108 lines
4.7 KiB
Org Mode
108 lines
4.7 KiB
Org Mode
-*- mode: org -*-
|
|
|
|
* I/O :io:
|
|
** TODO in GPG.__make_args() :io:makeargs:
|
|
It would be nice to make the file descriptors for communication with the GnuPG
|
|
process configurable, and not the default, hard-coded 0=stdin 1=stdout
|
|
2=stderr.
|
|
|
|
* Key editing :editkey:
|
|
** TODO add '--edit-key' feature :editkey:
|
|
see :compatibility:gen__key_input:
|
|
|
|
* Compatibility between GnuPG versions :compatibility:
|
|
** TODO GnuPG>=2.1.0 won't allow key generation with preset passphrase
|
|
*** DONE add version detection for GPG.gen_key_input() :compatibility:gen_key_input:
|
|
DONE: use gnupg._util._is_gpg2() and gnupg.util._is_gpg1() to check versions
|
|
|
|
If we add a GnuPG version detection feature (the version string is already
|
|
obtained in GPG.___init___() [[gnupg.py:407]]), then we can automatically chain
|
|
GPG.gen__key_input() to another new feature for '--edit-key'. This chaining
|
|
would likely need to happen here [[gnupg.py:1146]].
|
|
|
|
*** TODO passphase setting for GnuPGv2.x in GPG.gen__key_input() :compatibility:gen_key_input:
|
|
In the docstring of GPG.gen__key_input() [[gnupg.py:1068]], for the parameter
|
|
'passphrase', it is explained that:
|
|
|
|
:param str passphrase: The passphrase for the new key. The default is
|
|
to not use any passphrase. Note that
|
|
GnuPG>=2.1.x will not allow you to specify a
|
|
passphrase for batch key generation -- GnuPG
|
|
will ignore the ``passphrase`` parameter, stop,
|
|
and ask the user for the new passphrase.
|
|
However, we can put the command '%no-protection'
|
|
into the batch key generation file to allow a
|
|
passwordless key to be created, which can then
|
|
have its passphrase set later with '--edit-key'.
|
|
|
|
*** TODO add '--edit-key' feature :editkey:
|
|
This would be necessary for adding a passphrase to the key after passwordless
|
|
generation in GnuPG>=2.1.0.
|
|
|
|
** DONE GnuPG==1.4.12 doesn't process "Key-Type: default" in batch files
|
|
|
|
DONE: GnuPG version detection in gen_key_input() was added in commits
|
|
6eccbe704841cca90573dc554019712528d927a0 and
|
|
1e867d6e117f603cd9f2238641a1fb9cb87d4b51
|
|
|
|
(python-gnupg)∃!isisⒶwintermute:~/code/riseup/python-gnupg ∴ ipython
|
|
WARNING: Attempting to work in a virtualenv. If you encounter problems, please install IPython inside the virtualenv.
|
|
|
|
In [1]: import gnupg
|
|
GnuPG logging disabled...
|
|
|
|
In [2]: gpg = gnupg.GPG(homedir='./tests/doctests')
|
|
|
|
In [3]: key_input = gpg.gen_key_input()
|
|
|
|
In [4]: print key_input
|
|
Key-Type: default
|
|
Key-Length: 4096
|
|
Subkey-Type: default
|
|
Name-Email: isis@wintermute
|
|
Expire-Date: 2014-05-28
|
|
Name-Real: Autogenerated Key
|
|
%commit
|
|
|
|
|
|
In [5]: key = gpg.gen_key(key_input)
|
|
|
|
In [6]: print key.stderr
|
|
gpg: -:1: invalid algorithm
|
|
[GNUPG:] KEY_NOT_CREATED
|
|
|
|
|
|
In [7]: quit()
|
|
(python-gnupg)∃!isisⒶwintermute:~/code/riseup/python-gnupg ∴ which gpg
|
|
/usr/bin/gpg
|
|
(python-gnupg)∃!isisⒶwintermute:~/code/riseup/python-gnupg ∴ gpg --version
|
|
gpg (GnuPG) 1.4.12
|
|
Copyright (C) 2012 Free Software Foundation, Inc.
|
|
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
|
|
This is free software: you are free to change and redistribute it.
|
|
There is NO WARRANTY, to the extent permitted by law.
|
|
|
|
Home: ~/.gnupg
|
|
Supported algorithms:
|
|
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
|
|
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
|
|
CAMELLIA192, CAMELLIA256
|
|
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
|
|
Compression: Uncompressed, ZIP, ZLIB, BZIP2
|
|
(python-gnupg)∃!isisⒶwintermute:~/code/riseup/python-gnupg ∴
|
|
|
|
* Code cleanup :cleanup:
|
|
** TODO in parsers.__sanitise() :cleanup:sanitise:
|
|
Ughh...this is the ugliest code I think I've ever written. It works, but I
|
|
worry that it is fragile, not to mention *I* have trouble reading it, and I
|
|
fucking wrote the damn thing. There's probably not much that could be done to
|
|
make it more Pythonic, because type checks and input validation are pretty much
|
|
intrinsically non-Pythonic. But did i mention that it's ugly? I'm sure these
|
|
functions would be pretty glad to get a shower, shave, and haircut.
|
|
|
|
** TODO in parsers.__is_allowed() :cleanup:is_allowed:
|
|
There is a lot of madness dealing with stupid things like hyphens
|
|
vs. underscores, and lists of options vs. strings. This can *definitely* be
|
|
cleaned up.
|
|
|