ce045a1ef9
* lang/python/examples/howto/local-sign-group.py: added the bit where specifying the signing key is actually used for signing rather than just pruning the list of keys to certify. Signed-off-by: Ben McGinnes <ben@adversary.org>
184 lines
5.0 KiB
Python
Executable File
184 lines
5.0 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
# -*- coding: utf-8 -*-
|
|
|
|
from __future__ import absolute_import, division, unicode_literals
|
|
|
|
import gpg
|
|
import os.path
|
|
import subprocess
|
|
import sys
|
|
|
|
from groups import group_lists
|
|
|
|
# Copyright (C) 2018 Ben McGinnes <ben@gnupg.org>
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify it under
|
|
# the terms of the GNU General Public License as published by the Free Software
|
|
# Foundation; either version 2 of the License, or (at your option) any later
|
|
# version.
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify it under
|
|
# the terms of the GNU Lesser General Public License as published by the Free
|
|
# Software Foundation; either version 2.1 of the License, or (at your option)
|
|
# any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful, but WITHOUT
|
|
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
# FOR A PARTICULAR PURPOSE. See the GNU General Public License and the GNU
|
|
# Lesser General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License and the GNU
|
|
# Lesser General Public along with this program; if not, see
|
|
# <http://www.gnu.org/licenses/>.
|
|
|
|
print("""
|
|
This script applies a local signature or certification to every key in a group.
|
|
|
|
Usage: local-sign-group.py <group name> [signing keyid] [gnupg homedir]
|
|
""")
|
|
|
|
c = gpg.Context(armor=True)
|
|
mkfpr = None
|
|
defkey_fpr = None
|
|
enckey_fpr = None
|
|
to_certify = []
|
|
|
|
if len(sys.argv) >= 4:
|
|
clique = sys.argv[1]
|
|
sigkey = sys.argv[2]
|
|
homedir = sys.argv[3]
|
|
elif len(sys.argv) == 3:
|
|
clique = sys.argv[1]
|
|
sigkey = sys.argv[2]
|
|
homedir = input("Enter the GPG configuration directory path (optional): ")
|
|
elif len(sys.argv) == 2:
|
|
clique = sys.argv[1]
|
|
sigkey = input("Enter the key ID to sign with (conditionally optional): ")
|
|
homedir = input("Enter the GPG configuration directory path (optional): ")
|
|
else:
|
|
clique = input("Enter the group matching the key(s) to locally sign: ")
|
|
sigkey = input("Enter the key ID to sign with (conditionally optional): ")
|
|
homedir = input("Enter the GPG configuration directory path (optional): ")
|
|
|
|
if len(homedir) == 0:
|
|
homedir = None
|
|
elif homedir.startswith("~"):
|
|
userdir = os.path.expanduser(homedir)
|
|
if os.path.exists(userdir) is True:
|
|
homedir = os.path.realpath(userdir)
|
|
else:
|
|
homedir = None
|
|
else:
|
|
homedir = os.path.realpath(homedir)
|
|
|
|
if homedir is not None and os.path.exists(homedir) is False:
|
|
homedir = None
|
|
elif homedir is not None and os.path.exists(homedir) is True:
|
|
if os.path.isdir(homedir) is False:
|
|
homedir = None
|
|
else:
|
|
pass
|
|
|
|
if homedir is not None:
|
|
c.home_dir = homedir
|
|
else:
|
|
pass
|
|
|
|
if len(sigkey) == 0:
|
|
sigkey = None
|
|
else:
|
|
pass
|
|
|
|
if sys.platform == "win32":
|
|
gpgconfcmd = "gpgconf.exe --list-options gpg"
|
|
else:
|
|
gpgconfcmd = "gpgconf --list-options gpg"
|
|
|
|
try:
|
|
lines = subprocess.getoutput(gpgconfcmd).splitlines()
|
|
except:
|
|
process = subprocess.Popen(gpgconfcmd.split(), stdout=subprocess.PIPE)
|
|
procom = process.communicate()
|
|
if sys.version_info[0] == 2:
|
|
lines = procom[0].splitlines()
|
|
else:
|
|
lines = procom[0].decode().splitlines()
|
|
|
|
for i in range(len(lines)):
|
|
if lines[i].startswith("default-key") is True:
|
|
dline = lines[i]
|
|
elif lines[i].startswith("encrypt-to") is True:
|
|
eline = lines[i]
|
|
else:
|
|
pass
|
|
|
|
defkey_fpr = dline.split(":")[-1].replace('"', '').split(',')[0].upper()
|
|
enckey_fpr = eline.split(":")[-1].replace('"', '').split(',')[0].upper()
|
|
|
|
try:
|
|
dkey = c.keylist(pattern=defkey_fpr, secret=True)
|
|
dk = list(dkey)
|
|
except Exception as de:
|
|
print(de)
|
|
dk = None
|
|
print("No valid default key.")
|
|
|
|
try:
|
|
ekey = c.keylist(pattern=defkey_fpr, secret=True)
|
|
ek = list(ekey)
|
|
except Exception as ee:
|
|
print(ee)
|
|
ek = None
|
|
print("No valid always encrypt to key.")
|
|
|
|
if sigkey is not None:
|
|
mykey = c.keylist(pattern=sigkey, secret=True)
|
|
mk = list(mykey)
|
|
mkfpr = mk[0].fpr.upper()
|
|
c.signers = mk
|
|
else:
|
|
if dk is None and ek is not None:
|
|
c.signers = ek
|
|
else:
|
|
pass
|
|
|
|
for group in group_lists:
|
|
if group[0] == clique:
|
|
for logrus in group[1]:
|
|
khole = c.keylist(pattern=logrus)
|
|
k = list(khole)
|
|
to_certify.append(k[0].fpr.upper())
|
|
else:
|
|
pass
|
|
|
|
if mkfpr is not None:
|
|
if to_certify.count(mkfpr) > 0:
|
|
for n in range(to_certify.count(mkfpr)):
|
|
to_certify.remove(mkfpr)
|
|
else:
|
|
pass
|
|
else:
|
|
pass
|
|
|
|
if defkey_fpr is not None:
|
|
if to_certify.count(defkey_fpr) > 0:
|
|
for n in range(to_certify.count(defkey_fpr)):
|
|
to_certify.remove(defkey_fpr)
|
|
else:
|
|
pass
|
|
else:
|
|
pass
|
|
|
|
if enckey_fpr is not None:
|
|
if to_certify.count(enckey_fpr) > 0:
|
|
for n in range(to_certify.count(enckey_fpr)):
|
|
to_certify.remove(enckey_fpr)
|
|
else:
|
|
pass
|
|
else:
|
|
pass
|
|
|
|
for fpr in to_certify:
|
|
key = c.get_key(fpr)
|
|
c.key_sign(key, uids=None, expires_in=False, local=True)
|