gpgme/lang/python/examples/howto/local-sign-group.py
Ben McGinnes ce045a1ef9 example: local signatures
* lang/python/examples/howto/local-sign-group.py: added the bit where
  specifying the signing key is actually used for signing rather than
  just pruning the list of keys to certify.

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-09-27 23:23:37 +10:00

184 lines
5.0 KiB
Python
Executable File

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from __future__ import absolute_import, division, unicode_literals
import gpg
import os.path
import subprocess
import sys
from groups import group_lists
# Copyright (C) 2018 Ben McGinnes <ben@gnupg.org>
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU Lesser General Public License as published by the Free
# Software Foundation; either version 2.1 of the License, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License and the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU General Public License and the GNU
# Lesser General Public along with this program; if not, see
# <http://www.gnu.org/licenses/>.
print("""
This script applies a local signature or certification to every key in a group.
Usage: local-sign-group.py <group name> [signing keyid] [gnupg homedir]
""")
c = gpg.Context(armor=True)
mkfpr = None
defkey_fpr = None
enckey_fpr = None
to_certify = []
if len(sys.argv) >= 4:
clique = sys.argv[1]
sigkey = sys.argv[2]
homedir = sys.argv[3]
elif len(sys.argv) == 3:
clique = sys.argv[1]
sigkey = sys.argv[2]
homedir = input("Enter the GPG configuration directory path (optional): ")
elif len(sys.argv) == 2:
clique = sys.argv[1]
sigkey = input("Enter the key ID to sign with (conditionally optional): ")
homedir = input("Enter the GPG configuration directory path (optional): ")
else:
clique = input("Enter the group matching the key(s) to locally sign: ")
sigkey = input("Enter the key ID to sign with (conditionally optional): ")
homedir = input("Enter the GPG configuration directory path (optional): ")
if len(homedir) == 0:
homedir = None
elif homedir.startswith("~"):
userdir = os.path.expanduser(homedir)
if os.path.exists(userdir) is True:
homedir = os.path.realpath(userdir)
else:
homedir = None
else:
homedir = os.path.realpath(homedir)
if homedir is not None and os.path.exists(homedir) is False:
homedir = None
elif homedir is not None and os.path.exists(homedir) is True:
if os.path.isdir(homedir) is False:
homedir = None
else:
pass
if homedir is not None:
c.home_dir = homedir
else:
pass
if len(sigkey) == 0:
sigkey = None
else:
pass
if sys.platform == "win32":
gpgconfcmd = "gpgconf.exe --list-options gpg"
else:
gpgconfcmd = "gpgconf --list-options gpg"
try:
lines = subprocess.getoutput(gpgconfcmd).splitlines()
except:
process = subprocess.Popen(gpgconfcmd.split(), stdout=subprocess.PIPE)
procom = process.communicate()
if sys.version_info[0] == 2:
lines = procom[0].splitlines()
else:
lines = procom[0].decode().splitlines()
for i in range(len(lines)):
if lines[i].startswith("default-key") is True:
dline = lines[i]
elif lines[i].startswith("encrypt-to") is True:
eline = lines[i]
else:
pass
defkey_fpr = dline.split(":")[-1].replace('"', '').split(',')[0].upper()
enckey_fpr = eline.split(":")[-1].replace('"', '').split(',')[0].upper()
try:
dkey = c.keylist(pattern=defkey_fpr, secret=True)
dk = list(dkey)
except Exception as de:
print(de)
dk = None
print("No valid default key.")
try:
ekey = c.keylist(pattern=defkey_fpr, secret=True)
ek = list(ekey)
except Exception as ee:
print(ee)
ek = None
print("No valid always encrypt to key.")
if sigkey is not None:
mykey = c.keylist(pattern=sigkey, secret=True)
mk = list(mykey)
mkfpr = mk[0].fpr.upper()
c.signers = mk
else:
if dk is None and ek is not None:
c.signers = ek
else:
pass
for group in group_lists:
if group[0] == clique:
for logrus in group[1]:
khole = c.keylist(pattern=logrus)
k = list(khole)
to_certify.append(k[0].fpr.upper())
else:
pass
if mkfpr is not None:
if to_certify.count(mkfpr) > 0:
for n in range(to_certify.count(mkfpr)):
to_certify.remove(mkfpr)
else:
pass
else:
pass
if defkey_fpr is not None:
if to_certify.count(defkey_fpr) > 0:
for n in range(to_certify.count(defkey_fpr)):
to_certify.remove(defkey_fpr)
else:
pass
else:
pass
if enckey_fpr is not None:
if to_certify.count(enckey_fpr) > 0:
for n in range(to_certify.count(enckey_fpr)):
to_certify.remove(enckey_fpr)
else:
pass
else:
pass
for fpr in to_certify:
key = c.get_key(fpr)
c.key_sign(key, uids=None, expires_in=False, local=True)