From 6dbc713dc98f7bc1182ce80e2a962c03b13516f9 Mon Sep 17 00:00:00 2001 From: brent s Date: Fri, 8 Sep 2017 04:13:56 -0400 Subject: [PATCH] WHEW. test.py working now. still need to test pushing to a keyserver --- gpg/kant/.gitignore | 1 + gpg/kant/kant.py | 5 +-- gpg/kant/test.py | 88 ++++++++++++++++++++++++++++++++++++++++----- 3 files changed, 84 insertions(+), 10 deletions(-) create mode 100644 gpg/kant/.gitignore diff --git a/gpg/kant/.gitignore b/gpg/kant/.gitignore new file mode 100644 index 0000000..30f788f --- /dev/null +++ b/gpg/kant/.gitignore @@ -0,0 +1 @@ +/gpgme.pdf diff --git a/gpg/kant/kant.py b/gpg/kant/kant.py index 00a91bf..0a7cd5e 100755 --- a/gpg/kant/kant.py +++ b/gpg/kant/kant.py @@ -30,13 +30,14 @@ import gpg # non-stdlib; Arch package is "python-gpgme" - see #The signatures have been pushed to KEYSERVERS. # #I have taken the liberty of attaching my public key in the event you've not signed it yet and were unable to find it. -#Please feel free to push to pgp.mit.edu or hkps.pool.sks-keyservers.net. +#Please feel free to push to hkps://sks.mirror.square-r00t.net:11371 (you can do this with "gpg --keyserver ...) or any other SKS-pooled keyserver[0]. # #As a reminder, my key ID, Keybase.io username, and verification/proof of identity can all be found at: # -#https://devblog.square-r00t.net/about/my-gpg-public-key-verification-of-identity +#https://square-r00t.net/gpg-info # #Thanks again! +#[0] https://mirror.square-r00t.net/#svcs-sks class sigsession(object): def __init__(self, args): diff --git a/gpg/kant/test.py b/gpg/kant/test.py index c32048a..f2f31c8 100755 --- a/gpg/kant/test.py +++ b/gpg/kant/test.py @@ -1,17 +1,28 @@ #!/usr/bin/env python3 -# This is more of a documentation on some python-gpgme (https://pypi.python.org/pypi/gpg) examples. +# This is less of a test suite and more of an active documentation on some python-gpgme (https://pypi.python.org/pypi/gpg) examples. # Because their only documentation for the python bindings is in pydoc, and the C API manual is kind of useless. import gpg import gpg.constants import inspect +import os import pprint +import re +import subprocess +import operator +from functools import reduce + +os.environ['GNUPGHOME'] = '/home/bts/tmpgpg' +# JUST in case we need to... +#subprocess.run(['gpgconf', '--reload', 'dirmngr']) # my key ID -mykey = '748231EBCBD808A14F5E85D28C004C2F93481F6B' +#mykey = '748231EBCBD808A14F5E85D28C004C2F93481F6B' +mykey = '2805EC3D90E2229795AFB73FF85BC40E6E17F339' # a key to test with -theirkey = '63D1CEA387C27A92E0D50AB8343C305F9109D4DC' +theirkey = 'CA7D304ABA7A3E24C9414D32FFA0F1361AD82A06' +testfetch = [theirkey, '748231EBCBD808A14F5E85D28C004C2F93481F6B'] # Create a context # Params: @@ -53,10 +64,71 @@ klmodes = {'local': gpg.constants.KEYLIST_MODE_LOCAL, #mode -- keylist mode (default: list local keys) #source -- read keys from source instead from the keyring # (all other options are ignored in this case) -ctx.keylist(pattern = 'bts@square-r00t.net', - secret = False, - mode = klmodes['both'], - source = None) +tkey2 = None -# Test fetching from a keyserver +# jrdemasi@gmail.com = 0xEFD9413B17293AFDFE6EA6F1402A088DEDF104CB +for k in ctx.keylist(pattern = 'jrdemasi', secret = False, mode = klmodes['remote'], source = None): + #pprint.pprint(inspect.getmembers(k)) + tkey2 = k + #print(tkey2.fpr) +# Test fetching from a keyserver - we'll grab the last key from the above iteration +try: + ctx.op_import_keys([tkey2]) +except gpg.errors.GPGMEError: + pass # key isn't on the keyserver, or it isn't accessible, etc. + +# Test signing +ctx.key_tofu_policy(tkey2, gpg.constants.TOFU_POLICY_ASK) +ctx.signers = [mkey] +days_valid = 4 +exptime = 4 * 24 * 60 * 60 +ctx.key_sign(tkey2, expires_in = exptime, local = True) + +# https://www.apt-browse.org/browse/debian/wheezy/main/amd64/python-pyme/1:0.8.1-2/file/usr/share/doc/python-pyme/examples/t-edit.py +# https://searchcode.com/codesearch/view/20535820/ +# https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;h=0be55f4d64178a5636cbe9f12f63c6f9853f3aa2;hb=refs/heads/master +class KeyEditor(object): + def __init__(self): + self.replied_once = False + trust = '3' # this is the level of trust... in this case, marginal. + rcptemail = 'test@test.com' + # we exclude 'help' + self.kprmpt = ['trust', 'fpr', 'sign', 'tsign', 'lsign', 'nrsign', 'grip', 'list', + 'uid', 'key', 'check', 'deluid', 'delkey', 'delsig', 'pref', 'showpref', + 'revsig', 'enable', 'disable', 'showphoto', 'clean', 'minimize', 'save', + 'quit'] + self.prmpt = {'edit_ownertrust': {'value': trust, + 'set_ultimate': {'okay': 'yes'}}, + 'untrusted_key': {'override': 'yes'}, + 'pklist': {'user_id': {'enter': rcptemail}}, + 'keyedit': {'prompt': 'trust', # the mode we initiate. + 'save': {'okay': 'yes'}}} + + def edit_fnc(self, status, args, out): + result = None + out.seek(0,0) + #print(status, args) + #print(out.read().decode('utf-8')) + #print('{0} ({1})'.format(status, args)) + def mapDict(m, d): + return(reduce(operator.getitem, m, d)) + if args == 'keyedit.prompt' and self.replied_once: + result = 'quit' + elif status == 'KEY_CONSIDERED': + result = None + self.replied_once = False + elif status == 'GET_LINE': + #print('DEBUG: looking up mapping...') + self.replied_once = True + _ilist = args.split('.') + result = mapDict(_ilist, self.prmpt) + if not result: + result = None + return(result) + +# Test setting trust +out = gpg.Data() +ctx.interact(tkey2, KeyEditor().edit_fnc, sink = out, fnc_value = out) +out.seek(0,0) +#print(out.read(), end = ' ')