A modified version of python-gnupg, including security patches, extensive documentation, and extra features.

Go to file

Isis Lovecruft 906b1a7142 Fix class attribute side effects between instances of ImportResult. This fixes an issue reported by @adulau on Github where importing KeyA and asking for the ``ImportResult.fingerprints`` would list KeyA's fingerprints, and then importing KeyB and asking for the ``ImportResult.fingerprints`` would list both KeyA and KeyB's fingerprints. This was caused by a side effect resulting from the ``ImportResult.fingerprints`` being a class-level attribute, which gets modified by the first call to ``gnupg.GPG.import_key()``, causing later instances of ``ImportResult`` to retain the side effect. This commit causes the ``ImportResult`` class to be indempotent under sequential composition calls to ``gnupg.GPG.import_keys()``, ultimately resulting in listing, upon each key import attempt, only the fingerprints of the keys which were listed that time. * FIXES Issue #81 https://github.com/isislovecruft/python-gnupg/issues/81		2014-11-27 00:51:55 +00:00
docs	Update copyright years on Sphinx docs.	2014-08-02 01:54:30 +00:00
examples	add missing imports	2014-07-14 10:32:46 -05:00
gnupg	Fix class attribute side effects between instances of ImportResult.	2014-11-27 00:51:55 +00:00
.gitattributes	Add .gitattributes file for versioneer.	2013-05-13 10:16:39 +00:00
.gitignore	ignore vim swapfiles	2014-07-14 10:33:51 -05:00
LICENSE	Change LICENSE to GPLv3+, after discussion with intrigeri.	2013-07-27 19:27:53 +00:00
MANIFEST.in	Exclude logfiles and Emacs autosave files from being packaged on PyPI.	2014-09-26 23:45:44 +00:00
Makefile	Add an `upload` Makefile directive for uploading to PyPI.	2014-09-27 01:21:01 +00:00
README	update interface calls in README	2014-07-14 10:31:42 -05:00
README.md	Add symbolic link to markdown README file.	2013-07-09 08:43:27 +00:00
TODO	Remove irrelevant TODO item.	2014-09-26 05:58:21 +00:00
requirements.txt	relax psutil version pinning	2014-07-02 12:27:05 -05:00
setup.cfg	Fix setup.cfg 'upload_all' alias.	2013-12-04 11:34:49 +00:00
setup.py	fix failing test_signature_string_bad_passphase	2014-08-01 17:13:27 -05:00
versioneer.py	Add versioneer and restructure the repo into a src/ dir.	2013-05-12 09:32:46 +00:00

README.md

python-gnupg

Fork of python-gnupg-0.3.2, patched to fix a potential vulnerability which could result in remote code execution, do to unsanitised inputs being passed to subprocess.Popen([...], shell=True).

Installation

From PyPI

It's simple. Just do:

[sudo] pip install gnupg

From this git repository

To install this package from this git repository, do:

git clone https://github.com/isislovecruft/python-gnupg.git
cd python-gnupg
make install
make test

Optionally to build the documentation after installation, do:

make docs

To get started using python-gnupg's API, see the online documentation, and import the module like so:

>>> import gnupg

The primary interface class you'll likely want to interact with is gnupg.GPG:

>>> gpg = gnupg.GPG(binary='/usr/bin/gpg',
...     homedir='./keys',
...     keyring='pubring.gpg',
...     secring='secring.gpg')
>>> batch_key_input = gpg.gen_key_input(
...     key_type='RSA',
...     key_length=4096)
>>> print batch_key_input
Key-Type: RSA
Name-Email: isis@wintermute
Key-Length: 4096
Name-Real: Autogenerated Key
%commit

>>> key = gpg.gen_key(batch_key_input)
>>> print key.fingerprint
245D8FA30F543B742053949F553C0E154F2E7A98

Bug Reports & Feature Requests

Currently, the bugtracker is here on Github. This may change in the future, but for now please feel free to use it to make bugreports and feature requests.

Public comments and discussions are also welcome on the bugtracker, or as tweets.

Patches are greatly appreciated, and if unsuitable for merging I will make improvement suggestions based on code review until the patch is acceptable.