Bug#722966: [PATCH] encrypt mail to the signing key in addition to the signed key

Philip Jägenstedt Sat, 14 Sep 2013 14:42:33 -0700

This is useful so that the signer can see exactly what was sent
and makes it possible to resend/import/upload the signatures
later without signing again (risking duplicate signatures).
---
 monkeysign/gpg.py |   13 ++++++++-----
 monkeysign/ui.py  |   17 +++++++++++------
 2 files changed, 19 insertions(+), 11 deletions(-)


diff --git a/monkeysign/gpg.py b/monkeysign/gpg.py
index 88769b0..351e2cd 100644
--- a/monkeysign/gpg.py
+++ b/monkeysign/gpg.py
@@ -377,12 +377,15 @@ class Keyring():
                 raise GpgProtocolError(self.context.returncode, _('unexpected 
GPG exit code in list-keys: %d') % self.context.returncode)
         return keys
 
-    def encrypt_data(self, data, recipient):
+    def encrypt_data(self, data, recipients):
         """encrypt data using asymetric encryption
 
-        returns the encrypted data or raise a GpgRuntimeError if it fails
+        returns the encrypted data or raises a GpgRuntimeError if it failed.
         """
-        self.context.call_command(['recipient', recipient, '--encrypt'], data)
+        command = ['encrypt']
+        for recipient in recipients:
+            command += ['--recipient', recipient]
+        self.context.call_command(command, data)
         if self.context.returncode == 0:
             return self.context.stdout
         else:
@@ -391,9 +394,9 @@ class Keyring():
     def decrypt_data(self, data):
         """decrypt data using asymetric encryption
 
-        returns the plaintext data or raise a GpgRuntimeError if it failed.
+        returns the plaintext data or raises a GpgRuntimeError if it failed.
         """
-        self.context.call_command(['--decrypt'], data)
+        self.context.call_command(['decrypt'], data)
         if self.context.returncode == 0:
             return self.context.stdout
         else:
diff --git a/monkeysign/ui.py b/monkeysign/ui.py
index 19fdef8..9166c77 100644
--- a/monkeysign/ui.py
+++ b/monkeysign/ui.py
@@ -319,14 +319,14 @@ Sign all identities? [y/N] \
             if self.chosen_uid is None:
                 for uid in key.uids.values():
                     try:
-                        msg = EmailFactory(self.tmpkeyring.export_data(fpr), 
fpr, uid.uid, from_user, self.options.to)
+                        msg = 
EmailFactory(self.keyring.export_data(self.signing_key.fpr), 
self.signing_key.fpr, self.tmpkeyring.export_data(fpr), fpr, uid.uid, 
from_user, self.options.to)
                     except GpgRuntimeError as e:
                         self.warn(_('failed to create email: %s') % e)
                         break
                     self.sendmail(msg)
             else:
                 try:
-                    msg = EmailFactory(self.tmpkeyring.export_data(fpr), fpr, 
self.chosen_uid, from_user, self.options.to)
+                    msg = 
EmailFactory(self.keyring.export_data(self.signing_key.fpr), 
self.signing_key.fpr, self.tmpkeyring.export_data(fpr), fpr, self.chosen_uid, 
from_user, self.options.to)
                 except GpgRuntimeError as e:
                     self.warn(_('failed to create email: %s') % e)
                     break
@@ -394,21 +394,24 @@ yourself.  With GnuPG this can be done using:
 Regards,
 """)
 
-    def __init__(self, keydata, keyfpr, recipient, mailfrom, mailto):
+    def __init__(self, signingkeydata, signingkeyfpr, keydata, keyfpr, 
recipient, mailfrom, mailto):
         """email constructor
 
 we expect to find the following arguments:
 
+signingkeydata: the signing key
+signingkeyfpr: the fingerprint of the signing key
 keydata: the signed public key material
 keyfpr: the fingerprint of that public key
-recipient: the recipient to encrypt the mail to
+recipient: the recipient to send the mail to
 mailfrom: who the mail originates from
 mailto: who to send the mail to (usually similar to recipient, but can be used 
to specify specific keyids"""
-        (self.keyfpr, self.recipient, self.mailfrom, self.mailto) = (keyfpr, 
recipient, mailfrom.decode('utf-8'), mailto or recipient)
+        (self.signingkeyfpr, self.keyfpr, self.recipient, self.mailfrom, 
self.mailto) = (signingkeyfpr, keyfpr, recipient, mailfrom.decode('utf-8'), 
mailto or recipient)
         self.mailto = self.mailto.decode('utf-8')
         # operate over our own keyring, this allows us to remove UIDs freely
         self.tmpkeyring = TempKeyring()
         # copy data over from the UI keyring
+        self.tmpkeyring.import_data(signingkeydata)
         self.tmpkeyring.import_data(keydata)
         # prepare for email transport
         self.tmpkeyring.context.set_option('armor')
@@ -433,6 +436,8 @@ mailto: who to send the mail to (usually similar to 
recipient, but can be used t
     def cleanup_uids(self):
         """this will remove any UID not matching the 'recipient' set in the 
class"""
         for fpr, key in self.tmpkeyring.get_keys().iteritems():
+            if fpr != self.keyfpr:
+                continue
             todelete = []
             for uid in key.uids.values():
                 if self.recipient != uid.uid:
@@ -445,7 +450,7 @@ mailto: who to send the mail to (usually similar to 
recipient, but can be used t
         # an encrypted MIME message, made of two parts: the
         # introduction and the signed key material
         message = 
self.create_mail_from_block(self.tmpkeyring.export_data(self.keyfpr))
-        encrypted = self.tmpkeyring.encrypt_data(message.as_string(), 
self.keyfpr)
+        encrypted = self.tmpkeyring.encrypt_data(message.as_string(), 
[self.keyfpr, self.signingkeyfpr])
 
         # the second layer up, made of two parts: a version number
         # and the first layer, encrypted
-- 
1.7.10.4


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#722966: [PATCH] encrypt mail to the signing key in addition to the signed key

Reply via email to