Unsignedio
/
python-gnupg
mirror of https://github.com/markqvist/python-gnupg.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'release/1.2.6'

fix/24-output-to-filename
Isis Lovecruft 2014-06-04 21:11:13 +00:00
parent 3cdfbc2f9b ebd93db8c2
commit 1ea44e81af
No known key found for this signature in database
GPG Key ID: 5C17776E27F7E84D
9 changed files with 265 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -86,3 +86,6 @@ MANIFEST
# sphinx default build
docs/_build
# ignore keys which have been generated example scripts:
8192-bit-key/*

213
examples/make-8192-bit-key.py 100755
View File

@ -0,0 +1,213 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Create a new 8192-bit GnuPG keypair.
:authors: Isis <isis@patternsinthevoid.net> 0xa3adb67a2cdb8b35
:license: MIT license
:copyright: (c) 2013 Isis Agora Lovecruft
"""
from __future__ import print_function
from __future__ import absolute_import
from __future__ import unicode_literals
import logging
import gnupg
import sys
from gnupg import _logger
# Set up logging:
log = _logger.create_logger(9)
log.setLevel(9)
#―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
# Settings
#
# You probably want to edit the following variables. Ones which are currently
# set to strings are necessary; the ones which are set to `None` are optional.
# The directory to use as the homedir for GnuPG (it will contain the
# secring.gpg and pubring.gpg, etc.)
NEWKEY_DIR = './8192-bit-key'
# The name you go by, as it should appear in the primary keyid, i.e. "Evey
# Hammond":
NAME = 'Someone'
# The comment which goes in parantheses after the name and before the email
# address on the key's primary uid. Leave as None to not have one.
NAME_COMMENT = None
# The email address for the primary UID (You *should* actually be able to put
# whatever you want here, like a domain or something, because the GnuPG
# `--allow-freeform-uid` option will be used. I've not actually tested this
# though.)
NAME_EMAIL = 'someone@example.com'
# Expiration date for the new key. To use the default expiration of one year,
# set to None.
#EXPIRE_DATE = '1999-09-19'
EXPIRE_DATE = None
# GnuPG-1.4.x allows the automated creation of passphraseless keys. If using
# GnuPG-1.4.x, and you don't specify the passphrase, you can of course set it
# later with `$ gpg --edit-key` and then at the prompt typing `password`. If
# using a GnuPG from the 2.x series, you *must* specify a password here
# (though you can still change it afterward).
PASSPHRASE = None
# Type of key, i.e. 'RSA' or 'DSA' or something else. I've only tested
# 8192-bit keys with RSA.
KEY_TYPE = 'RSA'
# Uses for the key. Can be things like 'cert,sign' or 'cert' or 'cert,auth'.
KEY_USAGE = 'cert'
# Key bitlength. You likely want 8192, if you're using this script.
#
# It *is* possible to create 16834-bit keys, though it requires modifying and
# recompiling GnuPG. Doing this is a bit janky due to internal GnuPG buffers
# in several parts of the codebase being limited to 8192-bits, the key cannot
# be handled by *most* keyservers (there appears to be only one public
# keyserver which supports 16384-bit keys being uploaded to it), and the
# 16834-bit key will likely require the modified GnuPG to work with it (even
# then some operations, such as removal of the primary secret key, but not the
# primary public key, from the keychain will be badly broken).
KEY_LENGTH = 8192
# Type of subkey. None to skip subkey generation. You can add keys later
# through `$ gpg --edit-key`. For compatibility with people who aren't doing
# crazy things with their keys, you maybe probably want to use `--edit-key` to
# create some nice, normal, "overly-paranoid" 4096-bit keys.
SUBKEY_TYPE = 'RSA'
# Same as KEY_USAGE.
#SUBKEY_USAGE = None
SUBKEY_USAGE = 'sign'
# Same as KEY_LENGTH.
#SUBKEY_LENGTH = None
SUBKEY_LENGTH = 4096
# The default keyserver for the key, which is embedded into the key, telling
# other people's GnuPGs to fetch (and send updates) to this URL:
KEYSERVER = None
# Set the cipher, hash, and compression preference values for this key. This
# expects the same type of string as the sub-command setpref in the
# --edit-key menu. The default preferences are given in
# ``gnupg.GPG.default_preference_list``.
PREFERENCES = None
#―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
gpg = gnupg.GPG(homedir=NEWKEY_DIR)
allparams = {'name_real': NAME,
'name_comment': NAME_COMMENT,
'name_email': NAME_EMAIL,
'expire_date': EXPIRE_DATE,
'passphrase': PASSPHRASE,
'key_type': KEY_TYPE,
'key_usage': KEY_USAGE,
'key_length': KEY_LENGTH,
'subkey_type': SUBKEY_TYPE,
'subkey_usage': SUBKEY_USAGE,
'subkey_length': SUBKEY_LENGTH,
'keyserver': KEYSERVER,
'preferences': PREFERENCES}
def createBatchfile(keyparams=allparams):
"""Create the batchfile for our new key.
:params dict keyparams: A dictionary of arguments for creating the key. It
should probably be ``allparams``.
:rtype: str
:returns: A string containing the entire GnuPG batchfile.
"""
useparams = {}
for key, value in keyparams.items():
if value:
useparams.update({key: value})
batchfile = gpg.gen_key_input(separate_keyring=True,
save_batchfile=True,
**useparams)
log.info("Generated GnuPG batch file:\n%s" % batchfile)
return batchfile
def createKey(batchfile):
"""Create a new keypair from a **batchfile**.
Writes the new keys into keyrings named after ``NAME_EMAIL`` inside the
``NEWKEY_DIR``.
:params str batchfile: A GnuPG batchfile. See :func:`createBatchfile`.
"""
key = gpg.gen_key(batchfile)
fingerprint = key.fingerprint
if not fingerprint:
log.error("Key creation seems to have failed: %s" % key.status)
return None, None
return key, fingerprint
def displayNewKey(key):
"""Use ``gnupg.GPG.list_keys()`` to display details of the new key."""
if key.keyring:
gpg.keyring = key.keyring
if key.secring:
gpg.secring = key.secring
# Using '--fingerprint' twice will display subkey fingerprints too:
gpg.options = ['--fingerprint', '--fingerprint']
keylist = gpg.list_keys(secret=True)
# `result` is a `gnupg._parsers.ListKeys`, which is list-like, so iterate
# over all the keys and display their info:
for gpgkey in keylist:
for k, v in gpgkey:
log.info("%s: %s" % (k.capitalize(), v))
return keylist
def exportNewKey(fingerprint):
"""Export the new keys into .asc files.
:param str fingerprint: A full key fingerprint.
"""
log.info("Exporting key: %s" % fingerprint)
keyfn = os.path.join(gpg.homedir,
fingerprint + '-8192-bit-key') + os.path.extsep
pubkey = gpg.export_keys(fingerprint)
seckey = gpg.export_keys(fingerprint, secret=True)
subkey = gpg.export_keys(fingerprint, secret=True, subkeys=True)
with open(keyfn + 'pub' + os.path.extsep + 'asc', 'w') as fh:
fh.write(pubkey)
with open(keyfn + 'sec' + os.path.extsep + 'asc', 'w') as fh:
fh.write(seckey)
with open(keyfn + 'sub' + os.path.extsep + 'asc', 'w') as fh:
fh.write(subkey)
if __name__ == '__main__':
if (NAME == 'Someone') or (NAME_EMAIL == 'someone@example.com'):
log.info("Please edit the settings variables within this script.")
log.info("Exiting...")
exit(1)
else:
try:
batchfile = createBatchfile()
key, fingerprint = createKey(batchfile)
log.info("New key with fingerprint %r created" % fingerprint)
displayNewKey(key)
exportNewKey(fingerprint)
except Exception as error:
log.error(error)

6
gnupg/_logger.py
View File

@ -78,13 +78,13 @@ def create_logger(level=logging.NOTSET):
if level > logging.NOTSET:
logging.basicConfig(level=level, filename=_fn,
filemode="a", format=_fmt)
logging.captureWarnings(True)
logging.logThreads = True
if hasattr(logging,'captureWarnings'):
logging.captureWarnings(True)
colouriser = _ansistrm.ColorizingStreamHandler
colouriser.level_map[9] = (None, 'blue', False)
colouriser.level_map[10] = (None, 'cyan', False)
handler = colouriser(stream=sys.stderr)
handler = colouriser(sys.stderr)
handler.setLevel(level)
formatr = logging.Formatter(_fmt)

27
gnupg/_meta.py
View File

@ -26,7 +26,6 @@ from __future__ import absolute_import
import atexit
import codecs
import encodings
import exceptions
## For AOS, the locale module will need to point to a wrapper around the
## java.util.Locale class.
## See https://code.patternsinthevoid.net/?p=android-locale-hack.git
@ -154,7 +153,7 @@ class GPGBase(object):
self._filesystemencoding = encodings.normalize_encoding(
sys.getfilesystemencoding().lower())
self._keyserver = 'hkp://subkeys.pgp.net'
self._keyserver = 'hkp://wwwkeys.pgp.net'
self.__generated_keys = os.path.join(self.homedir, 'generated-keys')
try:
@ -165,8 +164,8 @@ class GPGBase(object):
if self.options is not None:
assert isinstance(self.options, str), "options not string"
except (AssertionError, AttributeError) as ae:
log.error("GPGBase.__init__(): %s" % ae.message)
raise RuntimeError(ae.message)
log.error("GPGBase.__init__(): %s" % str(ae))
raise RuntimeError(str(ae))
else:
if verbose is True:
# The caller wants logging, but we need a valid --debug-level
@ -201,7 +200,7 @@ class GPGBase(object):
try:
program = _util._which(prog)[0]
except (OSError, IOError, IndexError) as err:
log.err(err.message)
log.err(str(err))
log.err("Cannot find program '%s', not changing PATH." % prog)
return
@ -321,14 +320,14 @@ class GPGBase(object):
should contain the desired keyserver protocol
which is supported by the keyserver, for example,
``'hkps://keys.mayfirst.org'``. The default
keyserver is ``'hkp://subkeys.pgp.net'``.
keyserver is ``'hkp://wwwkeys.pgp.net'``.
"""
self._keyserver = location
@keyserver.deleter
def keyserver(self):
"""Reset the keyserver to the default setting."""
self._keyserver = 'hkp://subkeys.pgp.net'
self._keyserver = 'hkp://wwwkeys.pgp.net'
def _homedir_getter(self):
"""Get the directory currently being used as GnuPG's homedir.
@ -374,8 +373,8 @@ class GPGBase(object):
except AssertionError as ae:
msg = ("Unable to set '%s' as GnuPG homedir" % directory)
log.debug("GPGBase.homedir.setter(): %s" % msg)
log.debug(ae.message)
raise RuntimeError(ae.message)
log.debug(str(ae))
raise RuntimeError(str(ae))
else:
log.info("Setting homedir to '%s'" % hd)
self._homedir = hd
@ -426,8 +425,8 @@ class GPGBase(object):
except AssertionError as ae:
msg = ("Unable to set '%s' as generated keys dir" % directory)
log.debug("GPGBase._generated_keys_setter(): %s" % msg)
log.debug(ae.message)
raise RuntimeError(ae.message)
log.debug(str(ae))
raise RuntimeError(str(ae))
else:
log.info("Setting homedir to '%s'" % hd)
self.__generated_keys = hd
@ -640,8 +639,8 @@ class GPGBase(object):
if not keyserver:
keyserver = self.keyserver
args = ['--keyserver {}'.format(keyserver),
'--recv-keys {}'.format(keyids)]
args = ['--keyserver {0}'.format(keyserver),
'--recv-keys {0}'.format(keyids)]
log.info('Requesting keys from %s: %s' % (keyserver, keyids))
result = self._result_map['import'](self)
@ -697,7 +696,7 @@ class GPGBase(object):
_util._write_passphrase(proc.stdin, passphrase, self._encoding)
writer = _util._threaded_copy_data(file, proc.stdin)
except IOError as ioe:
log.exception("Error writing message: %s" % ioe.message)
log.exception("Error writing message: %s" % str(ioe))
writer = None
self._collect_output(proc, result, writer, proc.stdin)
return result

10
gnupg/_parsers.py
View File

@ -25,9 +25,9 @@ from __future__ import absolute_import
from __future__ import print_function
try:
import collections
from collections import OrderedDict
except ImportError:
import ordereddict as collections
from ordereddict import OrderedDict
import re
@ -53,7 +53,7 @@ def _check_keyserver(location):
:param str location: A string containing the default keyserver. This
should contain the desired keyserver protocol which
is supported by the keyserver, for example, the
default is ``'hkp://subkeys.pgp.net'``.
default is ``'hkp://wwwkeys .pgp.net'``.
:rtype: :obj:`str` or :obj:`None`
:returns: A string specifying the protocol and keyserver hostname, if the
checks passed. If not, returns None.
@ -301,7 +301,7 @@ def _sanitise(*args):
flag = _is_allowed(arg)
assert flag is not None, "_check_option(): got None for flag"
except (AssertionError, ProtectedOption) as error:
log.warn("_check_option(): %s" % error.message)
log.warn("_check_option(): %s" % str(error))
else:
checked += (flag + ' ')
@ -1027,7 +1027,7 @@ class ImportResult(object):
_fields = '''count no_user_id imported imported_rsa unchanged
n_uids n_subk n_sigs n_revoc sec_read sec_imported sec_dups
not_imported'''.split()
_counts = collections.OrderedDict(
_counts = OrderedDict(
zip(_fields, [int(0) for x in range(len(_fields))]) )
#: A list of strings containing the fingerprints of the GnuPG keyIDs

2
gnupg/_trust.py
View File

@ -55,7 +55,7 @@ def export_ownertrust(cls, trustdb=None):
try:
os.rename(trustdb, trustdb + '.bak')
except (OSError, IOError) as err:
log.debug(err.message)
log.debug(str(err))
export_proc = cls._open_subprocess('--export-ownertrust')
tdb = open(trustdb, 'wb')

7
gnupg/_util.py
View File

@ -27,7 +27,6 @@ from time import mktime
import codecs
import encodings
import exceptions
import os
import psutil
import threading
@ -149,7 +148,7 @@ def _copy_data(instream, outstream):
break
except IOError as ioe:
# Can get 'broken pipe' errors even when all data was sent
if 'Broken pipe' in ioe.message:
if 'Broken pipe' in str(ioe):
log.error('Error sending data: Broken pipe')
else:
log.exception(ioe)
@ -287,7 +286,7 @@ def _find_binary(binary=None):
assert not os.path.islink(found), "Path to gpg binary is symlink"
assert os.access(found, os.X_OK), "Lacking +x perms for gpg binary"
except (AssertionError, AttributeError) as ae:
log.error(ae.message)
log.error(str(ae))
else:
return found
@ -605,7 +604,7 @@ class Storage(dict):
try:
del self[key]
except KeyError as k:
raise AttributeError(k.message)
raise AttributeError(k.args[0])
def __repr__(self):
return '<Storage ' + dict.__repr__(self) + '>'

11
gnupg/gnupg.py
View File

@ -31,7 +31,6 @@ from __future__ import absolute_import
from codecs import open as open
import encodings
import exceptions
import functools
import os
import re
@ -241,7 +240,7 @@ class GPG(GPGBase):
:command:`$ gpg --with-colons --list-config digestname`.
The default, if unspecified, is ``'SHA512'``.
"""
if 'default_key' in kwargs.items():
if 'default_key' in kwargs:
log.info("Signing message '%r' with keyid: %s"
% (data, kwargs['default_key']))
else:
@ -416,7 +415,7 @@ class GPG(GPGBase):
fingerprints = ' '.join(fingerprints)
args = ['--batch']
args.append("--delete-{} {}".format(which, fingerprints))
args.append("--delete-{0} {1}".format(which, fingerprints))
result = self._result_map['delete'](self)
p = self._open_subprocess(args)
@ -441,7 +440,7 @@ class GPG(GPGBase):
keyids = ' '.join(['%s' % k for k in keyids])
args = ["--armor"]
args.append("--export{} {}".format(which, keyids))
args.append("--export{0} {1}".format(which, keyids))
p = self._open_subprocess(args)
## gpg --export produces no status-fd output; stdout will be empty in
@ -572,13 +571,13 @@ class GPG(GPGBase):
if os.path.isfile(self.temp_keyring):
prefix = os.path.join(self.temp_keyring, fpr)
try: os.rename(self.temp_keyring, prefix+".pubring")
except OSError as ose: log.error(ose.message)
except OSError as ose: log.error(str(ose))
if self.temp_secring:
if os.path.isfile(self.temp_secring):
prefix = os.path.join(self.temp_secring, fpr)
try: os.rename(self.temp_secring, prefix+".secring")
except OSError as ose: log.error(ose.message)
except OSError as ose: log.error(str(ose))
log.info("Key created. Fingerprint: %s" % fpr)
key.keyring = self.temp_keyring

35
gnupg/test/test_gnupg.py 100644 → 100755
View File

@ -47,8 +47,8 @@ import tempfile
## these dependencies require Python>=2.6 in order to have proper SSL support.
##
## Use unittest2 if we're on Python2.6 or less:
if sys.version_info.major == 2 and sys.version_info.minor <= 6:
unittest = __import__(unittest2)
if sys.version_info[0] == 2 and sys.version_info[1] <= 6:
import unittest2 as unittest
else:
import unittest
@ -62,7 +62,7 @@ try:
import gnupg._parsers as _parsers
import gnupg._logger as _logger
except (ImportError, ValueError) as ierr:
raise SystemExit(ierr.message)
raise SystemExit(str(ierr))
log = _util.log
@ -325,15 +325,19 @@ class GPGTestCase(unittest.TestCase):
def test_copy_data_bytesio(self):
"""Test that _copy_data() is able to duplicate byte streams."""
message = "This is a BytesIO string."
message = b"This is a BytesIO string."
instream = io.BytesIO(message)
self.assertEqual(unicode(message), instream.getvalue())
self.assertEqual(message, instream.getvalue())
out_filename = 'test-copy-data-bytesio'
# Create the test file:
outfile = os.path.join(os.getcwdu(), out_filename)
outstream = open(outfile, 'w+')
try:
cwd = os.getcwdu()
except AttributeError:
cwd = os.getcwd() # not present in Python 3
outfile = os.path.join(cwd, out_filename)
outstream = open(outfile, 'wb+')
# _copy_data() will close both file descriptors
_util._copy_data(instream, outstream)
@ -685,7 +689,7 @@ class GPGTestCase(unittest.TestCase):
self.assertTrue(sig.data, "File signing should succeed")
sigfd = open(sigfn, 'w')
sigfd = open(sigfn, 'wb')
sigfd.write(sig.data)
sigfd.flush()
@ -820,14 +824,14 @@ authentication."""
riggio_input = self.gpg.gen_key_input(separate_keyring=True, **riggio)
log.info("Key stored in separate keyring: %s" % self.gpg.temp_keyring)
riggio = self.gpg.gen_key(riggio_input)
self.gpg.options = ['--keyring {}'.format(riggio.keyring)]
self.gpg.options = ['--keyring {0}'.format(riggio.keyring)]
riggio_key = self.gpg.export_keys(riggio.fingerprint)
self.gpg.import_keys(riggio_key)
sicari_input = self.gpg.gen_key_input(separate_keyring=True, **sicari)
log.info("Key stored in separate keyring: %s" % self.gpg.temp_keyring)
sicari = self.gpg.gen_key(sicari_input)
self.gpg.options.append('--keyring {}'.format(sicari.keyring))
self.gpg.options.append('--keyring {0}'.format(sicari.keyring))
sicari_key = self.gpg.export_keys(sicari.fingerprint)
self.gpg.import_keys(sicari_key)
@ -925,15 +929,15 @@ analysis of different kinds of data (temperature, humidity, etc.) coming from
a WSN while ensuring both end-to-end encryption and hop-by-hop
authentication."""
enc = self.gpg.encrypt(message, alice_pfpr, bob_pfpr)
encrypted = str(enc.data)
encrypted = str(enc)
log.debug("encryption_decryption_multi_recipient() Ciphertext = %s"
% encrypted)
self.assertNotEquals(message, encrypted)
dec_alice = self.gpg.decrypt(encrypted, passphrase="test")
self.assertEquals(message, str(dec_alice.data))
self.assertEquals(message, str(dec_alice))
dec_bob = self.gpg.decrypt(encrypted, passphrase="test")
self.assertEquals(message, str(dec_bob.data))
self.assertEquals(message, str(dec_bob))
def test_symmetric_encryption_and_decryption(self):
"""Test symmetric encryption and decryption"""
@ -943,7 +947,7 @@ know, maybe you shouldn't be doing it in the first place.
encrypted = str(self.gpg.encrypt(msg, passphrase='quiscustodiet',
symmetric=True, encrypt=False))
decrypt = self.gpg.decrypt(encrypted, passphrase='quiscustodiet')
decrypted = str(decrypt.data)
decrypted = str(decrypt)
log.info("Symmetrically encrypted data:\n%s" % encrypted)
log.info("Symmetrically decrypted data:\n%s" % decrypted)
@ -975,9 +979,8 @@ know, maybe you shouldn't be doing it in the first place.
with open(enc_outf) as enc2:
fdata = enc2.read()
ddata = str(self.gpg.decrypt(fdata, passphrase="overalls"))
ddata = self.gpg.decrypt(fdata, passphrase="overalls").data
data = data.encode(self.gpg._encoding)
if ddata != data:
log.debug("data was: %r" % data)
log.debug("new (from filehandle): %r" % fdata)