This is useful so that the signer can see exactly what was sent
and makes it possible to resend/import/upload the signatures
later without signing again (risking duplicate signatures).
---
monkeysign/gpg.py | 13 ++++++++-----
monkeysign/ui.py | 17 +++++++++++------
2 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/monkeysign/gpg.py b/monkeysign/gpg.py
index 88769b0..351e2cd 100644
--- a/monkeysign/gpg.py
+++ b/monkeysign/gpg.py
@@ -377,12 +377,15 @@ class Keyring():
raise GpgProtocolError(self.context.returncode, _('unexpected
GPG exit code in list-keys: %d') % self.context.returncode)
return keys
- def encrypt_data(self, data, recipient):
+ def encrypt_data(self, data, recipients):
"""encrypt data using asymetric encryption
- returns the encrypted data or raise a GpgRuntimeError if it fails
+ returns the encrypted data or raises a GpgRuntimeError if it failed.
"""
- self.context.call_command(['recipient', recipient, '--encrypt'], data)
+ command = ['encrypt']
+ for recipient in recipients:
+ command += ['--recipient', recipient]
+ self.context.call_command(command, data)
if self.context.returncode == 0:
return self.context.stdout
else:
@@ -391,9 +394,9 @@ class Keyring():
def decrypt_data(self, data):
"""decrypt data using asymetric encryption
- returns the plaintext data or raise a GpgRuntimeError if it failed.
+ returns the plaintext data or raises a GpgRuntimeError if it failed.
"""
- self.context.call_command(['--decrypt'], data)
+ self.context.call_command(['decrypt'], data)
if self.context.returncode == 0:
return self.context.stdout
else:
diff --git a/monkeysign/ui.py b/monkeysign/ui.py
index 19fdef8..9166c77 100644
--- a/monkeysign/ui.py
+++ b/monkeysign/ui.py
@@ -319,14 +319,14 @@ Sign all identities? [y/N] \
if self.chosen_uid is None:
for uid in key.uids.values():
try:
- msg = EmailFactory(self.tmpkeyring.export_data(fpr),
fpr, uid.uid, from_user, self.options.to)
+ msg =
EmailFactory(self.keyring.export_data(self.signing_key.fpr),
self.signing_key.fpr, self.tmpkeyring.export_data(fpr), fpr, uid.uid,
from_user, self.options.to)
except GpgRuntimeError as e:
self.warn(_('failed to create email: %s') % e)
break
self.sendmail(msg)
else:
try:
- msg = EmailFactory(self.tmpkeyring.export_data(fpr), fpr,
self.chosen_uid, from_user, self.options.to)
+ msg =
EmailFactory(self.keyring.export_data(self.signing_key.fpr),
self.signing_key.fpr, self.tmpkeyring.export_data(fpr), fpr, self.chosen_uid,
from_user, self.options.to)
except GpgRuntimeError as e:
self.warn(_('failed to create email: %s') % e)
break
@@ -394,21 +394,24 @@ yourself. With GnuPG this can be done using:
Regards,
""")
- def __init__(self, keydata, keyfpr, recipient, mailfrom, mailto):
+ def __init__(self, signingkeydata, signingkeyfpr, keydata, keyfpr,
recipient, mailfrom, mailto):
"""email constructor
we expect to find the following arguments:
+signingkeydata: the signing key
+signingkeyfpr: the fingerprint of the signing key
keydata: the signed public key material
keyfpr: the fingerprint of that public key
-recipient: the recipient to encrypt the mail to
+recipient: the recipient to send the mail to
mailfrom: who the mail originates from
mailto: who to send the mail to (usually similar to recipient, but can be used
to specify specific keyids"""
- (self.keyfpr, self.recipient, self.mailfrom, self.mailto) = (keyfpr,
recipient, mailfrom.decode('utf-8'), mailto or recipient)
+ (self.signingkeyfpr, self.keyfpr, self.recipient, self.mailfrom,
self.mailto) = (signingkeyfpr, keyfpr, recipient, mailfrom.decode('utf-8'),
mailto or recipient)
self.mailto = self.mailto.decode('utf-8')
# operate over our own keyring, this allows us to remove UIDs freely
self.tmpkeyring = TempKeyring()
# copy data over from the UI keyring
+ self.tmpkeyring.import_data(signingkeydata)
self.tmpkeyring.import_data(keydata)
# prepare for email transport
self.tmpkeyring.context.set_option('armor')
@@ -433,6 +436,8 @@ mailto: who to send the mail to (usually similar to
recipient, but can be used t
def cleanup_uids(self):
"""this will remove any UID not matching the 'recipient' set in the
class"""
for fpr, key in self.tmpkeyring.get_keys().iteritems():
+ if fpr != self.keyfpr:
+ continue
todelete = []
for uid in key.uids.values():
if self.recipient != uid.uid:
@@ -445,7 +450,7 @@ mailto: who to send the mail to (usually similar to
recipient, but can be used t
# an encrypted MIME message, made of two parts: the
# introduction and the signed key material
message =
self.create_mail_from_block(self.tmpkeyring.export_data(self.keyfpr))
- encrypted = self.tmpkeyring.encrypt_data(message.as_string(),
self.keyfpr)
+ encrypted = self.tmpkeyring.encrypt_data(message.as_string(),
[self.keyfpr, self.signingkeyfpr])
# the second layer up, made of two parts: a version number
# and the first layer, encrypted
--
1.7.10.4
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]