_sign(key) From d65864989c0560b5f51cb8d05d9ea9f1957b453e Mon Sep 17 00:00:00 2001 From: Ben McGinnes Date: Thu, 29 Mar 2018 10:16:07 +1100 Subject: [PATCH 16/18] docs: python bindings howto * Added section on revoking UIDs. --- lang/python/docs/GPGMEpythonHOWTOen.org | 78 +++++++++++++++++-------- 1 file changed, 53 insertions(+), 25 deletions(-) diff --git a/lang/python/docs/GPGMEpythonHOWTOen.org b/lang/python/docs/GPGMEpythonHOWTOen.org index 4cd4098b..d51eb11b 100644 --- a/lang/python/docs/GPGMEpythonHOWTOen.org +++ b/lang/python/docs/GPGMEpythonHOWTOen.org @@ -1214,38 +1214,66 @@ :CUSTOM_ID: keygen-uids :END: - By comparison to creating primary keys and subkeys, adding a new - user ID to an existing key is much simpler. The method used to do - this is =key_add_uid= and the only arguments it takes are for the - =key= and the new =uid=. - #+begin_src python - import gpg +*** Adding User IDs + :PROPERTIES: + :CUSTOM_ID: keygen-uids-add + :END: - c = gpg.Context() - c.home_dir = "~/.gnupg-dm" + By comparison to creating primary keys and subkeys, adding a new + user ID to an existing key is much simpler. The method used to do + this is =key_add_uid= and the only arguments it takes are for the + =key= and the new =uid=. - dmfpr = "177B7C25DB99745EE2EE13ED026D2F19E99E63AA" - key = c.get_key(dmfpr, secret=True) - uid = "Danger Mouse " + #+begin_src python + import gpg - c.key_add_uid(key, uid) - #+end_src + c = gpg.Context() + c.home_dir = "~/.gnupg-dm" - Unsurprisingly the result of this is: + dmfpr = "177B7C25DB99745EE2EE13ED026D2F19E99E63AA" + key = c.get_key(dmfpr, secret=True) + uid = "Danger Mouse " - #+begin_src shell - bash-4.4$ gpg --homedir ~/.gnupg-dm -K - ~/.gnupg-dm/pubring.kbx - ---------------------- - sec rsa3072 2018-03-15 [SC] [expires: 2019-03-15] - 177B7C25DB99745EE2EE13ED026D2F19E99E63AA - uid [ultimate] Danger Mouse - uid [ultimate] Danger Mouse - ssb rsa3072 2018-03-15 [E] [expires: 2018-09-13] + c.key_add_uid(key, uid) + #+end_src - bash-4.4$ - #+end_src + Unsurprisingly the result of this is: + + #+begin_src shell + bash-4.4$ gpg --homedir ~/.gnupg-dm -K + ~/.gnupg-dm/pubring.kbx + ---------------------- + sec rsa3072 2018-03-15 [SC] [expires: 2019-03-15] + 177B7C25DB99745EE2EE13ED026D2F19E99E63AA + uid [ultimate] Danger Mouse + uid [ultimate] Danger Mouse + ssb rsa3072 2018-03-15 [E] [expires: 2018-09-13] + + bash-4.4$ + #+end_src + + +*** Revokinging User IDs + :PROPERTIES: + :CUSTOM_ID: keygen-uids-revoke + :END: + + Revoking a user ID is a fairly similar process, except that it + uses the =key_revoke_uid= method. + + #+begin_src python + import gpg + + c = gpg.Context() + c.home_dir = "~/.gnupg-dm" + + dmfpr = "177B7C25DB99745EE2EE13ED026D2F19E99E63AA" + key = c.get_key(dmfpr, secret=True) + uid = "Danger Mouse " + + c.key_revoke_uid(key, uid) + #+end_src ** Key certification From 3b91f6af378ccc37dcf8924cbc157894c35b5192 Mon Sep 17 00:00:00 2001 From: Ben McGinnes Date: Thu, 29 Mar 2018 10:21:52 +1100 Subject: [PATCH 17/18] example: revoke UID * Script to revoke a UID on an existing key. --- lang/python/examples/howto/revoke-userid.py | 62 +++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100755 lang/python/examples/howto/revoke-userid.py diff --git a/lang/python/examples/howto/revoke-userid.py b/lang/python/examples/howto/revoke-userid.py new file mode 100755 index 00000000..7a3d190b --- /dev/null +++ b/lang/python/examples/howto/revoke-userid.py @@ -0,0 +1,62 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, unicode_literals + +# Copyright (C) 2018 Ben McGinnes +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU Lesser General Public License as published by the Free +# Software Foundation; either version 2.1 of the License, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License and the GNU +# Lesser General Public Licensefor more details. +# +# You should have received a copy of the GNU General Public License and the GNU +# Lesser General Public along with this program; if not, see +# . + +import gpg +import os.path + +print(""" +This script revokes a user ID on an existing key. + +The gpg-agent and pinentry are invoked to enter the passphrase. +""") + +c = gpg.Context() + +homedir = input("Enter the GPG configuration directory path (optional): ") +fpr0 = input("Enter the fingerprint of the key to modify: ") +uid_name = input("Enter the name of the user ID: ") +uid_email = input("Enter the email address of the user ID: ") +uid_cmnt = input("Enter a comment to include (optional): ") + +if homedir.startswith("~"): + if os.path.exists(os.path.expanduser(homedir)) is True: + c.home_dir = os.path.expanduser(homedir) + else: + pass +elif os.path.exists(homedir) is True: + c.home_dir = homedir +else: + pass + +fpr = "".join(fpr0.split()) + +if len(uid_cmnt) > 0: + userid = "{0} ({1}) <{2}>".format(uid_name, uid_cmnt, uid_email) +else: + userid = "{0} <{2}>".format(uid_name, uid_email) + +key = c.get_key(fpr, secret=True) +c.key_revoke_uid(key, userid) From 60d7a1e8f625ea0db455bff989534dd52f0650c7 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 29 Mar 2018 15:06:47 +0200 Subject: [PATCH 18/18] json: Build only a dummy if libgpg-error is < 1.28 Signed-off-by: Werner Koch --- src/gpgme-json.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/gpgme-json.c b/src/gpgme-json.c index 5f16daf6..b54d9a8a 100644 --- a/src/gpgme-json.c +++ b/src/gpgme-json.c @@ -41,6 +41,10 @@ #include "cJSON.h" +#if GPGRT_VERSION_NUMBER < 0x011c00 /* 1.28 */ +int main (void){fputs ("Build with Libgpg-error >= 1.28!\n", stderr);return 1;} +#else /* libgpg-error >= 1.28 */ + /* We don't allow a request with more than 64 MiB. */ #define MAX_REQUEST_SIZE (64 * 1024 * 1024) @@ -1369,3 +1373,4 @@ main (int argc, char *argv[]) #endif /* This is a modern libgp-error. */ return 0; } +#endif /* libgpg-error >= 1.28 */