<posted & mailed> Alessandro Bottoni wrote:
> I know you will shake you head sadly but... I really have to perform such > a suicidal task (even if for a short time and just for internal use). > > I have to send by email (over the open internet) a XML file containing > _system commands_ (yes: the kind of stuff like "rm -dfr /") to a server > and have a Python program sitting on this server, fetching and parsing the > e-mail message and executing the commands (maybe with _root privileges_). > > Of course, I want to be sure that only the allowed people is able to send > such dangerous messages to my server so I will ask my users to encrypt and > digitally sign their messages using Thunderbird, Enigmail and GPG as > described in this very fine tutorial: > > http://goldenspud.com/webrog/archives/2005/03/10/encrypt-encrypt/ > > So far, so good, but I still have a couple of doubts about the server > side: > > 1) What would you use to decrypt the messages? The GPG module created by > Andrew Kuchling is declared "incomplete" and "no more maintained" on his > web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the > game. Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any > other module? What about using the command line program via os.pipeX("gpg...")? I've done it this way when I needed to _create_ encrypted mail attachments using python (you'll need different gpg options for decrypting): pipe_in, pipe_out = os.popen2("/usr/bin/gpg -q -r KEYID -s" "--passphrase-fd 0 --batch --no-tty -a -o - -e '%s'" % path_to_temporary_file) pipe_in.write("passphrase") pipe_in.close() # read encrypted file from pipe_out pipe_out.close() > 2) I did not find any mention of _encrypted attachments_ on the Net. Does > anybody know of a tutorial or a guide that explains how to encrypt (with > Thunderbird/Enigmail) and decrypt (with Python) the (ANSI text) files > attached to a email message? I can't help you with Thunderbird. In the worst case, you'll have to encrypt your command file manually and attach the encrypted version to your mail. KMail does have checkboxes for encrypt/sign every attachment separately... -- Benjamin Niemann Email: pink at odahoda dot de WWW: http://www.odahoda.de/ -- http://mail.python.org/mailman/listinfo/python-list
