doesn't have some `--batch` mode options to support PGP, but there it
is.
-Pgp-mime is my home-grown solution. It' not very complicated really,
+Pgp-mime is my home-grown solution. It's not very complicated really,
just implementing the [RFC 3156][] specs in [[Python]]. It's been
through a number of iterations over the years, and now (2012) I think
the interface has matured to the point of actually being useful to
-other people as well ;). [[Email me|contact]] with (encrypted!)
-feedback.
+other people as well ;).
+
+While there are [some other GnuPG wrappers][wrappers] for Python, my
+wrappers are the only ones using [the Assuan protocol][assuan] (via my
+[[pyassuan]]) to communicate with [gpgme-tool][]. All the other
+interfaces spawn `gpg` directly (e.g. using the [subprocess][]
+module), and scrape its output, which is not ideal.
+
+Pgp-mime still uses `subprocess` to spawn `gpgme-tool`, but I'm
+currently working with the GnuPG folks to get a proper socket
+interface which would put `gpgme-tool` on par with `gpg-agent`. Then
+pgp-mime could drop all the `subprocess` stuff, which would make
+things more robust. I'm also waiting on Python 3.3 to get support for
+[sendmsg][] and [recvmsg][] in Python's [socket][] module, which would
+allow me to pass file descriptors to a persistent, external
+`gpgme-tool`.
The `README` is posted on the [PyPI page][pypi].
+[[Email me|contact]] with (encrypted!) feedback.
+
[RFC 3156]: http://www.ietf.org/rfc/rfc3156.txt
[pypi]: http://pypi.python.org/pypi/pgp-mime/
+[wrappers]: http://wiki.python.org/moin/GnuPrivacyGuard
+[assuan]: http://www.gnupg.org/documentation/manuals/assuan/
+[gpgme-tool]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=src/gpgme-tool.c;hb=HEAD
+[subprocess]: http://docs.python.org/library/subprocess.html
+[sendmsg]: http://docs.python.org/dev/library/socket.html#socket.socket.sendmsg
+[recvmsg]: http://docs.python.org/dev/library/socket.html#socket.socket.recvmsg
+[socket]: http://docs.python.org/dev/library/socket.html
[[!tag tags/code]]
[[!tag tags/linux]]
I've been trying to come up with a clean way to verify detached
[[PGP]] signatures from [[Python]]. There are [a number of existing
approaches to this problem][wrappers]. Many of them call [gpg][]
-using Python's `multiprocessing` module, but to verify detached
-signatures, you need to send the signature in [on a separate file
-descriptor][enable-special-filenames], and handling that in a way safe
-from deadlocks is difficult. The other approach, taken by [PyMe][] is
-to wrap [GPGME][] using [[SWIG]], which is great as far as it goes,
-but development seems to have stalled, and I find the raw GPGME
-interface excessively complicated.
+using Python's [multiprocessing][] or [subprocess][] modules, but to
+verify detached signatures, you need to send the signature in [on a
+separate file descriptor][enable-special-filenames], and handling that
+in a way safe from deadlocks is difficult. The other approach, taken
+by [PyMe][] is to wrap [GPGME][] using [[SWIG]], which is great as far
+as it goes, but development seems to have stalled, and I find the raw
+GPGME interface excessively complicated.
The GnuPG tools themselves often communicate over sockets using the
[Assuan protocol][assuan], and I'd already written an Assuan server to
-handle pinentry (originally for my [[gpg-agent]] post, not [part of
-pyassuan][pinentry.py]). I though it would be natural if there was a
-[[gpgme-agent]] which would handle cryptographic tasks over this
-protocol, which would make the [[pgp-mime]] implementation easier. In
-order to talk to this (currently hypothetical) agent, I turned my
-pinentry script into the more general pyassuan package. Now using
-Assuan from Python should be as easy (or easier?) than using it from C
-via [libassuan][].
+handle [pinentry][] (originally for my [[gpg-agent]] post, not part of
+pyassuan). I though it would be natural if there was a `gpgme-agent`
+which would handle cryptographic tasks over this protocol, which would
+make the [[pgp-mime]] implementation easier. It turns out that there
+already is such an agent ([gpgme-tool][]), so I turned my pinentry
+script into the more general pyassuan package. Now using Assuan from
+Python should be as easy (or easier?) than using it from C via
+[libassuan][].
The `README` is posted on the [PyPI page][pypi].
[wrappers]: http://wiki.python.org/moin/GnuPrivacyGuard
[gpg]: http://www.gnupg.org/
+[multiprocessing]: http://docs.python.org/library/multiprocessing.html
+[subprocess]: http://docs.python.org/library/subprocess.html
[enable-special-filenames]: http://lists.gnupg.org/pipermail/gnupg-devel/2002-November/019343.html
[PyMe]: http://pyme.sourceforge.net/
[GPGME]: http://www.gnupg.org/related_software/gpgme/
[assuan]: http://www.gnupg.org/documentation/manuals/assuan/
-[pinentry.py]: http://git.tremily.us/?p=pyassuan.git;a=blob;f=bin/pinentry.py;hb=HEAD
+[pinentry]: http://git.tremily.us/?p=pyassuan.git;a=blob;f=bin/pinentry.py;hb=HEAD
+[gpgme-tool]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=src/gpgme-tool.c;hb=HEAD
[libassuan]: http://www.gnupg.org/related_software/libassuan/
[pypi]: http://pypi.python.org/pypi/pyassuan/
projects / blog.git / commitdiff