From b93ac7368dfddc8ce9a37824a54a95b93d46c7bf Mon Sep 17 00:00:00 2001
From: brent s <r00t@square-r00t.net>
Date: Tue, 5 Sep 2017 00:00:17 -0400
Subject: [PATCH] restructuring, adding man page to let us make the help output
 less verbose

---
 gpg/{ => kant}/commented.testbatch.kant.csv |  0
 gpg/kant/kant.1                             | 19 ++++++++
 gpg/{ => kant}/kant.py                      | 54 ++++++++++++++++++---
 gpg/{ => kant}/testbatch.kant.csv           |  0
 4 files changed, 66 insertions(+), 7 deletions(-)
 rename gpg/{ => kant}/commented.testbatch.kant.csv (100%)
 create mode 100644 gpg/kant/kant.1
 rename gpg/{ => kant}/kant.py (89%)
 rename gpg/{ => kant}/testbatch.kant.csv (100%)

diff --git a/gpg/commented.testbatch.kant.csv b/gpg/kant/commented.testbatch.kant.csv
similarity index 100%
rename from gpg/commented.testbatch.kant.csv
rename to gpg/kant/commented.testbatch.kant.csv
diff --git a/gpg/kant/kant.1 b/gpg/kant/kant.1
new file mode 100644
index 0000000..ccb4ad5
--- /dev/null
+++ b/gpg/kant/kant.1
@@ -0,0 +1,19 @@
+.\" Manpage for KANT.
+.\" Contact bts@square-r00t.net to correct errors or typos.
+.TH kant 1 "04 Sept 2017" "1.0" "KANT - Keysigning and Notification Tool"
+.SH NAME
+kant \- Sign GnuPG/OpenPGP/PGP keys and notify the key owner(s)
+.SH SYNOPSIS
+.HP \w'\fBgpasswd\fR\ 'u
+\fBkant\fR [\fIoptions\fR] \fI\fR
+.SH DESCRIPTION
+.PP
+Keysigning (and keysigning parties) are a lot of fun\&. Unfortunately, they can be intimidating to those new to the experience\&. This tool offers a simple and easy-to-use interface to sign public keys (normal, local-only, and/or non-exportable), set owner trust, specify level of checking done, and push the signatures to a keyserver\&. 
+.SH OPTIONS
+The nuseradd does not take any options. However, you can supply username.
+.SH SEE ALSO
+useradd(8), passwd(5), nuseradd.debian(8) 
+.SH BUGS
+No known bugs.
+.SH AUTHOR
+Brent Saner (bts@square-r00t.net)
\ No newline at end of file
diff --git a/gpg/kant.py b/gpg/kant/kant.py
similarity index 89%
rename from gpg/kant.py
rename to gpg/kant/kant.py
index e4e41e2..ea82ae5 100755
--- a/gpg/kant.py
+++ b/gpg/kant/kant.py
@@ -14,6 +14,7 @@ import urllib.parse
 import gpgme  # non-stdlib; Arch package is "python-pygpgme"
 
 # TODO:
+# - http://tanguy.ortolo.eu/blog/article9/pgp-signature-infos edit certification level- possible with pygpgme?
 # -attach pubkey when sending below email
 # mail to first email address in key with signed message:
 #Subj: Your GPG key has been signed
@@ -284,6 +285,24 @@ def sigKeys(trusts, args):  # The More Business-End(TM)
                     signerkey = gpg.get_key(s.keyid).subkeys[0].fpr
                     if signerkey == mkey.subkeys[0].fpr:
                         sign = False  # We already signed this key
+                except gpgme.GpgmeError:
+                    pass  # usually if we get this it means we don't have a signer's key in our keyring
+        trusts[k]['sign'] = sign
+
+        # edit_sign(ctx, key, index=0, local=False, norevoke=False, expire=True, check=0)
+        #       index:    the index of the user ID to sign, starting at 1.  Sign all
+        #       user IDs if set to 0.
+        #       local:    make a local signature
+        #       norevoke: make a non-revokable signature
+        #       command:  the type of signature.  One of sign, lsign, tsign or nrsign.
+        #       expire:   whether the signature should expire with the key.
+        #       check:    Amount of checking performed.  One of:
+        #         0 - no answer
+        #         1 - no checking
+        #         2 - casual checking
+        #         3 - careful checking
+
+        #gpgme.editutil.edit_sign(gpg, k, index = 0, lo
 
 
 def pushKeys():  # The Last Business-End(TM)
@@ -414,13 +433,28 @@ def parseArgs():
                       help = 'The trust level to automatically apply to all keys\n' +
                              '(if not specified, kant will prompt for each key).\n' +
                              'See -b/--batch for trust level notations.')
+    args.add_argument('-c',
+                      '--check',
+                      dest = 'checklevel',
+                      default = None,
+                      help = 'The level of checking done (if not specified, kant will\n' +
+                             'prompt for each key). See -b/--batch for check level notations.')
+    args.add_argument('-e',
+                      '--export',
+                      dest = 'export',
+                      default = 'true',
+                      help = 'Make the signatures exportable (default is True).\nSee -b/--batch for more information.')
+    args.add_argument('-l',
+                      '--local',
+                      dest = 'local',
+                      default = 'false',
+                      help = 'Make the signature(s) local-only (i.e. don\'t push to a keyserver).')
     args.add_argument('-s',
                       '--keyservers',
                       dest = 'keyservers',
                       default = defkeyservers,
-                      help = 'The comma-separated keyserver(s) to push to. If\n' +
-                             '"None", don\'t push signatures (local-only signatures\n' +
-                             'will be made). Default keyserver list is: \n\n\t\033[1m{0}\033[0m\n\n'.format(re.sub(',', '\n\t', defkeyservers)))
+                      help = 'The comma-separated keyserver(s) to push to.\n' +
+                             'Default keyserver list is: \n\n\t\033[1m{0}\033[0m\n\n'.format(re.sub(',', '\n\t', defkeyservers)))
     # This will require some restructuring...
     args.add_argument('-b',
                       '--batch',
@@ -428,12 +462,18 @@ def parseArgs():
                       action = 'store_true',
                       help = 'If specified, -k/--keys is a CSV file to use as a\n' +
                              'batch run in the format of (one per line):\n' +
-                             '\n\033[1mKEY_FINGERPRINT_OR_EMAIL_ADDRESS,TRUSTLEVEL,PUSH_TO_KEYSERVER\033[0m\n\n'
-                             '\033[1mTRUSTLEVEL\033[0m can be numeric or string:' +
+                             '\n\033[1mKEY_ID,TRUSTLEVEL,PUSH,CHECKLEVEL,EXPORT\033[0m\n'
+                             '\n\033[1mKEY_ID\033[0m can be the full 40-char key ID (fingerprint)\n' +
+                             'or an email address of the key.\n\n\033[1mTRUSTLEVEL\033[0m is how much trust to assign, and can\n' +
+                             'be numeric or string:' +
                              '\n\n\t\033[1m-1 = Never\n\t 0 = Unknown\n\t 1 = Untrusted\n\t 2 = Marginal\n\t 3 = Full\n\t 4 = Ultimate\033[0m\n' +
-                             '\n\033[1mPUSH_TO_KEYSERVER\033[0m can be \033[1m1/True\033[0m, \033[1m0/False\033[0m, or \033[1m-1/Never\033[0m.\n' +
+                             '\n\033[1mPUSH\033[0m can be \033[1m1/True\033[0m or \033[1m0/False\033[0m.\n' +
                              'If marked as False, the signature will be made local.\n' +
-                             '(If marked as Never, the signature will be non-exportable.)')
+                             '\n\033[1mCHECKLEVEL\033[0m is the amount of checking done on the owner\'s\n' +
+                             'validity of identity. Can be numeric or string:' +
+                             '\n\n\t\033[1m 0 = Unknown\n\t 1 = None\n\t 2 = Casual\n\t 3 = Careful\033[0m\n' +
+                             '\n\033[1mEXPORT\033[0m can be either \033[1m1/True\033[0m or \033[1m0/False\033[0m.\n' +
+                             'If True, make the signature exportable.\nIf False, make it non-exportable.')
     args.add_argument('-d',
                       '--gpgdir',
                       dest = 'gpgdir',
diff --git a/gpg/testbatch.kant.csv b/gpg/kant/testbatch.kant.csv
similarity index 100%
rename from gpg/testbatch.kant.csv
rename to gpg/kant/testbatch.kant.csv