pgp-mime.git
12 years agopgp: expect subkey signing in `verify` doctests.
W. Trevor King [Wed, 26 Sep 2012 19:52:49 +0000 (15:52 -0400)]
pgp: expect subkey signing in `verify` doctests.

Now that pgp-mime-test has a subkey

  commit 236cc6d2ede3fb9f6b55695115d4246a69489e02
  Author: W. Trevor King <wking@tremily.us>
  Date:   Thu Sep 20 11:20:36 2012 -0400

    test:key: add a subkey to the testing key.

Signing and encryption use the new subkey by default.  You can still
sign/encrypt using the primary key if you use part of the key
fingerprint explicitly in the `signers` argument.

12 years agosignature: add 0:'none' to _public_key_algorithm_enum.
W. Trevor King [Wed, 26 Sep 2012 19:38:22 +0000 (15:38 -0400)]
signature: add 0:'none' to _public_key_algorithm_enum.

This avoids crashing with:

  Exception raised:
    Traceback (most recent call last):
      ...
      File "/home/wking/src/pgp-mime/pgp_mime/signature.py", line 264, in set_public_key_algorithm
        self.public_key_algorithm = self._public_key_algorithm_enum[value]
    KeyError: 0

When `gpgme-tool` responds with signatures like:

  <gpgme>
    <verify-result>
      <signatures>
        <signature>
          ...
          <pubkey-algo value="0x0">(null)</pubkey-algo>
          ...
        </signature>
      </signatures>
    </verify-result>
  </gpgme>

which I was coming up in the test suite (I'm not sure why).

12 years agosignature: fix inverse dictionary name typo in get_public_key_algorithm.
W. Trevor King [Wed, 26 Sep 2012 19:34:30 +0000 (15:34 -0400)]
signature: fix inverse dictionary name typo in get_public_key_algorithm.

12 years agokey: don't pass args to RESULT in lookup_keys().
W. Trevor King [Thu, 20 Sep 2012 17:33:25 +0000 (13:33 -0400)]
key: don't pass args to RESULT in lookup_keys().

12 years agokey: add pgp_mime.key wrapping gpgme-tool's KEYLIST command.
W. Trevor King [Thu, 20 Sep 2012 16:24:27 +0000 (12:24 -0400)]
key: add pgp_mime.key wrapping gpgme-tool's KEYLIST command.

This lets you lookup key information.  Eventually, you'll be able to
look up user IDs, email addresses, subkeys, etc.  However,
gpgme-tool's XML output for KEYLIST (result_keylist_to_xml) is a stub
as of:

  commit 83e74202cd7c4c975d149c49e2507fdb0e60ef32
  Commit:     Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
  CommitDate: Sat Jul 28 22:11:31 2012 +0200

    Add two recent contributors.

12 years agosignature: we don't need to import pprint in pgp_mime.signature.
W. Trevor King [Thu, 20 Sep 2012 16:13:00 +0000 (12:13 -0400)]
signature: we don't need to import pprint in pgp_mime.signature.

I had been using it during the development of Signature.dumps(), and
forgot to remove it before committing.

12 years agocrypt: add encryption/verification doctests using the new subkey.
W. Trevor King [Thu, 20 Sep 2012 15:39:47 +0000 (11:39 -0400)]
crypt: add encryption/verification doctests using the new subkey.

12 years agotest:key: add a subkey to the testing key.
W. Trevor King [Thu, 20 Sep 2012 15:20:36 +0000 (11:20 -0400)]
test:key: add a subkey to the testing key.

I updated `key.conf` to generate the appropriate key type, but
rerunning `key.sh` would create a whole new key.  I didn't want to
rewrite the old tests to use a new primary key fingerprint, so I added
a subkey to the old pgp-mime-test key by hand:

  $ gpg --expert --edit-key 4332B6E3
  ...
  gpg> addkey
  Please select what kind of key you want:
  ...
  (8) RSA (set your own capabilities)
  Your selection? 8
  ...
  Current allowed actions: Sign Encrypt
  ...
     (Q) Finished

  Your selection? Q
  What keysize do you want? (2048)
  Requested keysize is 2048 bits
  ...
  Key is valid for? (0) 0
  Is this correct? (y/N) y
  Really create? (y/N) y
  gpg> save
  $ gpg --export --armor -o test/key.txt 4332B6E3

12 years agoRun update-copyright.py.
W. Trevor King [Thu, 20 Sep 2012 14:15:50 +0000 (10:15 -0400)]
Run update-copyright.py.

12 years agosignature: add Signature class for more Pythonic verification.
W. Trevor King [Thu, 20 Sep 2012 14:12:38 +0000 (10:12 -0400)]
signature: add Signature class for more Pythonic verification.

Now verify_bytes() returns a list of `Signature`s instead of XML.
This should be much easier for callers to handle, and it provides a
layer of insulation between the gpgme-tool output and Python code.

12 years agocrypt: Use a sublogger of pgp_mime.LOG not pyassuan.LOG for clients.
W. Trevor King [Thu, 20 Sep 2012 11:05:37 +0000 (07:05 -0400)]
crypt: Use a sublogger of pgp_mime.LOG not pyassuan.LOG for clients.

This way tools like pygrader that setup a SysLogHandler for
pgp_mime.LOG wont have pyassuan still logging to the console.  The
name-order for the logger also changed (from `pyassuan.pgp-mime` to
`pgp-mime.pyassuan`).

12 years agoRun update-copyright.py.
W. Trevor King [Fri, 31 Aug 2012 18:18:51 +0000 (14:18 -0400)]
Run update-copyright.py.

12 years agodoc: explain need for Python 3.2 in the README.
W. Trevor King [Fri, 31 Aug 2012 18:16:49 +0000 (14:16 -0400)]
doc: explain need for Python 3.2 in the README.

Also list Python 3.2 and 3.3 as explicitly supported in setup.py.

12 years agopgp: test a Mutt-generated email in pgp.verify.
W. Trevor King [Fri, 31 Aug 2012 17:49:29 +0000 (13:49 -0400)]
pgp: test a Mutt-generated email in pgp.verify.

This way I'm not just testing against my interpretation of the RFCs,
but I'm also testing against the Mutt dev's interpretation.

12 years agoemail: use absolute imports in the pgp_mime.email module.
W. Trevor King [Fri, 31 Aug 2012 17:46:29 +0000 (13:46 -0400)]
email: use absolute imports in the pgp_mime.email module.

This fixes:

  Traceback (most recent call last):
    File "/usr/lib64/python2.7/site-packages/nose/loader.py", line 390, in loadTestsFromName
      addr.filename, addr.module)
    File "/usr/lib64/python2.7/site-packages/nose/importer.py", line 39, in importFromPath
      return self.importFromDir(dir_path, fqname)
    File "/usr/lib64/python2.7/site-packages/nose/importer.py", line 86, in importFromDir
      mod = load_module(part_fqname, fh, filename, desc)
    File ".../pgp_mime/__init__.py", line 33, in <module>
      from .pgp import sign, encrypt, sign_and_encrypt, decrypt, verify
    File ".../pgp_mime/pgp.py", line 4, in <module>
      from email import message_from_bytes as _message_from_bytes
  ImportError: cannot import name message_from_bytes

12 years agoForce \r\n line endings when performing PGP cryptography.
W. Trevor King [Wed, 25 Apr 2012 02:15:09 +0000 (22:15 -0400)]
Force \r\n line endings when performing PGP cryptography.

From RFC 3156, section 5 (OpenPGP signed data):

  When the OpenPGP digital signature is generated:

   (1)   The data to be signed MUST first be converted to its content-
         type specific canonical form.  For text/plain, this means
         conversion to an appropriate character set and conversion of
         line endings to the canonical <CR><LF> sequence.

This will be easier with Python 3.3's policies:

  email.policy.SMTP

    Output serialized from a message will conform to the email and
    SMTP RFCs. The only changed attribute is linesep, which is set to
    \r\n.

12 years agoAlways return a new Message instance from pgp.verify().
W. Trevor King [Tue, 24 Apr 2012 20:01:17 +0000 (16:01 -0400)]
Always return a new Message instance from pgp.verify().

Now callers can mess with the result without worrying about mucking up
the original message instance.

`#

12 years agoUse configured pgp_mime.LOG.level for crypt client logging.
W. Trevor King [Mon, 23 Apr 2012 17:39:24 +0000 (13:39 -0400)]
Use configured pgp_mime.LOG.level for crypt client logging.

12 years agoUpdate the README with gpgme-tool, pyassuan, and pygrader references. v0.3
W. Trevor King [Sat, 21 Apr 2012 18:27:20 +0000 (14:27 -0400)]
Update the README with gpgme-tool, pyassuan, and pygrader references.

Also update ~/.config/pgp-mime.conf -> ~/.config/smtplib.conf.

12 years agoUpdate send-pgp-mime.py to use the new signer-specification API.
W. Trevor King [Sat, 21 Apr 2012 17:31:33 +0000 (13:31 -0400)]
Update send-pgp-mime.py to use the new signer-specification API.

12 years agoAdd `allow_default_signer` to `sign_and_encrypt_bytes`.
W. Trevor King [Sat, 21 Apr 2012 17:20:00 +0000 (13:20 -0400)]
Add `allow_default_signer` to `sign_and_encrypt_bytes`.

This allows you to fall back to your configured default signer
(`default-key` in `~/.gnupg/gpg.conf`).  `sign_and_encrypt_bytes` will
sign (and possibly encrypt) content when either `signers` is non-empty
or `allow_default_signer` is set.

The signing PGP/MIME wrappers around `sign_and_encrypt_bytes` (`sign`
and `sign_and_encrypt`) both expose the new option to their callers.

12 years agoPass file-descriptors when spawning gpgme-tool to avoid temporary files.
W. Trevor King [Sat, 21 Apr 2012 15:48:21 +0000 (11:48 -0400)]
Pass file-descriptors when spawning gpgme-tool to avoid temporary files.

12 years agoAdjust to use gpgme-tool (from the gpgme package).
W. Trevor King [Fri, 20 Apr 2012 09:03:06 +0000 (05:03 -0400)]
Adjust to use gpgme-tool (from the gpgme package).

Also convert the module into a package for a cleaner structure.

At the moment, I'm still using tempfiles to pass the data into
gpgme-tool.

12 years agoFix pgp-mime -> pgp_mime in README nosetest examples.
W. Trevor King [Fri, 20 Apr 2012 02:04:06 +0000 (22:04 -0400)]
Fix pgp-mime -> pgp_mime in README nosetest examples.

12 years agoChange my email address from drexel.edu to tremily.us.
W. Trevor King [Wed, 18 Apr 2012 17:19:17 +0000 (13:19 -0400)]
Change my email address from drexel.edu to tremily.us.

12 years agoAdd 'tools' to first line in README.
W. Trevor King [Thu, 22 Mar 2012 19:35:04 +0000 (15:35 -0400)]
Add 'tools' to first line in README.

12 years agoAdd decrypt() and verify() functions for decrypting and verifying Messages.
W. Trevor King [Wed, 21 Mar 2012 21:55:30 +0000 (17:55 -0400)]
Add decrypt() and verify() functions for decrypting and verifying Messages.

I've made _thread_pipe() a bit more robust (now it will try several
times to write), but sometimes things still block.  Print statements
show thread_pipe() wrapping up, but the main thread hangs in
communicate()'s poll(), and gpg hangs after reading the full signature.

12 years agoAdd decrypt_bytes() and verify_bytes().
W. Trevor King [Wed, 21 Mar 2012 19:11:43 +0000 (15:11 -0400)]
Add decrypt_bytes() and verify_bytes().

Create the encrypted test input with:

  $ echo 'Success!' | gpg --no-verbose --quiet --batch --output -
      --armor --textmode --encrypt --always-trust
      --recipient pgp-mime@invalid.com

Create the signed and encrypted test input with:

  $ echo 'Success!' | gpg --no-verbose --quiet --batch --output -
      --armor --textmode --sign --encrypt --always-trust
      --local-user pgp-mime@invalid.com --recipient pgp-mime@invalid.com

Created the detached signature test input with:

  $ echo 'Success!' | gpg --no-verbose --quiet --batch --output -
      --armor --textmode --detach-sign --always-trust
      --local-user pgp-mime@invalid.com

Verification with a detached signature is the tricky bit.  We are
piping the signed data in via stdout.  To avoid opening a temporary
file, we need to pipe the signature in through another pipe.  The new
`thread_pipe()` function opens that pipe, and spawns a thread writing
the signature data, and the `--enable-special-filenames` option lets
us specify the read-descriptor with the `-&n` syntax.

The threading avoids deadlocking with `execute()`'s `communicate()`
call, and makes cleanup of the write-descriptor easier.

12 years agoAdjust doctests to use the new pgp-mime@invalid.com test key.
W. Trevor King [Wed, 21 Mar 2012 19:01:20 +0000 (15:01 -0400)]
Adjust doctests to use the new pgp-mime@invalid.com test key.

12 years agoAdd a test key (and creation scripts) so others can test decryption and verification.
W. Trevor King [Wed, 21 Mar 2012 18:44:43 +0000 (14:44 -0400)]
Add a test key (and creation scripts) so others can test decryption and verification.

12 years agoRun update-copyright.py.
W. Trevor King [Wed, 21 Mar 2012 16:53:30 +0000 (12:53 -0400)]
Run update-copyright.py.

12 years agoAdd trailing slash to Gentoo overlay link in README.
W. Trevor King [Wed, 21 Mar 2012 16:48:00 +0000 (12:48 -0400)]
Add trailing slash to Gentoo overlay link in README.

12 years agoRestructure and cleanup pgp-mime now that it's a stand alone package. v0.2
W. Trevor King [Wed, 21 Mar 2012 15:15:24 +0000 (11:15 -0400)]
Restructure and cleanup pgp-mime now that it's a stand alone package.

12 years agoRaise an exception for unrecognized errors in send_pgp_mime.
W. Trevor King [Sat, 16 Apr 2011 23:27:50 +0000 (19:27 -0400)]
Raise an exception for unrecognized errors in send_pgp_mime.

12 years agoFixed email.Parser typo in send_pgp_mime.py imports for Python 2.4.
W. Trevor King [Thu, 17 Sep 2009 19:31:01 +0000 (15:31 -0400)]
Fixed email.Parser typo in send_pgp_mime.py imports for Python 2.4.

12 years agoTypo EncryptedMessageFactory -> PGPMimeMessageFactory in send-pgp-mime.py
W. Trevor King [Fri, 11 Sep 2009 15:52:02 +0000 (11:52 -0400)]
Typo EncryptedMessageFactory -> PGPMimeMessageFactory in send-pgp-mime.py

I changed the class name in commit
  wking@drexel.edu-20090718201613-n242qfl4s3j3kfjf
but missed two references.

12 years agoCleaned up be-handle-mail's subscriber notification emails (fewer attachments).
W. Trevor King [Mon, 27 Jul 2009 18:42:17 +0000 (14:42 -0400)]
Cleaned up be-handle-mail's subscriber notification emails (fewer attachments).

Previously, every node in the DiffTree created it's own attachment.
Now they're consolidated into a single attachment per bug.  higher
level nodes are still one attachment per node.

Also:
  * added send_pgp_mime.append_text()
  * pulled guess_encoding() out of send_pgp_mime.encodedMIMEText().
  * renamed data_string -> data_part in libbe.diff, since it needn't be a string.

12 years agoBroke encodedMIMEText out of send-pgp-mime.PGPMimeMessageFactory.
W. Trevor King [Thu, 23 Jul 2009 15:37:45 +0000 (11:37 -0400)]
Broke encodedMIMEText out of send-pgp-mime.PGPMimeMessageFactory.

It's useful enough even when you're not intending to encrypt
something.

12 years agoAssorted bugfixes to get reworked be-handle-mail working.
W. Trevor King [Sat, 18 Jul 2009 21:02:11 +0000 (17:02 -0400)]
Assorted bugfixes to get reworked be-handle-mail working.

12 years agoMajor be-handle-mail rewrite to make things more modular.
W. Trevor King [Sat, 18 Jul 2009 20:16:13 +0000 (16:16 -0400)]
Major be-handle-mail rewrite to make things more modular.

Added Command and Message classes, and use new flexibility in
send_pgp_mime.py.

12 years agoOops, forgot to reset from/to_addr in send_pgp_mime.py unittests
W. Trevor King [Sat, 18 Jul 2009 19:29:26 +0000 (15:29 -0400)]
Oops, forgot to reset from/to_addr in send_pgp_mime.py unittests

12 years agoMajor send_pgp_mime.py reorganization to better integrate with email.Message.
W. Trevor King [Sat, 18 Jul 2009 19:17:11 +0000 (15:17 -0400)]
Major send_pgp_mime.py reorganization to better integrate with email.Message.

Now send_pgp_mime.py passes it's unittests again, and it should be
easier to use from be-handle-mail :).

Renamed Mail -> EncryptedMessageFactory, since its role is to generate
message bodies of various types (plain, signed, encrypted, ...)

Separated the header processing from Mail, now you need to
  header_from_text()
your header text to create an email.Message which you can use in
EncrypedMessageFactory.sign(), .encrypt(), ...  Once you've created
the body message you want, you can attach it to the header with
  attach_root(header, root_part)
where both header and root_part are email.Message instances.

Made EncryptedMessageFactory doctests more robust, through the use of
 # doctest: +ELLIPSIS, +NORMALIZE_WHITESPACE
which removed the need for the .strip*() methods.

Also added the configurable from_addr and to_addr, which allows you
to run the doctests with successful gpg calls.  Just set them to
some address from your private keyring, and pass the passphrase for
that key in to your test via a file (or gpg-agent...)
  python send_pgp_mime.py -tP path/to/pasphrase/file

12 years agoNormalized whitespace in be-handle-mail and send_pgp_mime.py.
W. Trevor King [Sat, 18 Jul 2009 15:10:27 +0000 (11:10 -0400)]
Normalized whitespace in be-handle-mail and send_pgp_mime.py.

Also removed "commit after every message" from be-handle-mail,
because
  a) not implemented yet
  b) don't want to commit spam, since we'd have to find a way to
  remove it later.

Suggested future workflow:
  * "bzr diff" to poll for activity, blank output = no activity.
  * on activity:
    1) look at changes
    2) remove whatever
    3) commit email-interface repo.
    4) merge changes into your private repo
  * on private repo changes:
    * if activity in email-interface repo:
      1) deal with email activity as above
    * push your private repo onto the email-interface repo
      (and update the email repos' working tree, if required)

12 years agoAdded "to_unicode" to send_pgp_mime.flatten()
W. Trevor King [Sat, 18 Jul 2009 13:21:03 +0000 (09:21 -0400)]
Added "to_unicode" to send_pgp_mime.flatten()

be-handle-mail wants unicode output, since all it's internal
processing is done with unicode.  However, the flatten calls in
send_pgp_mime work with the encoded binary string output, and
execute(sendmail, stdin=flatten(msg, to_unicode=True)) fails
with
  Exception: u
  while executing /usr/sbin/sendmail -t
  sendmail: fatal: wking(1001): No recipient addresses found in message header

12 years agosend_pgp_mime.py attempts to avoid UTF-8 for MIMEText messages.
W. Trevor King [Sat, 18 Jul 2009 13:04:25 +0000 (09:04 -0400)]
send_pgp_mime.py attempts to avoid UTF-8 for MIMEText messages.

This keeps the transfer-encoding out of base64 if possible.

Also added a "help" example to interafaces/email/interactive/examples.

12 years agoAdded send_pgp_mime.Mail.encodedMIMEText() for unicode handling.
W. Trevor King [Sat, 18 Jul 2009 12:47:11 +0000 (08:47 -0400)]
Added send_pgp_mime.Mail.encodedMIMEText() for unicode handling.

Now be-handle-mail handles examples/unicode without crashing
  cat examples/unicode | ./be-handle-mail -o -l -
But the output email is encoded in base64:

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
From: BE Bugs <wking@thor.physics.drexel.edu>
To: John Doe <jdoe@example.com>
Date: Sat, 18 Jul 2009 12:22:05 +0000
Subject: [be-bug] Re: show
In-reply-to: <abcd@example.com>

UmVzdWx0cyBvZiBydW5uaW5nOiAoZXhpdCBjb2RlIDApCiAgc2hvdyAKCnN0ZG91dDoKCjw/eG1s
IHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04IiA/Pgo8YnVnPgogIDx1dWlkPmY3Y2NkOTE2
LWI1YzctNDg5MC1hMmUzLThjOGFjZTE3YWUzYTwvdXVpZD4KICA8c2hvcnQtbmFtZT5mN2M8L3No
b3J0LW5hbWU+CiAgPHNldmVyaXR5Pm1pbm9yPC9zZXZlcml0eT4KICA8c3RhdHVzPmZpeGVkPC9z
...

This is perhaps the best we can get out of python < 3.1/2.7, see
  http://bugs.python.org/issue1368247

12 years agoAdd unicode-header handling to send_pgp_mime.py
W. Trevor King [Wed, 15 Jul 2009 19:13:39 +0000 (15:13 -0400)]
Add unicode-header handling to send_pgp_mime.py

Also:

Switched
 email.message_from_string()
to
 email.parser.Parser().parsestr()
for parsing the header, for access to the headersonly option.

Adjusted module import order to alphebetize non-mime email modules.

Added return_realname to source_email(), which makes it more useful to
be-handle-mail (currently uncommitted).

Added a doctest for the plain() output and removed redundant
Content-Type line from the doctests (which we'd removed from the
output with the last commit).

Note that many doctests _will_fail_ unless me@big.edu and you@big.edu
are in your gpg keyring.  At some point I should make those addresses
options to --test...

12 years agoMinor tweaks in send_pgp_mime.py
W. Trevor King [Wed, 15 Jul 2009 18:06:03 +0000 (14:06 -0400)]
Minor tweaks in send_pgp_mime.py

 * No reason to set maxheaderlen to something other than the default.
 * MIMEText sets content-type and charset automatically.

12 years agoAdded --mode=plain option to send_pgp_mime.
W. Trevor King [Wed, 15 Jul 2009 17:18:19 +0000 (13:18 -0400)]
Added --mode=plain option to send_pgp_mime.

Also a few more tweaks to get things working.  I think be-handle-mail
is parsing the incoming messages correctly now, but I'm not getting
replies back for some reason.  Some of the adjustments:

  * Moved send_pgp_mime -> send_pgp_mime.py, otherwise Python doesn't
    recognize it as an importable module.
  * I use postfix now instead of msmtp, so send_pgp_mime.sendmail now
    points to postfix's sendmail-compatable frontend.
  * Added "--mode=plain" option to send_pgp_mime.py, so I can test
    my procmail rules and send_pgp_mime itself without worrying about
    be-handle-mail.
  * Fixed some typos in be-handle-mail.

12 years agoAdded some comments to send_pgp_mime
W. Trevor King [Wed, 15 Jul 2009 16:10:19 +0000 (12:10 -0400)]
Added some comments to send_pgp_mime

12 years agoAdded my send_pgp_mime module to the project.
W. Trevor King [Wed, 15 Jul 2009 13:37:52 +0000 (09:37 -0400)]
Added my send_pgp_mime module to the project.

This is a bit of a shameless plug, since there's not much motivation
for encrypting bug emails.  However, I've already written it, and it
does send emails, so I'm using it ;).  Perhaps some company will want
to keep the bug submitter's contact information securely in a BE
database.  Anyhow, there's very little reason to _not_ use PGP, and
the module certainly doesn't force you to encrypt anything. ;)