* lang/python/examples/howto/local-sign-group.py: added the bit where
specifying the signing key is actually used for signing rather than
just pruning the list of keys to certify.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* lang/python/examples/howto/local-sign-group.py: locally sign every
key in a group line except one's own keys. Intended to address the
sort of thing one might see on lists like PGPNET or other closed
groups amongst activists, journalists, etc. where everyone encrypts
to all recipients, but may not sign everyone's keys publicly..
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Fixed the final assertion to look for what will actually be reported
in that case instead of something else (i.e. it looks for an
IMPORT_ERROR status code).
* Sometimes you really do need or want punctuation in a heading, but
ideally without something else generating whitespace and other
annoyances to go with it.
* Trying a real decimal point instead.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Woumd up the "what's new" section.
* Added an example for sending a key to the keyservers via hkp4py.
* Updated the export key code to use a more complete check for the
$GNUPGHOME location.
* Expanded on the installation and reinstallation troubleshooting
section.
Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Added a What's New section to summarise changes since the last
release. There have been quite a few and some attention does need
to be drawn to some of them.
* Confirming certain issues with some platform builds, especially
BSD/OSX vs. Linux issues which will need to update the installation
troubleshooting guides.
* Added more comprehensive examples using hkp4py and added a couple
more example scripts for protonmail.
Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Mostly tightening up the details on the hkp4py example script.
* Also fixed a typo in the LGPL boiler plate text included in all the
other example scripts for the HOWTO.
* added a new example script to search the keyservers and import the
results, this time using Marcel Fest's hkp4py module.
* Updated the key importing section to match this addition.
* Tested with the current version of hkp4py from github.
Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Confirmed that updates to the tests have significant'y improved that
output.
* Updated some of the additional notes for the section on hkp4py.
** This is in anticipation adding at least import examples using that
module as well. It may also include adding examples of exporting a
key and uploading it to the keyservers.
Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
* src/gpgme.h.in: Obsolete "class" also for Python.
* lang/python/gpgme.i: Silenece a swig warning. Silence a gcc
warning.
Signed-off-by: Werner Koch <wk@gnupg.org>
* Added some material on using the new-ish hkp4py module with GPGME.
* Example code will be added later once a couple of little issues are
addressed.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Sanitized the shell command examples of extraneous whitespace.
* Removed keycount.c as sanitising it is pointless and it will be
generated by Cython when the example is followed.
* Regenerated the .texi version.
* Added new advanced section with an example of using the Python
bindings with CPython code compiled back to C code using Cython.
* Though it may seem a bit counter-intuitive to use the bindings just
to go back to C via a different route, this is not actually stupid.
* Added examples/howto/advanced/cython/ directory.
* Added keycount.pyx, setup.py and the keycount.c file which the first
two generated with Cython. Not including the .so and .o files from
the build.
* Exported the .texi version of the howto for the main docs.
* lang/python/docs/gpgme-python-howto.org: more tweaks and edits,
along with another build of output formats.
* doc/gpgme-python-howto.texi: updated texinfo version for parent docs.
* lang/python/docs/gpgme-python-howto.org: Identified and fixed the
headings which kept generating lines with trailing whitespace when
exporting to Texinfo format and adjusted them to prevent that.
* lang/python/docs/gpgme-python-howto.org: Renamed file to better fit
the rest of the project's docs.
* Added a section on the very unofficial drafts I periodically post
links to since they're often the easiest way to get a web version in
front of someone in a hurry.
* lang/python/docs/GPGMEpythonHOWTOen.org: Added corresponding GPGME
version number to table at the start and cut the shortcut from the
groups.py example.
* doc/gpgme-python-howto.texi: New export of Texinfo file for docs
build.
* lang/python/docs/GPGMEpythonHOWTOen.org: Fixed a few errors in the
newer sections.
* Updated code in the examples using secret key exporting and group
lines to reflect the Python 2.7 compatibility fixes added.
* lang/python/examples/howto/export-secret-keys.py and groups.py:
Updated the backwards compatibility adjustments to account for
unicode differences between python 2 and 3.
* lang/python/examples/howto/groups.py: subprocess update
* lang/python/examples/howto/export-secret-keys.py: subprocess update
Both of these try the nice and easy method of getting the subprocess
output available in Python 3, but will fall back to the older Popen
method if it doesn't work. Essentially this is to be a little nicer
to Python 2.7.15 (even though the examples are filled with warnings
that py2 support is not guaranteed with the examples).
* lang/python/src/core.py: Adjusted new_from_estream function to alias
new_from_stream instead of fd.
* fixed the _gpgme import errors introduced in commit
08cd34afb7 by changing the exported
functions/types to match the inner module where all the work is
done, rather than the outer one(s).
Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
* lang/python/docs/GPGMEpythonHOWTOen.org: Updated links to the
ProtonMail keyserver import scripts and added a warning regarding
being unable to update third party keys.
* lang/python/examples/howto/pmkey-import-alt.py: added usage.
* lang/python/examples/howto/pmkey-import.py: added usage.
* import-key.py: fixed a minor typo.
* pmkey-import.py: locates and imports keys from the ProtonMail keyserver.
* pmkey-import-alt.py: the same as the previous except with setting an
alternative $GNUPGHOME directory.
* Moved the build import back up where it belongs.
* Included comments indicating how to build and install for multiple
Python versions beyond the first 2 on the same system.
* lang/python/version.py.in: Fixed most things, but there's still an
issue near the build portion with the existing Python bugs referenced.
* lang/python/setup.py.in: Now PEP8 compliant.
* PEP8 compliance for all constants except the globals in
src/constants/__init__.py depending on whether the import sequence
affects the globals themselves.
* lang/python/examples/howto/symcrypt-file.py: *sigh*; passphrase was
right the first time, just the error check that wasn't.
* I really should stop second guessing myself one of these days ...
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Ran all the .py files in src/ and below through Yapf.
* Included some manual edits of core.py, this time successfully making
two notorious sections a bit more pythonic than scheming.
* Left the module imports as is.
* This will be committed if it passes the most essential test:
compiling, installing and running it.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* lang/python/tests/Makefile.am,
lang/qt/tests/Makefile.am,
tests/Makefile.am,
tests/gpg/Makefile.am,
tests/gpgsm/Makefile.am,
tests/opassuan/Makefile.am (GNUPGHOME): Make variable explict.
--
If the build directory has too long path, gpgme could fail.
This is similar to
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847206
In order to fix that, this patch extracts the GNUPGHOME variable
to be presented directly in the Makefile and thus overridable by
command line option.
A build system can then create a symlink to the GNUPGHOME directory
in /tmp and use that symlink as the GNUPGHOME directory
thus making the path very short.
GnuPG-Bug-Id: T4091
Patch provided by vlmarek
* Fixed and tested the changes necessary for org-mode to correctly
parse pythonic (Python 3) indentation.
* Updated the source blocks to recommended upper case for BEGIN_SRC
and END_SRC.
* Tested and confirmed XHTML output matches correct examples.
* Tested against pseudo-control output via exporting from org-mode to
org-mode and then exporting that to XHTML. Remaining differences
appear to be discarding the custom tags used to provide X[HT]ML id
elements to each section which does not appear to offer any benefit.
* Exporting directly to XHTML or other HTML output should no longer
cause problems, but if there are any then the first step should be
exporting from org-to-org and then exporting that to XHTML.
Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Another retrofitting of the HOWTO Python example code, this time
following adjustments to python-mode configuration and having
trawled through the org-mode mailing lists for clues.
* Complete typographic overhaul.
* Removed all section level indentation since it does not affect
output formatting, but might affect source code examples.
* In text-mode stripped out all tabs which had crept in and replaced
them with four spaces.
* Updated all code examples (again) to conform with Python-mode.
* Bumped version number in preparation for next release of GPG 2.2.9
and corresponding GPGME release.
* Apparently I am wrong and Scheme is the new Python after all.
* Non-import related PEP8 compliance must wait for another day, though
the other PEP8 fixes remain.
* Changed id/else statements to a more pythonic form from scheme
masquerading as python - sorry Justus, it had to go ;).
* With the added bonus of enabling PEP8 compliance in those sections.
* Fixed remaining PEP8 compliance issues with the exception of the
imports at the beginning of the file (changing those will break the
entire module, so we'll cope with it as it is).
* Bindings confirmed to work with the newly released 3.7.0.
* Updated M4 file to reflect this change and correct the Python binary
search order (3.7 is not yet given priority, but will still be found
first via the more generic python3 executable).
* Updated setup.py.in, bindings documentation and README to reflect this.
* Added a secret key export variant which saves output as both GPG
binary and ASCII armoured, plus saves in $GNUPGHOME and uses
multiple methods of determining what that location is.
* Example of default exporting keys.
* Example of exporting minimised keys.
* Example of exporting secret keys to a file with correct permissions.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* The holy grail: a function to export secret keys.
* GPGME will still invoke pinentry and gpg-agent as usual to authorise
the export.
* Mostly similar to the two previous export functions for public keys
except that it will return None if the result had a length of zero
bytes. Meaning that the difference between the specified pattern
(if any) not matching available keys and an incorrect passphrase is
not able to be determined from this function (or the underlying one
for that matter).
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Updated key_export and key_export_minimal to return None where a
pattern matched no keys in a manner simnilar to the possible result
of key_export_secret.
* Added functions for exporting public keys to gpg.core in both
complete form and in minimised form.
* Rather than letting people need to worry about the export modes we
are simply separating the functions as people would be more familiar
with from the command line usage anyway.
* Functions added for Context are: ctx.key_export_minimal and
ctx.key_export as the default or full export.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Fixed most of the PEP8 errors in core.py
* Those remaining may need more than little edits and are a bit
strange (too clearly the result of a programmer who has spent far
too much time dealing with Lisp so that for Python it looks
... strange).
* Wrapped the key import function in the try/exception statements
needed to catch at least the most likely unsuccessful import attempt
errors.
* Mostly draws on the file error and no data import statuses for
errors, with a couple of exceptions.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* The foundation of a pythonic key import function authored by Jacob
Adams.
* A unit testing script for the same function originally authored by
Tobias Mueller
* Added DCO reference for Jacob Adams to the GPGME AUTHORS file.
* Additional details regarding this patch are available here:
https://dev.gnupg.org/T4001
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Uses the groups module to prepare a list of recipients and encrypt
to those.
* The main version (encrypt-to-group.py) tries to check for invalid
recipients, but still falls back to always trust for the second
encryption attempt.
* The gullible version doesn't try pruning the recipient list at all,
it just tries to encrypt and if it fails, switches straight to
always trust.
* The trustno1 version doesn't use the always trust model at all and
only attempts pruning the list of invalid recipients.
* Another attempt at fixing the org-mode version.
* A proof reader ascertained there were tabs in it instead of whitespace.
* Stripped the lot out and replaced with standard 4 spaces, fixed
every incorrect example ... and it still breaks upon save and/or export.
* Added the reference to the mutt-groups.py script to demonstrate the
groups.py module/code.
* Added a script which demonstrates how the groups module works.
* Script generates Mutt/Neomutt crypt-hooks for every group entry in
gpg.conf, including those entries for multiple keys (Mutt handles
that differently).
* Fixed the groups.py script so it really does what is described (the
old code had the same result for groups, group_lines and
group_lists).
* Updated the corresponding example in the doc to match.
* Updated the decryption example code in the HOWTO and the
corresponding decrypt-file.py script to gracefully handle a
decryption failure. This error will always be triggered when GPGME
is used to try to decrypt an old, MDC-less encrypted message or
file.
* Changed the expiration date for the generated test key to NYE this
century, rather than the NYE this millennium as originally suggested
in job #3815.
* This covers the lifetimes of current users (except, maybe, some very
healthy millennials) as well as the 32-bit clock end date in 2038;
without falling foul of OpenPGP's 2106 expiration.
* lang/python/setup.py.in: Copy gpgme.h instead of parsing it.
--
The python bindings tried to parse deprecated functions
out of gpgme.h. This fails for the current gpgme.h in
that it removes an entire field in the key sig struct (_obsolete_class).
Hence, the fields were off by an int and the bindings accessed struct
members via the wrong offset. That caused python program to crash.
At least on 32bit platforms, the crash can be easily triggered by
accessing key.uids[0].signatures. On 64bit platforms the compiler
probably aligns the struct so that the missing 4 bytes are not noticed.
With this change, the python bindings will expose all functions
that gpgme exposes, including the deprecated ones.
Credits go to Justus Winter for debugging and identying the issue.
Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
GnuPG-bug-id: 3892
* Script to generate a new key with encryption subkey taking input
from interactive prompts.
* Will also take a passphrase via pinentry and uses passphrase caching
of five minutes when used in conjunction with the temp homedir
script.
* Testing the addition of a HTML header set in org-mode in order to
had RSS update links for files.
* This should work with any [X]HTML export from current versions of
Org-Mode, but if it also works on website generated pages then it'll
tick off one of the wishlist itmes.
* Script to create a temporary gnupg homedir in the user's directory
for testing or scripting purposes.
* Creates a hidden directory on POSIX systems with the correct
permissions (700).
* Creates a gpg.conf in that directory containing the same
configuration options as used in the "Danger Mouse" example in the
HOWTO with the correct permissions (600).
* Added GPGME Python bindings HOWTO in Australian/British English.
** en-US "translation" still to be done.
* Added several example scripts comprised of the "Basic Functions"
section of the HOWTO (plus the work-around at the end).
** As these scripts are very basic examples they are released under
both the GPLv2+ and the LGPLv2.1+ (just like GPGME itself).
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Temporarily removing multi-key selection based examples.
* There are a few issues with getting the key selections to play
nicely with gpg.Context().keylist object types.
* Will troubleshoot them separately and restore them when that's
worked out, but I don't want these more complicated examples to
delay merging the HOWTO with master.
* Similar to group-key-selection.py, but does not use an existing
group from gpg.conf; instead takes multiple key IDs, fingerprints or
patterns on the command line and adds them to a keylist object.
* Begins to string together some of the simpler examples to do more
useful things.
* Signs and encrypts a file while encrypting to every key in a group
specified in the gpg.conf file.
* Updated usage so it only references importing the final list of
lists produced. Trying to use some of the mid-points can have
unpredictable results (this is part of the problem with work
arounds).
* Similar to encrypt file except for signing a file in normal mode.
* Noticed additional changes to be made to the howto to match this,
but they will have to wait due to a power outage (currently running
on battery and a mobile connection, but that won't last).
* Added groups selection work around code.
* Intended for use as a module to be imported by other scripts,
usually with "from groups import group_lists" or "from groups import
group_lines" or similar.
* Example to sign and encrypt a file.
* Similar to encrypt-file.py except all keys are considered trusted
and signs with the default key.
* Also encrypts to the default key.
* Example to encrypt a file to a single key.
* Takes key ID and/or fpr as a CLI parameter.
* Takes path and filename as a CLI parameter.
* Encrypts to specified key only, no signing and writes the output in
both ASCII armoured and GPG binary formats with output filenames
based on input filename.
* Added the same license as used with the HOWTO.
* Since these examples are so basic, they'll be dual licensed the same
as GPGME itself (otherwise it would slip too dangerously against the
need for permissive licensing of crypto libraries).
* Added reference to location where all the examples included in the
HOWTO will be available as executable scripts.
* Included a short README file in that location.
* Since we don't want to encourage accessing the low level functions
(e.g. op_encrypt), but since this example can still be useful to
understand, renaming it and will add new encryption examples to
match the instructions in the HOWTO.
* Adjusted the python-gnupg so the comments regarding insecure
invocation of commands via subprocess (shell=True) were a major
historical issue and not a a current issue.
* Not including Vinay Sajip's requested change to say it is now secure
since no audit of the current code base has been performed and my
last major inspection of that code was around the time I first
ported PyME to Python 3 in 2015.
* Checked off several points of howto coverage as completed.
* Reorganised to move S/MIME coverage to its own separate group of tasks.
* Noted only revocation remains for howto completion.
* moved single encrytion examples up to the first ones, pending merge
and major cut.
* This is basically just to make future checks of revisions a little easier.
* Fixed a minor typographic error.
* Bumped version number in preparation for merge with master.
* While there are probably a few more things worthy of being added
(mainly how to revoke things), this document is essentially ready
for publication now.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Added a new user ID for Danger Mouse.
* Removed the empty entry for key preferences since that is handled
through gpg.conf and/or editing the key directly.
