From ef5c06efe725b00e11bbe6bcbe7bff1ab916ca84 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Sat, 12 May 2012 07:32:08 -0400 Subject: [PATCH] Update pgp-mime and pyassuan posts to reference gpgme-tool. --- posts/pgp-mime.mdwn | 29 ++++++++++++++++++++++++++--- posts/pyassuan.mdwn | 35 +++++++++++++++++++---------------- 2 files changed, 45 insertions(+), 19 deletions(-) diff --git a/posts/pgp-mime.mdwn b/posts/pgp-mime.mdwn index 42ddb97..58f3e45 100644 --- a/posts/pgp-mime.mdwn +++ b/posts/pgp-mime.mdwn @@ -15,17 +15,40 @@ to hold Mutt's hand while it signs the emails. I dunno why Mutt doesn't have some `--batch` mode options to support PGP, but there it is. -Pgp-mime is my home-grown solution. It' not very complicated really, +Pgp-mime is my home-grown solution. It's not very complicated really, just implementing the [RFC 3156][] specs in [[Python]]. It's been through a number of iterations over the years, and now (2012) I think the interface has matured to the point of actually being useful to -other people as well ;). [[Email me|contact]] with (encrypted!) -feedback. +other people as well ;). + +While there are [some other GnuPG wrappers][wrappers] for Python, my +wrappers are the only ones using [the Assuan protocol][assuan] (via my +[[pyassuan]]) to communicate with [gpgme-tool][]. All the other +interfaces spawn `gpg` directly (e.g. using the [subprocess][] +module), and scrape its output, which is not ideal. + +Pgp-mime still uses `subprocess` to spawn `gpgme-tool`, but I'm +currently working with the GnuPG folks to get a proper socket +interface which would put `gpgme-tool` on par with `gpg-agent`. Then +pgp-mime could drop all the `subprocess` stuff, which would make +things more robust. I'm also waiting on Python 3.3 to get support for +[sendmsg][] and [recvmsg][] in Python's [socket][] module, which would +allow me to pass file descriptors to a persistent, external +`gpgme-tool`. The `README` is posted on the [PyPI page][pypi]. +[[Email me|contact]] with (encrypted!) feedback. + [RFC 3156]: http://www.ietf.org/rfc/rfc3156.txt [pypi]: http://pypi.python.org/pypi/pgp-mime/ +[wrappers]: http://wiki.python.org/moin/GnuPrivacyGuard +[assuan]: http://www.gnupg.org/documentation/manuals/assuan/ +[gpgme-tool]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=src/gpgme-tool.c;hb=HEAD +[subprocess]: http://docs.python.org/library/subprocess.html +[sendmsg]: http://docs.python.org/dev/library/socket.html#socket.socket.sendmsg +[recvmsg]: http://docs.python.org/dev/library/socket.html#socket.socket.recvmsg +[socket]: http://docs.python.org/dev/library/socket.html [[!tag tags/code]] [[!tag tags/linux]] diff --git a/posts/pyassuan.mdwn b/posts/pyassuan.mdwn index a6fd81e..b1965a3 100644 --- a/posts/pyassuan.mdwn +++ b/posts/pyassuan.mdwn @@ -4,34 +4,37 @@ I've been trying to come up with a clean way to verify detached [[PGP]] signatures from [[Python]]. There are [a number of existing approaches to this problem][wrappers]. Many of them call [gpg][] -using Python's `multiprocessing` module, but to verify detached -signatures, you need to send the signature in [on a separate file -descriptor][enable-special-filenames], and handling that in a way safe -from deadlocks is difficult. The other approach, taken by [PyMe][] is -to wrap [GPGME][] using [[SWIG]], which is great as far as it goes, -but development seems to have stalled, and I find the raw GPGME -interface excessively complicated. +using Python's [multiprocessing][] or [subprocess][] modules, but to +verify detached signatures, you need to send the signature in [on a +separate file descriptor][enable-special-filenames], and handling that +in a way safe from deadlocks is difficult. The other approach, taken +by [PyMe][] is to wrap [GPGME][] using [[SWIG]], which is great as far +as it goes, but development seems to have stalled, and I find the raw +GPGME interface excessively complicated. The GnuPG tools themselves often communicate over sockets using the [Assuan protocol][assuan], and I'd already written an Assuan server to -handle pinentry (originally for my [[gpg-agent]] post, not [part of -pyassuan][pinentry.py]). I though it would be natural if there was a -[[gpgme-agent]] which would handle cryptographic tasks over this -protocol, which would make the [[pgp-mime]] implementation easier. In -order to talk to this (currently hypothetical) agent, I turned my -pinentry script into the more general pyassuan package. Now using -Assuan from Python should be as easy (or easier?) than using it from C -via [libassuan][]. +handle [pinentry][] (originally for my [[gpg-agent]] post, not part of +pyassuan). I though it would be natural if there was a `gpgme-agent` +which would handle cryptographic tasks over this protocol, which would +make the [[pgp-mime]] implementation easier. It turns out that there +already is such an agent ([gpgme-tool][]), so I turned my pinentry +script into the more general pyassuan package. Now using Assuan from +Python should be as easy (or easier?) than using it from C via +[libassuan][]. The `README` is posted on the [PyPI page][pypi]. [wrappers]: http://wiki.python.org/moin/GnuPrivacyGuard [gpg]: http://www.gnupg.org/ +[multiprocessing]: http://docs.python.org/library/multiprocessing.html +[subprocess]: http://docs.python.org/library/subprocess.html [enable-special-filenames]: http://lists.gnupg.org/pipermail/gnupg-devel/2002-November/019343.html [PyMe]: http://pyme.sourceforge.net/ [GPGME]: http://www.gnupg.org/related_software/gpgme/ [assuan]: http://www.gnupg.org/documentation/manuals/assuan/ -[pinentry.py]: http://git.tremily.us/?p=pyassuan.git;a=blob;f=bin/pinentry.py;hb=HEAD +[pinentry]: http://git.tremily.us/?p=pyassuan.git;a=blob;f=bin/pinentry.py;hb=HEAD +[gpgme-tool]: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=src/gpgme-tool.c;hb=HEAD [libassuan]: http://www.gnupg.org/related_software/libassuan/ [pypi]: http://pypi.python.org/pypi/pyassuan/ -- 2.26.2