* The holy grail: a function to export secret keys.
* GPGME will still invoke pinentry and gpg-agent as usual to authorise
the export.
* Mostly similar to the two previous export functions for public keys
except that it will return None if the result had a length of zero
bytes. Meaning that the difference between the specified pattern
(if any) not matching available keys and an incorrect passphrase is
not able to be determined from this function (or the underlying one
for that matter).
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Updated key_export and key_export_minimal to return None where a
pattern matched no keys in a manner simnilar to the possible result
of key_export_secret.
* Added functions for exporting public keys to gpg.core in both
complete form and in minimised form.
* Rather than letting people need to worry about the export modes we
are simply separating the functions as people would be more familiar
with from the command line usage anyway.
* Functions added for Context are: ctx.key_export_minimal and
ctx.key_export as the default or full export.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Fixed most of the PEP8 errors in core.py
* Those remaining may need more than little edits and are a bit
strange (too clearly the result of a programmer who has spent far
too much time dealing with Lisp so that for Python it looks
... strange).
* Wrapped the key import function in the try/exception statements
needed to catch at least the most likely unsuccessful import attempt
errors.
* Mostly draws on the file error and no data import statuses for
errors, with a couple of exceptions.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* The foundation of a pythonic key import function authored by Jacob
Adams.
* A unit testing script for the same function originally authored by
Tobias Mueller
* Added DCO reference for Jacob Adams to the GPGME AUTHORS file.
* Additional details regarding this patch are available here:
https://dev.gnupg.org/T4001
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Uses the groups module to prepare a list of recipients and encrypt
to those.
* The main version (encrypt-to-group.py) tries to check for invalid
recipients, but still falls back to always trust for the second
encryption attempt.
* The gullible version doesn't try pruning the recipient list at all,
it just tries to encrypt and if it fails, switches straight to
always trust.
* The trustno1 version doesn't use the always trust model at all and
only attempts pruning the list of invalid recipients.
* Another attempt at fixing the org-mode version.
* A proof reader ascertained there were tabs in it instead of whitespace.
* Stripped the lot out and replaced with standard 4 spaces, fixed
every incorrect example ... and it still breaks upon save and/or export.
* Added the reference to the mutt-groups.py script to demonstrate the
groups.py module/code.
* Added a script which demonstrates how the groups module works.
* Script generates Mutt/Neomutt crypt-hooks for every group entry in
gpg.conf, including those entries for multiple keys (Mutt handles
that differently).
* Fixed the groups.py script so it really does what is described (the
old code had the same result for groups, group_lines and
group_lists).
* Updated the corresponding example in the doc to match.
* Updated the decryption example code in the HOWTO and the
corresponding decrypt-file.py script to gracefully handle a
decryption failure. This error will always be triggered when GPGME
is used to try to decrypt an old, MDC-less encrypted message or
file.
* Changed the expiration date for the generated test key to NYE this
century, rather than the NYE this millennium as originally suggested
in job #3815.
* This covers the lifetimes of current users (except, maybe, some very
healthy millennials) as well as the 32-bit clock end date in 2038;
without falling foul of OpenPGP's 2106 expiration.
* lang/python/setup.py.in: Copy gpgme.h instead of parsing it.
--
The python bindings tried to parse deprecated functions
out of gpgme.h. This fails for the current gpgme.h in
that it removes an entire field in the key sig struct (_obsolete_class).
Hence, the fields were off by an int and the bindings accessed struct
members via the wrong offset. That caused python program to crash.
At least on 32bit platforms, the crash can be easily triggered by
accessing key.uids[0].signatures. On 64bit platforms the compiler
probably aligns the struct so that the missing 4 bytes are not noticed.
With this change, the python bindings will expose all functions
that gpgme exposes, including the deprecated ones.
Credits go to Justus Winter for debugging and identying the issue.
Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
GnuPG-bug-id: 3892
* Script to generate a new key with encryption subkey taking input
from interactive prompts.
* Will also take a passphrase via pinentry and uses passphrase caching
of five minutes when used in conjunction with the temp homedir
script.
* Testing the addition of a HTML header set in org-mode in order to
had RSS update links for files.
* This should work with any [X]HTML export from current versions of
Org-Mode, but if it also works on website generated pages then it'll
tick off one of the wishlist itmes.
* Script to create a temporary gnupg homedir in the user's directory
for testing or scripting purposes.
* Creates a hidden directory on POSIX systems with the correct
permissions (700).
* Creates a gpg.conf in that directory containing the same
configuration options as used in the "Danger Mouse" example in the
HOWTO with the correct permissions (600).
* Added GPGME Python bindings HOWTO in Australian/British English.
** en-US "translation" still to be done.
* Added several example scripts comprised of the "Basic Functions"
section of the HOWTO (plus the work-around at the end).
** As these scripts are very basic examples they are released under
both the GPLv2+ and the LGPLv2.1+ (just like GPGME itself).
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Temporarily removing multi-key selection based examples.
* There are a few issues with getting the key selections to play
nicely with gpg.Context().keylist object types.
* Will troubleshoot them separately and restore them when that's
worked out, but I don't want these more complicated examples to
delay merging the HOWTO with master.
* Similar to group-key-selection.py, but does not use an existing
group from gpg.conf; instead takes multiple key IDs, fingerprints or
patterns on the command line and adds them to a keylist object.
* Begins to string together some of the simpler examples to do more
useful things.
* Signs and encrypts a file while encrypting to every key in a group
specified in the gpg.conf file.
* Updated usage so it only references importing the final list of
lists produced. Trying to use some of the mid-points can have
unpredictable results (this is part of the problem with work
arounds).
* Similar to encrypt file except for signing a file in normal mode.
* Noticed additional changes to be made to the howto to match this,
but they will have to wait due to a power outage (currently running
on battery and a mobile connection, but that won't last).
* Added groups selection work around code.
* Intended for use as a module to be imported by other scripts,
usually with "from groups import group_lists" or "from groups import
group_lines" or similar.
* Example to sign and encrypt a file.
* Similar to encrypt-file.py except all keys are considered trusted
and signs with the default key.
* Also encrypts to the default key.
* Example to encrypt a file to a single key.
* Takes key ID and/or fpr as a CLI parameter.
* Takes path and filename as a CLI parameter.
* Encrypts to specified key only, no signing and writes the output in
both ASCII armoured and GPG binary formats with output filenames
based on input filename.
* Added the same license as used with the HOWTO.
* Since these examples are so basic, they'll be dual licensed the same
as GPGME itself (otherwise it would slip too dangerously against the
need for permissive licensing of crypto libraries).
* Added reference to location where all the examples included in the
HOWTO will be available as executable scripts.
* Included a short README file in that location.
* Since we don't want to encourage accessing the low level functions
(e.g. op_encrypt), but since this example can still be useful to
understand, renaming it and will add new encryption examples to
match the instructions in the HOWTO.
* Adjusted the python-gnupg so the comments regarding insecure
invocation of commands via subprocess (shell=True) were a major
historical issue and not a a current issue.
* Not including Vinay Sajip's requested change to say it is now secure
since no audit of the current code base has been performed and my
last major inspection of that code was around the time I first
ported PyME to Python 3 in 2015.
* Checked off several points of howto coverage as completed.
* Reorganised to move S/MIME coverage to its own separate group of tasks.
* Noted only revocation remains for howto completion.
* moved single encrytion examples up to the first ones, pending merge
and major cut.
* This is basically just to make future checks of revisions a little easier.
* Fixed a minor typographic error.
* Bumped version number in preparation for merge with master.
* While there are probably a few more things worthy of being added
(mainly how to revoke things), this document is essentially ready
for publication now.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Added a new user ID for Danger Mouse.
* Removed the empty entry for key preferences since that is handled
through gpg.conf and/or editing the key directly.
* Clarified which English dialects this is written in.
* Translating to American can happen *after* it's done.
** The Yank version would probably want to change some of the examples
anyway.
* Began the description for normal/default signing.
* Added a section on key selection.
* Included recommendation for using fingerprint when selecting one
specific key.
* Also included the most ironically amusing example of multiple key
selection in a GPG guide. Hey, it's public data ... (heh).
* Added explanation of the ascendance of Python 3 over Python 2 in the
guide to the intro.
* Expanded key selection description so people know what not to
include regarding key IDs with this key selection method.
* During the course of working out the updated signature methods,
determined that key selection (including counting) will beed to be
presented before the basic functions.
* Moved "working with keys" up.
* Added a miscellaneous work-arounds section at the end.
* Included code in said miscellaneous section for accessing the groups
specified in a gpg.conf file.
* It's a bit ugly since it does require subprocess (but not call,
Popen or shell access and only accesses one command).
* updated multi-encryption final example to be complete.
* second example shows most likely method of reading plaintext.
* updated example filenames to stick with running gag
(i.e. secret_plans.txt).
* error corrections.
* multiple typesetting fixes only required due to certain archaic
eccentricities of LaTeX.
* a couple of minor python PEP8 compliance corrections.
* Added a more complicated encryption example with a few variations on
the encryption method to account for untrusted recipient keys,
signing or not signing, including or excluding default keys and so
on.
* Switched from links to some external docs to using footnotes where
necessary.
* Ideally the howto should be as stand alone as possible.
* Also it makes it difficult to convert to another format for
proof-reading if there are links that the conversion can't find.
* Wrote the text description explaining each step in the most basic
encryption operation.
* Will need to include additional examples for encrypting to multiple
recipients using Context().encrypt instead of Context().op_encrypt.
* Added all four signing code examples that are most likely to be
used: armoured, clearsigned, detached armoured and detached binary.
* May remove some examples and just discuss the differences, but it
depends on the way the text is filled out.
* Added sample code for encrypting some text to a single key.
* Basically I'm just lifting existing production code and changing the
key IDs from mine to "0x12345678DEADBEEF" for these first few
examples.
* I'll fill in the text description after.
* Note: due to my regional location, I might split some tasks into
more commits in order to be sure no work gets lost in case of
emergency (or to put it another way: I know Telstra too well to
trust them).
* Added a section for those pythonistas who are too used to web
programming. Stressed that it's not simply not RESTful, it's not
even REST-like.
* Letting me move on to drawing a very loose parallel between a
session and a context. The differences should become obvious in the
subsequent sections.
* Some instructions to include are fairly obvious; as with encryption,
decryption and signature verification.
* Some are a little less obvious.
* This includes the requests received to specifically include subkey
management (adding and revoking subkeys on a primary key that's
being retained.
* Added the UID equivalents to the list, as well as key selection
matters (and may or may not include something for handling group
lines since that involves wrapping a CLI binary).
* Key control documentation and examples requested by Mike Ingle of
confidantmail.org.
* removed one bit of whitespace.
* Marked up references to gpgme.h.
* Fixed one spelling error.
* Removed py2.6 from python search order since even if it is
supported, it shouldn't be encouraged.
* Started work on the GPGME Python bindings HOWTO.
* 1,050 words to begin with at approx. 7.5KB.
* Got as far as installation.
* Includes instruction not to use PyPI for this.
* Set LaTeX headers to enable ligatures and a 12pt font by default.
* Paper size left for regional defaults.
* Using XeLaTeX for easier font control.
* Using default LaTeX font of Latin Main, but that's easy enough to change.
* The developers of Phabricator, the web front-end on dev.gnupg.org
have not implemented renderers for Markdown, Org-Mode or any other
common markdown like language.
* They also refuse to do so.
* Instead they re-invented the wheel and implemented their own version
of Markdown-like thing which is incompatible with everything else.
It is called Remarkup.
* The developers of Phabricator and Remarkup have refused to provide
conversion tools to move files to/from any format to/from Remarkup.
* They expect everyone to learn their new favourite pet project.
* Remarkup may or may not display Org Mode files, but if so then it is
likely to only want to do so as plain text.
* There is an unaffiliated and unofficial project to convert Github
Markdown to Remarkup via Pandoc. This might be adapted for our use,
but requires testing.
* Until then exporting from Org Mode to UTF-8 text is likely the least
worst plan.
* Which means renaming this file to README.org first.
* Removed Markdown style heading underlining.
* Removed in-line file type declaration (which is not correctly parsed
by the web interface on dev.gnupg.org).
* Fixed or updated the most fundamental errors.
* Also included some details on which modules are available on PyPI,
as well as what happened to the PyME commit log.
* Updated TODO.
* The entirety of the old TODO has been replaced with either more
relevant tasks or goals for the examples and a more measured
approach to the docs and why, in this project, Org Mode trumps reST,
even though it's Python through and through.
* lang/python/gpgme.i: copied signature from gpgme.h and defaulted the
value to SEEK_SET.
* lang/python/tests/t-data.py: Added a test for no second argument
--
Having to import the os package when wanting to read a Data object is a
slight annoyance. With SWIG, we can define default parameters. This
change defaults the whence argument to SEEK_SET which is how StringIO
and BytesIO behave.
Signed-off-by: Tobias Mueller <muelli@cryptobitch.de>
* lang/python/tests/Makefile.am: Distinguish target and path.
* tests/gpg/Makefile.am: Ditto.
* tests/gpgsm/Makefile.am: Ditto.
--
GNU Make is powerful enough to match path to target (and vice versa),
but BSD make is not.
GnuPG-bug-id: 3056
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* NEWS: Update.
* lang/python/src/core.py (Context.__read__): New helper function.
(Context.encrypt): Attach partial results to exceptions.
(Context.decrypt): Likewise.
(Context.sign): Likewise.
(Context.verify): Likewise.
* lang/python/src/errors.py (GpgError): Move the core of GPGMEError to
this class, add a nicer interface for it. This makes the errors
thrown by this library more uniform, and allows us to track the
underlying error in synthesized high-level errors.
(GPGMEError): Simplify.
(...): Make sure to call the parent classes' constructor in all other
classes.
--
Attach partial results to errors. Some operations return results even
though they signal an error. Of course this information must be taken
with a grain of salt. But often, this information is useful for
diagnostic uses or to give the user feedback. Since the normal
control flow is disrupted by the exception, the callee can no longer
return results, hence we attach them to the exception objects.
GnuPG-bug-id: 3271
Signed-off-by: Justus Winter <justus@g10code.com>
* NEWS: Update.
* lang/cpp/src/decryptionresult.cpp (DecryptionResult::isDeVs): New
function.
* lang/cpp/src/decryptionresult.h (DecryptionResult::isDeVs): New
prototype.
* lang/cpp/src/verificationresult.cpp (Signature::isDeVs): New
function.
* lang/cpp/src/verificationresult.h (Signature::isDeVs): New
prototype.
* lang/python/src/results.py (DecryptResult): Turn field 'is_de_vs'
into a boolean.
(Signature): Likewise.
* src/decrypt.c (_gpgme_decrypt_status_handler): Handle the new
compliance status line.
* src/verify.c (_gpgme_verify_status_handler): Likewise.
* src/gpgme.h.in (gpgme_status_code_t): Add new status codes for the
new status lines.
* src/keylist.c (parse_pub_field18): Move function to 'util.h'.
(keylist_colon_handler): Adapt callsites.
* src/status-table.c (status_table): Add new status lines.
* src/util.h (PARSE_COMPLIANCE_FLAGS): New macro. This used to be
'parse_pub_field18', but turned into a macro to make it polymorphic.
--
When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD. This information can the be presented to the user.
GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>