[git] GPGME - branch, master, updated. gpgme-1.11.1-310-gce045a1
by Ben McGinnes
cvs at cvs.gnupg.org
Thu Sep 27 15:25:09 CEST 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".
The branch, master has been updated
via ce045a1ef9c63042fcffb5487b19646d67addba0 (commit)
via a047e0f68ef471097e514665249063f267257b19 (commit)
from 1d40d360bccb05b4c66313a60a902d04a0d3c9ff (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ce045a1ef9c63042fcffb5487b19646d67addba0
Author: Ben McGinnes <ben at adversary.org>
Date: Thu Sep 27 23:23:37 2018 +1000
example: local signatures
* lang/python/examples/howto/local-sign-group.py: added the bit where
specifying the signing key is actually used for signing rather than
just pruning the list of keys to certify.
Signed-off-by: Ben McGinnes <ben at adversary.org>
diff --git a/lang/python/examples/howto/local-sign-group.py b/lang/python/examples/howto/local-sign-group.py
index 812042d..0353646 100755
--- a/lang/python/examples/howto/local-sign-group.py
+++ b/lang/python/examples/howto/local-sign-group.py
@@ -115,12 +115,32 @@ for i in range(len(lines)):
defkey_fpr = dline.split(":")[-1].replace('"', '').split(',')[0].upper()
enckey_fpr = eline.split(":")[-1].replace('"', '').split(',')[0].upper()
+try:
+ dkey = c.keylist(pattern=defkey_fpr, secret=True)
+ dk = list(dkey)
+except Exception as de:
+ print(de)
+ dk = None
+ print("No valid default key.")
+
+try:
+ ekey = c.keylist(pattern=defkey_fpr, secret=True)
+ ek = list(ekey)
+except Exception as ee:
+ print(ee)
+ ek = None
+ print("No valid always encrypt to key.")
+
if sigkey is not None:
- mykey = c.keylist(pattern=sigkey)
+ mykey = c.keylist(pattern=sigkey, secret=True)
mk = list(mykey)
mkfpr = mk[0].fpr.upper()
+ c.signers = mk
else:
- pass
+ if dk is None and ek is not None:
+ c.signers = ek
+ else:
+ pass
for group in group_lists:
if group[0] == clique:
commit a047e0f68ef471097e514665249063f267257b19
Author: Ben McGinnes <ben at adversary.org>
Date: Thu Sep 27 22:45:37 2018 +1000
example: python bindings
* lang/python/examples/howto/local-sign-group.py: locally sign every
key in a group line except one's own keys. Intended to address the
sort of thing one might see on lists like PGPNET or other closed
groups amongst activists, journalists, etc. where everyone encrypts
to all recipients, but may not sign everyone's keys publicly..
Signed-off-by: Ben McGinnes <ben at adversary.org>
diff --git a/lang/python/examples/howto/local-sign-group.py b/lang/python/examples/howto/local-sign-group.py
new file mode 100755
index 0000000..812042d
--- /dev/null
+++ b/lang/python/examples/howto/local-sign-group.py
@@ -0,0 +1,163 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from __future__ import absolute_import, division, unicode_literals
+
+import gpg
+import os.path
+import subprocess
+import sys
+
+from groups import group_lists
+
+# Copyright (C) 2018 Ben McGinnes <ben at gnupg.org>
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 2 of the License, or (at your option) any later
+# version.
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU Lesser General Public License as published by the Free
+# Software Foundation; either version 2.1 of the License, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License and the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License and the GNU
+# Lesser General Public along with this program; if not, see
+# <http://www.gnu.org/licenses/>.
+
+print("""
+This script applies a local signature or certification to every key in a group.
+
+Usage: local-sign-group.py <group name> [signing keyid] [gnupg homedir]
+""")
+
+c = gpg.Context(armor=True)
+mkfpr = None
+defkey_fpr = None
+enckey_fpr = None
+to_certify = []
+
+if len(sys.argv) >= 4:
+ clique = sys.argv[1]
+ sigkey = sys.argv[2]
+ homedir = sys.argv[3]
+elif len(sys.argv) == 3:
+ clique = sys.argv[1]
+ sigkey = sys.argv[2]
+ homedir = input("Enter the GPG configuration directory path (optional): ")
+elif len(sys.argv) == 2:
+ clique = sys.argv[1]
+ sigkey = input("Enter the key ID to sign with (conditionally optional): ")
+ homedir = input("Enter the GPG configuration directory path (optional): ")
+else:
+ clique = input("Enter the group matching the key(s) to locally sign: ")
+ sigkey = input("Enter the key ID to sign with (conditionally optional): ")
+ homedir = input("Enter the GPG configuration directory path (optional): ")
+
+if len(homedir) == 0:
+ homedir = None
+elif homedir.startswith("~"):
+ userdir = os.path.expanduser(homedir)
+ if os.path.exists(userdir) is True:
+ homedir = os.path.realpath(userdir)
+ else:
+ homedir = None
+else:
+ homedir = os.path.realpath(homedir)
+
+if homedir is not None and os.path.exists(homedir) is False:
+ homedir = None
+elif homedir is not None and os.path.exists(homedir) is True:
+ if os.path.isdir(homedir) is False:
+ homedir = None
+ else:
+ pass
+
+if homedir is not None:
+ c.home_dir = homedir
+else:
+ pass
+
+if len(sigkey) == 0:
+ sigkey = None
+else:
+ pass
+
+if sys.platform == "win32":
+ gpgconfcmd = "gpgconf.exe --list-options gpg"
+else:
+ gpgconfcmd = "gpgconf --list-options gpg"
+
+try:
+ lines = subprocess.getoutput(gpgconfcmd).splitlines()
+except:
+ process = subprocess.Popen(gpgconfcmd.split(), stdout=subprocess.PIPE)
+ procom = process.communicate()
+ if sys.version_info[0] == 2:
+ lines = procom[0].splitlines()
+ else:
+ lines = procom[0].decode().splitlines()
+
+for i in range(len(lines)):
+ if lines[i].startswith("default-key") is True:
+ dline = lines[i]
+ elif lines[i].startswith("encrypt-to") is True:
+ eline = lines[i]
+ else:
+ pass
+
+defkey_fpr = dline.split(":")[-1].replace('"', '').split(',')[0].upper()
+enckey_fpr = eline.split(":")[-1].replace('"', '').split(',')[0].upper()
+
+if sigkey is not None:
+ mykey = c.keylist(pattern=sigkey)
+ mk = list(mykey)
+ mkfpr = mk[0].fpr.upper()
+else:
+ pass
+
+for group in group_lists:
+ if group[0] == clique:
+ for logrus in group[1]:
+ khole = c.keylist(pattern=logrus)
+ k = list(khole)
+ to_certify.append(k[0].fpr.upper())
+ else:
+ pass
+
+if mkfpr is not None:
+ if to_certify.count(mkfpr) > 0:
+ for n in range(to_certify.count(mkfpr)):
+ to_certify.remove(mkfpr)
+ else:
+ pass
+else:
+ pass
+
+if defkey_fpr is not None:
+ if to_certify.count(defkey_fpr) > 0:
+ for n in range(to_certify.count(defkey_fpr)):
+ to_certify.remove(defkey_fpr)
+ else:
+ pass
+else:
+ pass
+
+if enckey_fpr is not None:
+ if to_certify.count(enckey_fpr) > 0:
+ for n in range(to_certify.count(enckey_fpr)):
+ to_certify.remove(enckey_fpr)
+ else:
+ pass
+else:
+ pass
+
+for fpr in to_certify:
+ key = c.get_key(fpr)
+ c.key_sign(key, uids=None, expires_in=False, local=True)
-----------------------------------------------------------------------
Summary of changes:
lang/python/examples/howto/local-sign-group.py | 183 +++++++++++++++++++++++++
1 file changed, 183 insertions(+)
create mode 100755 lang/python/examples/howto/local-sign-group.py
hooks/post-receive
--
GnuPG Made Easy
http://git.gnupg.org
More information about the Gnupg-commits
mailing list