This allows you to fall back to your configured default signer
(`default-key` in `~/.gnupg/gpg.conf`). `sign_and_encrypt_bytes` will
sign (and possibly encrypt) content when either `signers` is non-empty
or `allow_default_signer` is set.
The signing PGP/MIME wrappers around `sign_and_encrypt_bytes` (`sign`
and `sign_and_encrypt`) both expose the new option to their callers.
def sign_and_encrypt_bytes(data, signers=None, recipients=None,
def sign_and_encrypt_bytes(data, signers=None, recipients=None,
- always_trust=False, mode='detach'):
+ always_trust=False, mode='detach',
+ allow_default_signer=False):
r"""Sign ``data`` with ``signers`` and encrypt to ``recipients``.
Just sign:
r"""Sign ``data`` with ``signers`` and encrypt to ``recipients``.
Just sign:
client.make_request(
_common.Request('OUTPUT', 'FD={}'.format(output_write)))
parameters = []
client.make_request(
_common.Request('OUTPUT', 'FD={}'.format(output_write)))
parameters = []
- if signers and recipients:
- command = 'SIGN_ENCRYPT'
- elif signers:
- command = 'SIGN'
- parameters.append('--{}'.format(mode))
+ if signers or allow_default_signer:
+ if recipients:
+ command = 'SIGN_ENCRYPT'
+ else:
+ command = 'SIGN'
+ parameters.append('--{}'.format(mode))
elif recipients:
command = 'ENCRYPT'
else:
elif recipients:
command = 'ENCRYPT'
else:
from .email import strip_bcc as _strip_bcc
from .email import strip_bcc as _strip_bcc
-def sign(message, signers=None):
+def sign(message, signers=None, allow_default_signer=False):
r"""Sign a ``Message``, returning the signed version.
multipart/signed
r"""Sign a ``Message``, returning the signed version.
multipart/signed
"""
body = message.as_string().encode('us-ascii')
signature = str(_sign_and_encrypt_bytes(
"""
body = message.as_string().encode('us-ascii')
signature = str(_sign_and_encrypt_bytes(
- data=body, signers=signers), 'us-ascii')
+ data=body, signers=signers,
+ allow_default_signer=allow_default_signer), 'us-ascii')
sig = _MIMEApplication(
_data=signature,
_subtype='pgp-signature; name="signature.asc"',
sig = _MIMEApplication(
_data=signature,
_subtype='pgp-signature; name="signature.asc"',
return msg
def sign_and_encrypt(message, signers=None, recipients=None,
return msg
def sign_and_encrypt(message, signers=None, recipients=None,
+ always_trust=False, allow_default_signer=False):
r"""Sign and encrypt a ``Message``, returning the encrypted version.
multipart/encrypted
r"""Sign and encrypt a ``Message``, returning the encrypted version.
multipart/encrypted
_LOG.debug('extracted encryption recipients: {}'.format(recipients))
encrypted = str(_sign_and_encrypt_bytes(
data=body, signers=signers, recipients=recipients,
_LOG.debug('extracted encryption recipients: {}'.format(recipients))
encrypted = str(_sign_and_encrypt_bytes(
data=body, signers=signers, recipients=recipients,
- always_trust=always_trust), 'us-ascii')
+ always_trust=always_trust,
+ allow_default_signer=allow_default_signer), 'us-ascii')
enc = _MIMEApplication(
_data=encrypted,
_subtype='octet-stream; name="encrypted.asc"',
enc = _MIMEApplication(
_data=encrypted,
_subtype='octet-stream; name="encrypted.asc"',