Add a testing mode to GPG.gen_key_input() which uses insecure PRNG.

* This should only be used in the unittests, as the PRNG it uses in GnuPG does
   not create strong keypairs (though it's faster, thus why we're using it for
   testing).

gnupg/gnupg.py

@@ -660,7 +660,7 @@ class GPG(object):
         f.close()
         return key
 
-    def gen_key_input(self, **kwargs):
+    def gen_key_input(self, testing=False, **kwargs):
         """Generate a batch file for input to :meth:`GPG.gen_key()`.
 
         The GnuPG batch file key generation feature allows unattended key
@@ -720,27 +720,43 @@ class GPG(object):
         """
 
         parms = {}
+
         for key, val in list(kwargs.items()):
             key = key.replace('_','-').title()
             if str(val).strip():    # skip empty strings
                 parms[key] = val
+
         parms.setdefault('Key-Type', 'RSA')
         parms.setdefault('Key-Length', 4096)
         parms.setdefault('Name-Real', "Autogenerated Key")
         parms.setdefault('Expire-Date', _util._next_year())
+
         try:
             logname = os.environ['LOGNAME']
         except KeyError:
             logname = os.environ['USERNAME']
         hostname = socket.gethostname()
-        parms.setdefault('Name-Email', "%s@%s"
+
-                         % (logname.replace(' ', '_'), hostname))
+        parms.setdefault('Name-Email', "%s@%s" % (logname.replace(' ', '_'),
+                                                  hostname))
+
+        if testing:
+            ## This specific comment string is required by (some? all?)
+            ## versions of GnuPG to use the insecure PRNG:
+            parms.setdefault('Name-Comment', 'insecure!')
 
         out = "Key-Type: %s\n" % parms.pop('Key-Type')
+
         for key, val in list(parms.items()):
             out += "%s: %s\n" % (key, val)
+
         out += "%%pubring %s\n" % self.pubring
         out += "%%secring %s\n" % self.secring
+
+        if testing:
+            out += "%no-protection\n"
+            out += "%transient-key\n"
+            
         out += "%commit\n"
         return out
 

gnupg/tests/test_gnupg.py

@@ -265,7 +265,6 @@ class GPGTestCase(unittest.TestCase):
 
         batch = {'Key-Type': key_type,
                  'Key-Length': key_length,
-                 'Name-Comment': 'python-gnupg tester',
                  'Expire-Date': 1,
                  'Name-Real': '%s' % real_name,
                  'Name-Email': ("%s@%s" % (name, email_domain))}
@@ -276,7 +275,7 @@ class GPGTestCase(unittest.TestCase):
             batch['Subkey-Type'] = subkey_type
             batch['Subkey-Length'] = key_length
 
-        key_input = self.gpg.gen_key_input(**batch)
+        key_input = self.gpg.gen_key_input(testing=True, **batch)
         return key_input
 
     def generate_key(self, real_name, email_domain, **kwargs):
@@ -568,7 +567,7 @@ class GPGTestCase(unittest.TestCase):
         self.assertAlmostEqual(int(now), int(verified.timestamp), delta=1000)
         self.assertEqual(
             verified.username,
-            u'Bruce Schneier (python-gnupg tester) <bruceschneier@schneier.com>')
+            u'Bruce Schneier (insecure!) <bruceschneier@schneier.com>')
 
     def test_signature_verification_clearsign(self):
         """Test verfication of an embedded signature."""