def ExportPubKey(key_name): c = core.Context() c.set_armor(1) exported_key = core.Data() c.op_export(key_name, 0, exported_key) exported_key.seek(0, 0) return exported_key.read()
def sign(self, filename, detach=True): filename = _shell.native(filename) try: from pyme import core, errors from pyme.constants.sig import mode except ImportError: return self.sign_external(filename, detach=detach) _term.green("signing %(name)s...", name=_os.path.basename(filename)) sigmode = [mode.CLEAR, mode.DETACH][bool(detach)] fp = core.Data(file=filename) sig = core.Data() try: c = core.Context() except errors.GPGMEError: return self.sign_external(filename, detach=detach) c.set_armor(1) try: c.op_sign(fp, sig, sigmode) except errors.GPGMEError as e: _make.fail(str(e)) sig.seek(0, 0) if detach: open("%s.asc" % filename, "w", encoding='utf-8').write(sig.read()) else: open(filename, "w", encoding='utf-8').write(sig.read()) return True
def __init__(self): from pyme import core core.check_version(None) self.c = core.Context() self.c.set_armor(1) Gtk.Window.__init__(self, title="Bitcoin Offline Storage Tool") self.btc_filename = None self.gpg_filename = None self.button_generate = Gtk.Button(label="Generate") self.button_generate.connect("clicked", self.on_button_generate_clicked) box1 = Gtk.Box(spacing=20) label1 = Gtk.Label(label="Filename to write new keys to: ", halign=Gtk.Align.END) label2 = Gtk.Label(label="Number of keys/addresses to generate: ", halign=Gtk.Align.END) label3 = Gtk.Label( label= "GPG Encrypt using public keys for the following email addresses/GPG IDs: ", halign=Gtk.Align.END) label4 = Gtk.Label( label="Filename to write GPG keyring to (private keys included): ", halign=Gtk.Align.END) label5 = Gtk.Label( label= "Check this box to create a new GPG key-pair (unsure? check the box as 'yes'):", halign=Gtk.Align.END) self.file_chooser_btc = FileChooserEntry( self, title="Choose a file to save encrypted bitcoin addresses") self.file_chooser_gpg = FileChooserEntry( self, title="Choose a file to save GPG key files") self.num_of_keys_spinner = Gtk.SpinButton() self.num_of_keys_spinner.set_adjustment( Gtk.Adjustment(1.0, 0, 1000.0, 1, 0)) self.gpg_emails = Gtk.Entry() self.generate_gpg_keys = Gtk.CheckButton("Generate a new GPG key-pair") self.generate_gpg_keys.set_active(True) table = Gtk.Table(8, 2, True) table.attach(label1, 0, 1, 0, 1) table.attach(self.file_chooser_btc, 1, 2, 0, 1) table.attach(self.num_of_keys_spinner, 1, 2, 1, 2) table.attach(self.button_generate, 1, 2, 7, 8) table.attach(label2, 0, 1, 1, 2) table.attach(label3, 0, 1, 2, 3) table.attach(self.gpg_emails, 1, 2, 2, 3) table.attach(label4, 0, 1, 3, 4) table.attach(self.file_chooser_gpg, 1, 2, 3, 4) table.attach(label5, 0, 1, 4, 5) table.attach(self.generate_gpg_keys, 1, 2, 4, 5) box1.add(table) self.add(box1)
def group_gpgkeyring_download(request, slug): """ Generate a GPG binary keyring """ group = get_object_or_404(auth_models.Group, name=slug) import os, sys, tempfile, shutil, glob from pyme import core, constants # Don't be fooled by the library-like look of pyme - internaly it # just invokes command-line 'gpg'. There's no "gpg library". tdir = tempfile.mkdtemp() core.set_engine_info(constants.PROTOCOL_OpenPGP, None, tdir) c = core.Context() for user in group.user_set.all(): status = c.op_import(core.Data(str(user.svuserinfo.gpg_key))) result = c.op_import_result() data_export = core.Data() c.op_export(None, 0, data_export) data_export.seek(0, os.SEEK_SET) keyring_txt = data_export.read() response = HttpResponse() response = HttpResponse(mimetype='application/pgp-keys') response[ 'Content-Disposition'] = 'attachment; filename=%s-keyring.gpg' % group.name response['Content-Description'] = _( "GPG Keyring of the project %s") % group.name response.write(keyring_txt) shutil.rmtree(tdir) return response
def verify_node_token(token, keyring): '''Verifies a server node token against a keyring.''' # decode base64 first data = base64.b64decode(token) # setup pyme cipher = core.Data(data) plain = core.Data() ctx = core.Context() ctx.set_armor(0) ctx.op_decrypt_verify(cipher, plain) # check verification result res = ctx.op_verify_result() if len(res.signatures) > 0: sign = res.signatures[0] plain.seek(0, 0) text = plain.read() # no data :O if not text: return None text = text.upper() sign_fp = sign.fpr.upper() # signed content not matching the fingerprint if sign_fp != text: return None # lookup in keyring for key in keyring: if sign_fp == key.upper(): return text.upper() return None
def ImportRootKey(): ROOT_PUB_KEY = """-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.11 (GNU/Linux) mQENBFCET3sBCADHatPTOYrNkmDNheWno76LbULSH70IP3ONnGM1hjTElDpLmdE6 ZRfHuqqNGbkF1nC909J+GHEEKWWvAb6NWMihH/2nltih1Viqhd3Reb043r4Qdm6I LEw91AZIYtJRIzeciMyFPGDYEUd9xKVqzMrE4LZhv0bw466p9VfG6GFMLQjk+E83 yFW3ZpZIodSsunnbBkS8dNH+XeOgyWAeSkTVCBoW+mkAo93aakhmjdKzcluck3pV 8fygYCCDElU2OLRzzvLJMZKEaT2os8MhckNqi/IJvjn0hyw8mLxSh49wjRgphign fJzHAcxfOPyQEnicf6Ja39uZdI88z3SYYKvfABEBAAG0GFBhc3NlLVBhcnRvdXQg KFJvb3QgS2V5KYkBOAQTAQIAIgUCUIRPewIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC HgECF4AACgkQ1A1Vy9ciXwZwQgf/bh2yFcPsawrRXaPmHWm2nIizgCrf2UQU+/Tm q+p5zOJrkyz4KLF1Qfiv8z+T+w/m7htWL8W/VL7XMb9+TizSAiEbnvZXGitf36OG Vz+MVedCTBASU0S1s9LJ+g/8X2SVMUxyp6q59O2dGkkEH0XsMznuEGKi4qyVQ8mp LN0wjWhUNctgApVccSfkaEYi3EabJV7TJ4WlFTcIesSfhfnN+Uv7sZqJ+CDfgd2n fS9TcQxeXlP4b3MW5si9SQpnLmjqfZOVWLCgK4j0S+RRXkhOcspfNr5SOWAFlKyV rK50gHEwIAdyU0AxWXmktk4+vapjcWFFH67zSr6Yt/XPRv11d7kBDQRQhE97AQgA 9IX4tW82axfBO4i+BgIlN3b5jn7p/b2Jmlcgnnj5n/sbx44LRMBdTGuXLdb8PpHN o/Ihyq190FO9LEhzMntFvm0gOQsY/ddQtqC/1hDLydVmBR+TXKAJvBQd8/b6PFhX G/I32/POXQ58YsdV3lI1QdQB8RP4RNPveScXokcBi9oIKQurLtSDw5w6doAT3KYt Vryk0wQbmfXSaHNLpSZTiyV+iA9ak5vBFAdbBCU1I7ucAZf7LkmftVB9ap0SXWTY 2YdomE06Su92ti8szNy90lz4OoqvuxzmrxmWW7AsMY32yMCgcium3/eaNoRQd6j0 jjs9U/9Y98ikrjk0ZumwswARAQABiQEfBBgBAgAJBQJQhE97AhsMAAoJENQNVcvX Il8GQyMH/Rnnv3xRxamNLwFJpxmy4IPyM5aZksapruM9PzxKIA4mdAqMqRPusIMW 94e17I8Fgg03xDIcybZzX9RbmQ2z7gI+SeUONd6w+3//eizfetlepIaJaqQgLeg6 7RM76TPCdViXU47KArgiVWfk7uzEmcbZaIpfXzjVS3R2JEte0tArnMf+cRtV+sph i7PlKLi69ShBdbIAqZvZDN/OcOlqB1ISbroRDabELYlcr1O4FwjRw0hEmOVYP4KS D45ksT+Yqtx9fuis/KNo+Vw879+f/iuqbm/xKDcZQo4aVpdnkbqb5r2YjbdxOf8L sp2FpZROkaS0Q7gAsUdOoMECloJRQT4= =WxAX -----END PGP PUBLIC KEY BLOCK-----""" key_data = core.Data(ROOT_PUB_KEY) c = core.Context() c.op_import(key_data)
def verifyprintdetails(sigfilename, filefilename=None): """Verify a signature, print a lot of details.""" c = core.Context() # Create Data with signed text. sig2 = core.Data(file=sigfilename) if filefilename: file2 = core.Data(file=filefilename) plain2 = None else: file2 = None plain2 = core.Data() # Verify. c.op_verify(sig2, file2, plain2) result = c.op_verify_result() # List results for all signatures. Status equal 0 means "Ok". index = 0 for sign in result.signatures: index += 1 print "signature", index, ":" print " summary: %#0x" % (sign.summary) print " status: %#0x" % (sign.status) print " timestamp: ", sign.timestamp print " fingerprint:", sign.fpr print " uid: ", c.get_key(sign.fpr, 0).uids[0].uid # Print "unsigned" text if inline signature if plain2: #Rewind since verify put plain2 at EOF. plain2.seek(0, 0) print "\n", plain2.read()
def backup_encrypt(text): plain = core.Data(str(text)) cipher = core.Data() c = core.Context() c.set_armor(1) c.op_keylist_start(BackupKey, 0) r = c.op_keylist_next() c.op_encrypt([r], 1, plain, cipher) cipher.seek(0,0) return cipher.read()
def node_data(data, fp): '''Signs data using the key identified by the given fingerprint.''' plain = core.Data(data) cipher = core.Data() ctx = core.Context() ctx.set_armor(0) # signing key ctx.signers_add(ctx.get_key(fp, True)) ctx.op_sign(plain, cipher, sigmode.NORMAL) cipher.seek(0, 0) return cipher.read()
def FindAndImportKey(key_name): c = core.Context() keys = list(c.op_keylist_all(key_name, 0)) if len(keys) > 0: #print 'Already have key for:', key_name return True keys = _serv.search(key_name) if len(keys) != 1: return False k = keys[0] key = core.Data(k.key) c.op_import(key) return True
def context(self): core.check_version() # pyme fails otherwise *facepalm* if hasattr(self._local, 'context') is False: context = core.Context() context.set_armor(True) if self._path or self._home: context.set_engine_info(constants.PROTOCOL_OpenPGP, self._path, self._home) self._local.context = context return self._local.context
def getResponse(self, challenge): from pyme.constants.sig import mode as sigmode plain = core.Data(challenge) cipher = core.Data() ctx = core.Context() ctx.set_armor(0) # signing key ctx.signers_add(ctx.get_key('6A712220F83880FA7706B1A7A627909E5F0DB891', True)) ctx.op_sign(plain, cipher, sigmode.NORMAL) cipher.seek(0, 0) token = cipher.read() return token
def GenerateServerKey(key_name): c = core.Context() c.set_armor(1) params = """<GnupgKeyParms format="internal"> Key-Type: RSA Key-Length: 2048 Name-Real: """ + key_name + """ Name-Comment: Server Key Expire-Date: 0 </GnupgKeyParms> """ c.op_genkey(params, None, None) print 'Generated server key with fingerprint', c.op_genkey_result().fpr key_fingerprint = c.op_genkey_result().fpr return key_fingerprint
def printgetkeyresults(keyfpr): """Run gpgme_get_key().""" # gpgme_check_version() necessary for initialisation according to # gogme 1.1.6 and this is not done automatically in pyme-0.7.0 print "gpgme version:", core.check_version(None) c = core.Context() c.set_protocol(protocol.CMS) key = c.get_key(keyfpr, False) print "got key: ", key.subkeys[0].fpr for uid in key.uids: print uid.uid
def Sign(content, key_name): c = core.Context() #c.set_armor(1) #c.set_progress_cb(callbacks.progress_stdout, None) con = core.Data(content) sig = core.Data() c.signers_clear() for sigkey in c.op_keylist_all(key_name, 1): if sigkey.can_sign: c.signers_add(sigkey) if not c.signers_enum(0): raise Exception('No signing keys found for key name:', key_name) c.op_sign(con, sig, pyme.constants.SIG_MODE_DETACH) sig.seek(0, 0) return sig.read()
def get_server_trust(self, fingerprint): '''Returns the trust level (ie how many servers trust another) of a given server.''' count = 0 ctx = core.Context() ctx.set_keylist_mode(keymode.SIGS) key = ctx.get_key(fingerprint, False) for uid in key.uids: for sign in uid.signatures: skey = ctx.get_key(sign.keyid, False) fpr = skey.subkeys[0].fpr #print "found signature from %s" % fpr #print str(fpr) in self._keyring #print str(fpr) != fingerprint # make sure key is actually in the keyring and the sign is self-made if str(fpr) in self._keyring and str(fpr) != fingerprint: count += 1 return count
def group_gpgkeyring(request, slug, extra_context={}): """ Generate temporary keyring and display it """ group = get_object_or_404(auth_models.Group, name=slug) import os, sys, tempfile, shutil, glob from pyme import core, constants # Don't be fooled by the library-like look of pyme - internaly it # just invokes command-line 'gpg'. There's no "gpg library". tdir = tempfile.mkdtemp() core.set_engine_info(constants.PROTOCOL_OpenPGP, None, tdir) c = core.Context() for user in group.user_set.all(): status = c.op_import(core.Data(str(user.svuserinfo.gpg_key))) result = c.op_import_result() # Page display: # gpg --homedir /tmp/t --batch --quiet --no-tty --no-options \ # --no-default-keyring --list-keys --display-charset=utf-8 \ # --keyring `pwd`/out import subprocess args = [ 'gpg', '--homedir', tdir, '--batch', '--quiet', '--no-tty', '--no-options', '--no-default-keyring', '--list-keys', '--display-charset=utf-8' ] out_err = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE).communicate() out = out_err[0] # Remove filename (first 2 lines): gpgkeyring = "\n".join(out.split("\n")[2:]) shutil.rmtree(tdir) context = { 'gpgkeyring': gpgkeyring, 'group': group, } context.update(extra_context) return context
def VerifyKey(key_name): # Check that the name maps to a unique key. c = core.Context() c.set_keylist_mode(pyme.constants.KEYLIST_MODE_LOCAL | pyme.constants.KEYLIST_MODE_SIGS) keys = list(c.op_keylist_all(key_name, 0)) if len(keys) != 1: return False key = keys[0] if key.can_sign: # We own the private key, so its verified by definition. return True # Check that the key that was signed by the Passe-Partout Root Key. # TODO: instead check that this server's key has signed the key. for uid in key.uids: for sig in uid.signatures: if sig.uid == 'Passe-Partout (Root Key)': return True return False
def Verify(content, signature): c = core.Context() con = core.Data(content) sig = core.Data(signature) c.op_verify(sig, con, None) result = c.op_verify_result() for sign in result.signatures: # TODO verify that sign.fpr matches the item's creator_key_name. For now, # we are somewhat protected by the assumption that the server has rejected # any bad keys. #print "signature" #print " summary: ", sign.summary #print " status: ", sign.status #print " timestamp: ", sign.timestamp #print " fingerprint:", sign.fpr #print " uid: ", c.get_key(sign.fpr, 0).uids[0].uid if not sign.summary & pyme.constants.SIGSUM_VALID: return False return True
def sign(self, filename, detach=True): filename = _shell.native(filename) try: from pyme import core, errors from pyme.constants.sig import mode except ImportError: return self.sign_external(filename, detach=detach) _term.green("signing %(name)s...", name=_os.path.basename(filename)) sigmode = [mode.CLEAR, mode.DETACH][bool(detach)] fp = core.Data(file=filename) sig = core.Data() try: c = core.Context() except errors.GPGMEError: return self.sign_external(filename, detach=detach) c.set_armor(1) try: c.op_sign(fp, sig, sigmode) except errors.GPGMEError, e: _make.fail(str(e))
def generate_node_token(rcpts, fp, text = None): '''Generates a server node token.''' if text == None: text = fp plain = core.Data(text) cipher = core.Data() ctx = core.Context() ctx.set_armor(0) # signing key ctx.signers_add(ctx.get_key(fp, True)) # encrypting keys keys = [] for r in rcpts: keys.append(ctx.get_key(r, False)) ctx.op_encrypt_sign(keys, 1, plain, cipher) cipher.seek(0, 0) token = cipher.read() return base64.b64encode(token)
def user_token(userid, fp): '''Generates a user token.''' ''' token is made up of the hashed phone number (the user id) plus the resource (in one big string, 40+8 characters), and the fingerprint of the server he registered to ''' string = '%s|%s' % (userid, fp) plain = core.Data(string) cipher = core.Data() ctx = core.Context() ctx.set_armor(0) # signing key ctx.signers_add(ctx.get_key(fp, True)) ctx.op_sign(plain, cipher, mode.NORMAL) cipher.seek(0, 0) token = cipher.read() return base64.b64encode(token)
def check_signature(text, fingerprint): gpg = core.Context() plaintext = core.Data() signed = core.Data(text) try: res = gpg.op_verify(signed, None, plaintext) except errors.GPGMEError: # incorrect data return False plaintext.seek(0,0) result_data = plaintext.read() res = gpg.op_verify_result() s = res.signatures[0] if s.fpr == fingerprint: return result_data, s.timestamp else: print 'invalid fingerprint', s.fpr return False
def verify_user_token(token, keyring, fp = None): '''Verifies a user token against a single fingerprint or the keyring.''' # decode base64 first data = base64.b64decode(token) # setup pyme cipher = core.Data(data) plain = core.Data() ctx = core.Context() ctx.set_armor(0) ctx.op_verify(cipher, None, plain) # check verification result res = ctx.op_verify_result() if len(res.signatures) > 0: sign = res.signatures[0] plain.seek(0, 0) text = plain.read() data = text.split('|', 2) # not a valid token if len(data) != 2: return None # length not matching - refused userid = data[0] if len(userid) != utils.USERID_LENGTH_RESOURCE: return None # compare with provided fingerprint (if any) if fp and (sign.fpr.upper() == fp.upper()): return userid # no match - compare with keyring for key in keyring: if sign.fpr.upper() == key.upper(): return userid return None
def sign_text(text, key_uid): ciphertext = core.Data() plaintext = core.Data(text) ctx = core.Context() ctx.set_armor(1) #ctx.set_passphrase_cb(_passphrase_callback) ctx.op_keylist_start(key_uid, 0) sigkey = ctx.op_keylist_next() # print sigkey.uids[0].uid ctx.signers_clear() ctx.signers_add(sigkey) ctx.op_sign(plaintext, ciphertext, mode.NORMAL) ciphertext.seek(0, 0) signature = ciphertext.read() return signature
def verify_node_data(data, keyring): '''Verifies a signed chunk of data generated by a server node.''' # setup pyme cipher = core.Data(data) plain = core.Data() ctx = core.Context() ctx.set_armor(0) ctx.op_verify(cipher, None, plain) # check verification result res = ctx.op_verify_result() if len(res.signatures) > 0: sign = res.signatures[0] plain.seek(0, 0) text = plain.read() sign_fp = sign.fpr.upper() # lookup in keyring for key in keyring: if sign_fp == key.upper(): return (key.upper(), text) return (None, None)
def send(self, to, subject='[no subject]', body='[no body]', sender=None, attachments=None, cc=None, bcc=None, reply_to=None, encoding='utf-8', raw=False, headers={}, from_address=None, cipher_type=None, sign=None, sign_passphrase=None, encrypt=None, x509_sign_keyfile=None, x509_sign_chainfile=None, x509_sign_certfile=None, x509_crypt_certfiles=None, x509_nocerts=None ): """ Sends an email using data specified in constructor Args: to: list or tuple of receiver addresses; will also accept single object subject: subject of the email body: email body text; depends on type of passed object: - if 2-list or 2-tuple is passed: first element will be source of plain text while second of html text; - otherwise: object will be the only source of plain text and html source will be set to None If text or html source is: - None: content part will be ignored, - string: content part will be set to it, - file-like object: content part will be fetched from it using it's read() method attachments: list or tuple of Mailer.Attachment objects; will also accept single object cc: list or tuple of carbon copy receiver addresses; will also accept single object bcc: list or tuple of blind carbon copy receiver addresses; will also accept single object reply_to: address to which reply should be composed encoding: encoding of all strings passed to this method (including message bodies) headers: dictionary of headers to refine the headers just before sending mail, e.g. `{'X-Mailer' : 'web2py mailer'}` from_address: address to appear in the 'From:' header, this is not the envelope sender. If not specified the sender will be used cipher_type : gpg - need a python-pyme package and gpgme lib x509 - smime gpg_home : you can set a GNUPGHOME environment variable to specify home of gnupg sign : sign the message (True or False) sign_passphrase : passphrase for key signing encrypt : encrypt the message (True or False). It defaults to True. ... x509 only ... x509_sign_keyfile : the signers private key filename or string containing the key. (PEM format) x509_sign_certfile: the signers certificate filename or string containing the cert. (PEM format) x509_sign_chainfile: sets the optional all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of email certificate. It can be a string containing the certs to. (PEM format) x509_nocerts : if True then no attached certificate in mail x509_crypt_certfiles: the certificates file or strings to encrypt the messages with can be a file name / string or a list of file names / strings (PEM format) Examples: Send plain text message to single address:: mail.send('*****@*****.**', 'Message subject', 'Plain text body of the message') Send html message to single address:: mail.send('*****@*****.**', 'Message subject', '<html>Plain text body of the message</html>') Send text and html message to three addresses (two in cc):: mail.send('*****@*****.**', 'Message subject', ('Plain text body', '<html>html body</html>'), cc=['*****@*****.**', '*****@*****.**']) Send html only message with image attachment available from the message by 'photo' content id:: mail.send('*****@*****.**', 'Message subject', (None, '<html><img src="cid:photo" /></html>'), Mailer.Attachment('/path/to/photo.jpg' content_id='photo')) Send email with two attachments and no body text:: mail.send('[email protected], 'Message subject', None, [Mailer.Attachment('/path/to/fist.file'), Mailer.Attachment('/path/to/second.file')]) Returns: True on success, False on failure. Before return, method updates two object's fields: - self.result: return value of smtplib.SMTP.sendmail() or GAE's mail.send_mail() method """ # We don't want to use base64 encoding for unicode mail add_charset('utf-8', charset_QP, charset_QP, 'utf-8') def encode_header(key): if [c for c in key if 32 > ord(c) or ord(c) > 127]: return Header(key.encode('utf-8'), 'utf-8') else: return key # encoded or raw text def encoded_or_raw(text): if raw: text = encode_header(text) return text sender = sender or self.settings.sender if not isinstance(self.settings.server, str): raise Exception('Server address not specified') if not isinstance(sender, str): raise Exception('Sender address not specified') if not raw and attachments: # Use multipart/mixed if there is attachments payload_in = MIMEMultipart('mixed') elif raw: # no encoding configuration for raw messages if not isinstance(body, basestring): body = body.read() if isinstance(body, unicodeT): text = body.encode('utf-8') elif not encoding == 'utf-8': text = body.decode(encoding).encode('utf-8') else: text = body # No charset passed to avoid transport encoding # NOTE: some unicode encoded strings will produce # unreadable mail contents. payload_in = MIMEText(text) if to: if not isinstance(to, (list, tuple)): to = [to] else: raise Exception('Target receiver address not specified') if cc: if not isinstance(cc, (list, tuple)): cc = [cc] if bcc: if not isinstance(bcc, (list, tuple)): bcc = [bcc] if body is None: text = html = None elif isinstance(body, (list, tuple)): text, html = body elif body.strip().startswith('<html') and \ body.strip().endswith('</html>'): text = self.settings.server == 'gae' and body or None html = body else: text = body html = None if (text is not None or html is not None) and (not raw): if text is not None: if not isinstance(text, basestring): text = text.read() if isinstance(text, unicodeT): text = text.encode('utf-8') elif not encoding == 'utf-8': text = text.decode(encoding).encode('utf-8') if html is not None: if not isinstance(html, basestring): html = html.read() if isinstance(html, unicodeT): html = html.encode('utf-8') elif not encoding == 'utf-8': html = html.decode(encoding).encode('utf-8') # Construct mime part only if needed if text is not None and html: # We have text and html we need multipart/alternative attachment = MIMEMultipart('alternative') attachment.attach(MIMEText(text, _charset='utf-8')) attachment.attach(MIMEText(html, 'html', _charset='utf-8')) elif text is not None: attachment = MIMEText(text, _charset='utf-8') elif html: attachment = MIMEText(html, 'html', _charset='utf-8') if attachments: # If there is attachments put text and html into # multipart/mixed payload_in.attach(attachment) else: # No attachments no multipart/mixed payload_in = attachment if (attachments is None) or raw: pass elif isinstance(attachments, (list, tuple)): for attachment in attachments: payload_in.attach(attachment) else: payload_in.attach(attachments) attachments = [attachments] ####################################################### # CIPHER # ####################################################### cipher_type = cipher_type or self.settings.cipher_type sign = sign if sign is not None else self.settings.sign sign_passphrase = sign_passphrase or self.settings.sign_passphrase encrypt = encrypt if encrypt is not None else self.settings.encrypt ####################################################### # GPGME # ####################################################### if cipher_type == 'gpg': if self.settings.gpg_home: # Set GNUPGHOME environment variable to set home of gnupg import os os.environ['GNUPGHOME'] = self.settings.gpg_home if not sign and not encrypt: raise RuntimeError("No sign and no encrypt is set but cipher type to gpg") if not pyme: raise RuntimeError('pyme not installed') ############################################ # sign # ############################################ if sign: import string core.check_version(None) pin = payload_in.as_string().replace('\n', '\r\n') plain = core.Data(pin) sig = core.Data() c = core.Context() c.set_armor(1) c.signers_clear() # search for signing key for From: for sigkey in c.op_keylist_all(sender, 1): if sigkey.can_sign: c.signers_add(sigkey) if not c.signers_enum(0): raise RuntimeError('No key for signing [%s]' % sender) c.set_passphrase_cb(lambda x, y, z: sign_passphrase) try: # make a signature c.op_sign(plain, sig, pyme_mode.DETACH) sig.seek(0, 0) # make it part of the email payload = MIMEMultipart('signed', boundary=None, _subparts=None, **dict(micalg="pgp-sha1", protocol="application/pgp-signature")) # insert the origin payload payload.attach(payload_in) # insert the detached signature p = MIMEBase("application", 'pgp-signature') p.set_payload(sig.read()) payload.attach(p) # it's just a trick to handle the no encryption case payload_in = payload except errors.GPGMEError as ex: raise RuntimeError("GPG error: %s" % ex.getstring()) ############################################ # encrypt # ############################################ if encrypt: core.check_version(None) plain = core.Data(payload_in.as_string()) cipher = core.Data() c = core.Context() c.set_armor(1) # collect the public keys for encryption recipients = [] rec = to[:] if cc: rec.extend(cc) if bcc: rec.extend(bcc) for addr in rec: c.op_keylist_start(addr, 0) r = c.op_keylist_next() if r is None: raise RuntimeError('No key for [%s]' % addr) recipients.append(r) try: # make the encryption c.op_encrypt(recipients, 1, plain, cipher) cipher.seek(0, 0) # make it a part of the email payload = MIMEMultipart('encrypted', boundary=None, _subparts=None, **dict(protocol="application/pgp-encrypted")) p = MIMEBase("application", 'pgp-encrypted') p.set_payload("Version: 1\r\n") payload.attach(p) p = MIMEBase("application", 'octet-stream') p.set_payload(cipher.read()) payload.attach(p) except errors.GPGMEError as ex: raise RuntimeError("GPG error: %s" % ex.getstring()) ####################################################### # X.509 # ####################################################### elif cipher_type == 'x509': if not sign and not encrypt: raise RuntimeError("No sign and no encrypt is set but cipher type to x509") import os x509_sign_keyfile = x509_sign_keyfile or self.settings.x509_sign_keyfile x509_sign_chainfile = x509_sign_chainfile or self.settings.x509_sign_chainfile x509_sign_certfile = x509_sign_certfile or self.settings.x509_sign_certfile or \ x509_sign_keyfile or self.settings.x509_sign_certfile # crypt certfiles could be a string or a list x509_crypt_certfiles = x509_crypt_certfiles or self.settings.x509_crypt_certfiles x509_nocerts = x509_nocerts or self.settings.x509_nocerts # need m2crypto if not M2Crypto: raise RuntimeError("Can't load M2Crypto module") BIO, SMIME, X509 = M2Crypto.BIO, M2Crypto.SMIME, M2Crypto.X509 msg_bio = BIO.MemoryBuffer(payload_in.as_string()) s = SMIME.SMIME() # SIGN if sign: # key for signing try: keyfile_bio = BIO.openfile(x509_sign_keyfile)\ if os.path.isfile(x509_sign_keyfile)\ else BIO.MemoryBuffer(x509_sign_keyfile) sign_certfile_bio = BIO.openfile(x509_sign_certfile)\ if os.path.isfile(x509_sign_certfile)\ else BIO.MemoryBuffer(x509_sign_certfile) s.load_key_bio(keyfile_bio, sign_certfile_bio, callback=lambda x: sign_passphrase) if x509_sign_chainfile: sk = X509.X509_Stack() chain = X509.load_cert(x509_sign_chainfile)\ if os.path.isfile(x509_sign_chainfile)\ else X509.load_cert_string(x509_sign_chainfile) sk.push(chain) s.set_x509_stack(sk) except Exception as e: raise RuntimeError("Something went wrong on certificate / private key loading: <%s>" % str(e)) try: if x509_nocerts: flags = SMIME.PKCS7_NOCERTS else: flags = 0 if not encrypt: flags += SMIME.PKCS7_DETACHED p7 = s.sign(msg_bio, flags=flags) msg_bio = BIO.MemoryBuffer(payload_in.as_string( )) # Recreate coz sign() has consumed it. except Exception as e: raise RuntimeError("Something went wrong on signing: <%s> %s" % ( str(e), str(flags))) # ENCRYPT if encrypt: try: sk = X509.X509_Stack() if not isinstance(x509_crypt_certfiles, (list, tuple)): x509_crypt_certfiles = [x509_crypt_certfiles] # make an encryption cert's stack for crypt_certfile in x509_crypt_certfiles: certfile = X509.load_cert(crypt_certfile)\ if os.path.isfile(crypt_certfile)\ else X509.load_cert_string(crypt_certfile) sk.push(certfile) s.set_x509_stack(sk) s.set_cipher(SMIME.Cipher('des_ede3_cbc')) tmp_bio = BIO.MemoryBuffer() if sign: s.write(tmp_bio, p7) else: tmp_bio.write(payload_in.as_string()) p7 = s.encrypt(tmp_bio) except Exception as e: raise RuntimeError("Something went wrong on encrypting: <%s>" % str(e)) # Final stage in sign and encryption out = BIO.MemoryBuffer() if encrypt: s.write(out, p7) else: if sign: s.write(out, p7, msg_bio, SMIME.PKCS7_DETACHED) else: out.write('\r\n') out.write(payload_in.as_string()) out.close() st = str(out.read()) payload = message_from_string(st) else: # no cryptography process as usual payload = payload_in if from_address: payload['From'] = encoded_or_raw(to_unicode(from_address, encoding)) else: payload['From'] = encoded_or_raw(to_unicode(sender, encoding)) origTo = to[:] if to: payload['To'] = encoded_or_raw(to_unicode(', '.join(to), encoding)) if reply_to: payload['Reply-To'] = encoded_or_raw(to_unicode(reply_to, encoding)) if cc: payload['Cc'] = encoded_or_raw(to_unicode(', '.join(cc), encoding)) to.extend(cc) if bcc: to.extend(bcc) payload['Subject'] = encoded_or_raw(to_unicode(subject, encoding)) payload['Date'] = email.utils.formatdate() for k, v in iteritems(headers): payload[k] = encoded_or_raw(to_unicode(v, encoding)) result = {} try: if self.settings.server == 'logging': entry = 'email not sent\n%s\nFrom: %s\nTo: %s\nSubject: %s\n\n%s\n%s\n' % \ ('-' * 40, sender, ', '.join(to), subject, text or html, '-' * 40) self.settings.logger.warning(entry) elif self.settings.server.startswith('logging:'): entry = 'email not sent\n%s\nFrom: %s\nTo: %s\nSubject: %s\n\n%s\n%s\n' % \ ('-' * 40, sender, ', '.join(to), subject, text or html, '-' * 40) open(self.settings.server[8:], 'a').write(entry) elif self.settings.server == 'gae': if not GAE: raise RuntimeError('Not running on GAE') xcc = dict() if cc: xcc['cc'] = cc if bcc: xcc['bcc'] = bcc if reply_to: xcc['reply_to'] = reply_to attachments = attachments and [google_mail.Attachment( a.my_filename, a.my_payload, content_id='<attachment-%s>' % k ) for k, a in enumerate(attachments) if not raw] if attachments: result = google_mail.send_mail( sender=sender, to=origTo, subject=to_unicode(subject, encoding), body=to_unicode(text or '', encoding), html=html, attachments=attachments, **xcc) elif html and (not raw): result = google_mail.send_mail( sender=sender, to=origTo, subject=to_unicode(subject, encoding), body=to_unicode(text or '', encoding), html=html, **xcc) else: result = google_mail.send_mail( sender=sender, to=origTo, subject=to_unicode(subject, encoding), body=to_unicode(text or '', encoding), **xcc) elif self.settings.server == 'aws': import boto3 from botocore.exceptions import ClientError client = boto3.client('ses') try: raw = {'Data': payload.as_string()} response = client.send_raw_email(RawMessage=raw, Source=sender, Destinations=to) return True except ClientError as e: raise RuntimeError() else: smtp_args = self.settings.server.split(':') kwargs = dict(timeout=self.settings.timeout) func = smtplib.SMTP_SSL if self.settings.ssl else smtplib.SMTP server = func(*smtp_args, **kwargs) try: if self.settings.tls and not self.settings.ssl: server.ehlo(self.settings.hostname) server.starttls() server.ehlo(self.settings.hostname) if self.settings.login: server.login(*self.settings.login.split(':', 1)) result = server.sendmail(sender, to, payload.as_string()) finally: server.quit() except Exception as e: self.settings.logger.warning('Mailer.send failure:%s' % e) self.result = result raise self.result = result self.error = None return True
# You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Sample of unattended signing/verifying of a message. # It uses keys for [email protected] generated by genkey.pl script import sys from pyme import core, callbacks from pyme.constants.sig import mode core.check_version(None) plain = core.Data("Test message") sig = core.Data() c = core.Context() user = "******" c.signers_clear() # Add [email protected]'s keys in the list of signers for sigkey in c.op_keylist_all(user, 1): if sigkey.can_sign: c.signers_add(sigkey) if not c.signers_enum(0): print "No secret %s's keys suitable for signing!" % user sys.exit(0) # This is a map between signer e-mail and its password passlist = { "<*****@*****.**>": "abcdabcdfs" }
def send(self, to, subject='None', message='None', attachments=None, cc=None, bcc=None, reply_to=None, encoding='utf-8', raw=False, headers={}): """ Sends an email using data specified in constructor Arguments: to: list or tuple of receiver addresses; will also accept single object subject: subject of the email message: email body text; depends on type of passed object: if 2-list or 2-tuple is passed: first element will be source of plain text while second of html text; otherwise: object will be the only source of plain text and html source will be set to None; If text or html source is: None: content part will be ignored, string: content part will be set to it, file-like object: content part will be fetched from it using it's read() method attachments: list or tuple of Mail.Attachment objects; will also accept single object cc: list or tuple of carbon copy receiver addresses; will also accept single object bcc: list or tuple of blind carbon copy receiver addresses; will also accept single object reply_to: address to which reply should be composed encoding: encoding of all strings passed to this method (including message bodies) headers: dictionary of headers to refine the headers just before sending mail, e.g. {'Return-Path' : '*****@*****.**'} Examples: #Send plain text message to single address: mail.send('*****@*****.**', 'Message subject', 'Plain text body of the message') #Send html message to single address: mail.send('*****@*****.**', 'Message subject', '<html>Plain text body of the message</html>') #Send text and html message to three addresses (two in cc): mail.send('*****@*****.**', 'Message subject', ('Plain text body', '<html>html body</html>'), cc=['*****@*****.**', '*****@*****.**']) #Send html only message with image attachment available from the message by 'photo' content id: mail.send('*****@*****.**', 'Message subject', (None, '<html><img src="cid:photo" /></html>'), Mail.Attachment('/path/to/photo.jpg' content_id='photo')) #Send email with two attachments and no body text mail.send('[email protected], 'Message subject', None, [Mail.Attachment('/path/to/fist.file'), Mail.Attachment('/path/to/second.file')]) Returns True on success, False on failure. Before return, method updates two object's fields: self.result: return value of smtplib.SMTP.sendmail() or GAE's mail.send_mail() method self.error: Exception message or None if above was successful """ def encode_header(key): if [c for c in key if 32 > ord(c) or ord(c) > 127]: return Header.Header(key.encode('utf-8'), 'utf-8') else: return key # encoded or raw text def encoded_or_raw(text): if raw: text = encode_header(text) return text if not isinstance(self.server, str): raise Exception('Server address not specified') if not isinstance(self.sender, str): raise Exception('Sender address not specified') if not raw: payload_in = MIMEMultipart.MIMEMultipart('mixed') else: # no encoding configuration for raw messages if isinstance(message, basestring): text = message.decode(encoding).encode('utf-8') else: text = message.read().decode(encoding).encode('utf-8') # No charset passed to avoid transport encoding # NOTE: some unicode encoded strings will produce # unreadable mail contents. payload_in = MIMEText.MIMEText(text) if to: if not isinstance(to, (list, tuple)): to = [to] else: raise Exception('Target receiver address not specified') if cc: if not isinstance(cc, (list, tuple)): cc = [cc] if bcc: if not isinstance(bcc, (list, tuple)): bcc = [bcc] if message is None: text = html = None elif isinstance(message, (list, tuple)): text, html = message elif message.strip().startswith('<html') and message.strip().endswith( '</html>'): text = self.server == 'gae' and message or None html = message else: text = message html = None if (not text is None or not html is None) and (not raw): attachment = MIMEMultipart.MIMEMultipart('alternative') if not text is None: if isinstance(text, basestring): text = text.decode(encoding).encode('utf-8') else: text = text.read().decode(encoding).encode('utf-8') attachment.attach(MIMEText.MIMEText(text, _charset='utf-8')) if not html is None: if isinstance(html, basestring): html = html.decode(encoding).encode('utf-8') else: html = html.read().decode(encoding).encode('utf-8') attachment.attach( MIMEText.MIMEText(html, 'html', _charset='utf-8')) payload_in.attach(attachment) if (attachments is None) or raw: pass elif isinstance(attachments, (list, tuple)): for attachment in attachments: payload_in.attach(attachment) else: payload_in.attach(attachments) ####################################################### # CIPHER # ####################################################### cipher_type = self.cipher_type sign = self.sign sign_passphrase = self.sign_passphrase encrypt = self.encrypt ####################################################### # GPGME # ####################################################### if cipher_type == 'gpg': if self.gpg_home: # Set GNUPGHOME environment variable to set home of gnupg import os os.environ['GNUPGHOME'] = self.gpg_home if not sign and not encrypt: self.error = "No sign and no encrypt is set but cipher type to gpg" return False # need a python-pyme package and gpgme lib from pyme import core, errors from pyme.constants.sig import mode ############################################ # sign # ############################################ if sign: import string core.check_version(None) pin = string.replace(payload_in.as_string(), '\n', '\r\n') plain = core.Data(pin) sig = core.Data() c = core.Context() c.set_armor(1) c.signers_clear() # search for signing key for From: for sigkey in c.op_keylist_all(self.sender, 1): if sigkey.can_sign: c.signers_add(sigkey) if not c.signers_enum(0): self.error = 'No key for signing [%s]' % self.sender return False c.set_passphrase_cb(lambda x, y, z: sign_passphrase) try: # make a signature c.op_sign(plain, sig, mode.DETACH) sig.seek(0, 0) # make it part of the email payload = MIMEMultipart.MIMEMultipart( 'signed', boundary=None, _subparts=None, **dict(micalg="pgp-sha1", protocol="application/pgp-signature")) # insert the origin payload payload.attach(payload_in) # insert the detached signature p = MIMEBase.MIMEBase("application", 'pgp-signature') p.set_payload(sig.read()) payload.attach(p) # it's just a trick to handle the no encryption case payload_in = payload except errors.GPGMEError: self.error = "GPG error: %s" return False ############################################ # encrypt # ############################################ if encrypt: core.check_version(None) plain = core.Data(payload_in.as_string()) cipher = core.Data() c = core.Context() c.set_armor(1) # collect the public keys for encryption recipients = [] rec = to[:] if cc: rec.extend(cc) if bcc: rec.extend(bcc) for addr in rec: c.op_keylist_start(addr, 0) r = c.op_keylist_next() if r is None: self.error = 'No key for [%s]' % addr return False recipients.append(r) try: # make the encryption c.op_encrypt(recipients, 1, plain, cipher) cipher.seek(0, 0) # make it a part of the email payload = MIMEMultipart.MIMEMultipart( 'encrypted', boundary=None, _subparts=None, **dict(protocol="application/pgp-encrypted")) p = MIMEBase.MIMEBase("application", 'pgp-encrypted') p.set_payload("Version: 1\r\n") payload.attach(p) p = MIMEBase.MIMEBase("application", 'octet-stream') p.set_payload(cipher.read()) payload.attach(p) except errors.GPGMEError: self.error = "GPG error: %s" return False ####################################################### # X.509 # ####################################################### elif cipher_type == 'x509': if not sign and not encrypt: self.error = "No sign and no encrypt is set but cipher type to x509" return False x509_sign_keyfile = self.x509_sign_keyfile if self.x509_sign_certfile: x509_sign_certfile = self.x509_sign_certfile else: # if there is no sign certfile we'll assume the # cert is in keyfile x509_sign_certfile = self.x509_sign_keyfile # crypt certfiles could be a string or a list x509_crypt_certfiles = self.x509_crypt_certfiles x509_nocerts = self.x509_nocerts # need m2crypto try: from M2Crypto import BIO, SMIME, X509 except Exception: self.error = "Can't load M2Crypto module" return False msg_bio = BIO.MemoryBuffer(payload_in.as_string()) s = SMIME.SMIME() # SIGN if sign: #key for signing try: s.load_key(x509_sign_keyfile, x509_sign_certfile, callback=lambda x: sign_passphrase) except Exception: self.error = "Something went wrong on certificate / private key loading: <%s>" % str( e) return False try: if x509_nocerts: flags = SMIME.PKCS7_NOCERTS else: flags = 0 if not encrypt: flags += SMIME.PKCS7_DETACHED p7 = s.sign(msg_bio, flags=flags) msg_bio = BIO.MemoryBuffer(payload_in.as_string( )) # Recreate coz sign() has consumed it. except Exception: self.error = "Something went wrong on signing: <%s> %s" return False # ENCRYPT if encrypt: try: sk = X509.X509_Stack() if not isinstance(x509_crypt_certfiles, (list, tuple)): x509_crypt_certfiles = [x509_crypt_certfiles] # make an encryption cert's stack for x in x509_crypt_certfiles: sk.push(X509.load_cert(x)) s.set_x509_stack(sk) s.set_cipher(SMIME.Cipher('des_ede3_cbc')) tmp_bio = BIO.MemoryBuffer() if sign: s.write(tmp_bio, p7) else: tmp_bio.write(payload_in.as_string()) p7 = s.encrypt(tmp_bio) except Exception: self.error = "Something went wrong on encrypting: <%s>" return False # Final stage in sign and encryption out = BIO.MemoryBuffer() if encrypt: s.write(out, p7) else: if sign: s.write(out, p7, msg_bio, SMIME.PKCS7_DETACHED) else: out.write('\r\n') out.write(payload_in.as_string()) out.close() st = str(out.read()) payload = message_from_string(st) else: # no cryptography process as usual payload = payload_in payload['From'] = encoded_or_raw(self.sender.decode(encoding)) origTo = to[:] if to: payload['To'] = encoded_or_raw(', '.join(to).decode(encoding)) if reply_to: payload['Reply-To'] = encoded_or_raw(reply_to.decode(encoding)) if cc: payload['Cc'] = encoded_or_raw(', '.join(cc).decode(encoding)) to.extend(cc) if bcc: to.extend(bcc) payload['Subject'] = encoded_or_raw(subject.decode(encoding)) payload['Date'] = time.strftime("%a, %d %b %Y %H:%M:%S +0000", time.gmtime()) for k, v in headers.iteritems(): payload[k] = encoded_or_raw(v.decode(encoding)) result = {} try: if self.server == 'logging': logger.warn('email not sent\n%s\nFrom: %s\nTo: %s\nSubject: %s\n\n%s\n%s\n' % \ ('-'*40,self.sender, ', '.join(to),subject, text or html,'-'*40)) elif self.server == 'gae': xcc = dict() if cc: xcc['cc'] = cc if bcc: xcc['bcc'] = bcc if reply_to: xcc['reply_to'] = reply_to from google.appengine.api import mail attachments = attachments and [(a.my_filename, a.my_payload) for a in attachments if not raw] if attachments: result = mail.send_mail(sender=self.sender, to=origTo, subject=subject, body=text, html=html, attachments=attachments, **xcc) elif html and (not raw): result = mail.send_mail(sender=self.sender, to=origTo, subject=subject, body=text, html=html, **xcc) else: result = mail.send_mail(sender=self.sender, to=origTo, subject=subject, body=text, **xcc) else: smtp_args = self.server.split(':') if self.ssl: server = smtplib.SMTP_SSL(*smtp_args) else: server = smtplib.SMTP(*smtp_args) if self.tls and not self.ssl: server.ehlo() server.starttls() server.ehlo() if self.login: server.login(*self.login.split(':', 1)) result = server.sendmail(self.sender, to, payload.as_string()) server.quit() except Exception: self.result = result self.error = None return False self.result = result self.error = None return True
def send(self, to, subject='[no subject]', message='[no message]', attachments=None, cc=None, bcc=None, reply_to=None, sender=None, encoding='utf-8', raw=False, headers={}, from_address=None, cipher_type=None, sign=None, sign_passphrase=None, encrypt=None, x509_sign_keyfile=None, x509_sign_chainfile=None, x509_sign_certfile=None, x509_crypt_certfiles=None, x509_nocerts=None ): """ Sends an email using data specified in constructor Args: to: list or tuple of receiver addresses; will also accept single object subject: subject of the email message: email body text; depends on type of passed object: - if 2-list or 2-tuple is passed: first element will be source of plain text while second of html text; - otherwise: object will be the only source of plain text and html source will be set to None If text or html source is: - None: content part will be ignored, - string: content part will be set to it, - file-like object: content part will be fetched from it using it's read() method attachments: list or tuple of Mail.Attachment objects; will also accept single object cc: list or tuple of carbon copy receiver addresses; will also accept single object bcc: list or tuple of blind carbon copy receiver addresses; will also accept single object reply_to: address to which reply should be composed encoding: encoding of all strings passed to this method (including message bodies) headers: dictionary of headers to refine the headers just before sending mail, e.g. `{'X-Mailer' : 'web2py mailer'}` from_address: address to appear in the 'From:' header, this is not the envelope sender. If not specified the sender will be used cipher_type : gpg - need a python-pyme package and gpgme lib x509 - smime gpg_home : you can set a GNUPGHOME environment variable to specify home of gnupg sign : sign the message (True or False) sign_passphrase : passphrase for key signing encrypt : encrypt the message (True or False). It defaults to True. ... x509 only ... x509_sign_keyfile : the signers private key filename or string containing the key. (PEM format) x509_sign_certfile: the signers certificate filename or string containing the cert. (PEM format) x509_sign_chainfile: sets the optional all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of email certificate. It can be a string containing the certs to. (PEM format) x509_nocerts : if True then no attached certificate in mail x509_crypt_certfiles: the certificates file or strings to encrypt the messages with can be a file name / string or a list of file names / strings (PEM format) Examples: Send plain text message to single address:: mail.send('*****@*****.**', 'Message subject', 'Plain text body of the message') Send html message to single address:: mail.send('*****@*****.**', 'Message subject', '<html>Plain text body of the message</html>') Send text and html message to three addresses (two in cc):: mail.send('*****@*****.**', 'Message subject', ('Plain text body', '<html>html body</html>'), cc=['*****@*****.**', '*****@*****.**']) Send html only message with image attachment available from the message by 'photo' content id:: mail.send('*****@*****.**', 'Message subject', (None, '<html><img src="cid:photo" /></html>'), Mail.Attachment('/path/to/photo.jpg' content_id='photo')) Send email with two attachments and no body text:: mail.send('[email protected], 'Message subject', None, [Mail.Attachment('/path/to/fist.file'), Mail.Attachment('/path/to/second.file')]) Returns: True on success, False on failure. Before return, method updates two object's fields: - self.result: return value of smtplib.SMTP.sendmail() or GAE's mail.send_mail() method - self.error: Exception message or None if above was successful """ # We don't want to use base64 encoding for unicode mail Charset.add_charset('utf-8', Charset.QP, Charset.QP, 'utf-8') def encode_header(key): if [c for c in key if 32 > ord(c) or ord(c) > 127]: return Header.Header(key.encode('utf-8'), 'utf-8') else: return key # encoded or raw text def encoded_or_raw(text): if raw: text = encode_header(text) return text sender = sender or self.settings.sender if not isinstance(self.settings.server, str): raise Exception('Server address not specified') if not isinstance(sender, str): raise Exception('Sender address not specified') if not raw and attachments: # Use multipart/mixed if there is attachments payload_in = MIMEMultipart.MIMEMultipart('mixed') elif raw: # no encoding configuration for raw messages if not isinstance(message, basestring): message = message.read() if isinstance(message, unicode): text = message.encode('utf-8') elif not encoding == 'utf-8': text = message.decode(encoding).encode('utf-8') else: text = message # No charset passed to avoid transport encoding # NOTE: some unicode encoded strings will produce # unreadable mail contents. payload_in = MIMEText.MIMEText(text) if to: if not isinstance(to, (list, tuple)): to = [to] else: raise Exception('Target receiver address not specified') if cc: if not isinstance(cc, (list, tuple)): cc = [cc] if bcc: if not isinstance(bcc, (list, tuple)): bcc = [bcc] if message is None: text = html = None elif isinstance(message, (list, tuple)): text, html = message elif message.strip().startswith('<html') and \ message.strip().endswith('</html>'): text = self.settings.server == 'gae' and message or None html = message else: text = message html = None if (text is not None or html is not None) and (not raw): if text is not None: if not isinstance(text, basestring): text = text.read() if isinstance(text, unicode): text = text.encode('utf-8') elif not encoding == 'utf-8': text = text.decode(encoding).encode('utf-8') if html is not None: if not isinstance(html, basestring): html = html.read() if isinstance(html, unicode): html = html.encode('utf-8') elif not encoding == 'utf-8': html = html.decode(encoding).encode('utf-8') # Construct mime part only if needed if text is not None and html: # We have text and html we need multipart/alternative attachment = MIMEMultipart.MIMEMultipart('alternative') attachment.attach(MIMEText.MIMEText(text, _charset='utf-8')) attachment.attach( MIMEText.MIMEText(html, 'html', _charset='utf-8')) elif text is not None: attachment = MIMEText.MIMEText(text, _charset='utf-8') elif html: attachment = \ MIMEText.MIMEText(html, 'html', _charset='utf-8') if attachments: # If there is attachments put text and html into # multipart/mixed payload_in.attach(attachment) else: # No attachments no multipart/mixed payload_in = attachment if (attachments is None) or raw: pass elif isinstance(attachments, (list, tuple)): for attachment in attachments: payload_in.attach(attachment) else: payload_in.attach(attachments) attachments = [attachments] ####################################################### # CIPHER # ####################################################### cipher_type = cipher_type or self.settings.cipher_type sign = sign if sign is not None else self.settings.sign sign_passphrase = sign_passphrase or self.settings.sign_passphrase encrypt = encrypt if encrypt is not None else self.settings.encrypt ####################################################### # GPGME # ####################################################### if cipher_type == 'gpg': if self.settings.gpg_home: # Set GNUPGHOME environment variable to set home of gnupg os.environ['GNUPGHOME'] = self.settings.gpg_home if not sign and not encrypt: self.error = "No sign and no encrypt is set but cipher type to gpg" return False # need a python-pyme package and gpgme lib from pyme import core, errors from pyme.constants.sig import mode ############################################ # sign # ############################################ if sign: core.check_version(None) pin = string.replace(payload_in.as_string(), '\n', '\r\n') plain = core.Data(pin) sig = core.Data() c = core.Context() c.set_armor(1) c.signers_clear() # search for signing key for From: for sigkey in c.op_keylist_all(sender, 1): if sigkey.can_sign: c.signers_add(sigkey) if not c.signers_enum(0): self.error = 'No key for signing [%s]' % sender return False c.set_passphrase_cb(lambda x, y, z: sign_passphrase) try: # make a signature c.op_sign(plain, sig, mode.DETACH) sig.seek(0, 0) # make it part of the email payload = \ MIMEMultipart.MIMEMultipart('signed', boundary=None, _subparts=None, **dict(micalg="pgp-sha1", protocol="application/pgp-signature")) # insert the origin payload payload.attach(payload_in) # insert the detached signature p = MIMEBase.MIMEBase("application", 'pgp-signature') p.set_payload(sig.read()) payload.attach(p) # it's just a trick to handle the no encryption case payload_in = payload except errors.GPGMEError, ex: self.error = "GPG error: %s" % ex.getstring() return False ############################################ # encrypt # ############################################ if encrypt: core.check_version(None) plain = core.Data(payload_in.as_string()) cipher = core.Data() c = core.Context() c.set_armor(1) # collect the public keys for encryption recipients = [] rec = to[:] if cc: rec.extend(cc) if bcc: rec.extend(bcc) for addr in rec: c.op_keylist_start(addr, 0) r = c.op_keylist_next() if r is None: self.error = 'No key for [%s]' % addr return False recipients.append(r) try: # make the encryption c.op_encrypt(recipients, 1, plain, cipher) cipher.seek(0, 0) # make it a part of the email payload = MIMEMultipart.MIMEMultipart('encrypted', boundary=None, _subparts=None, **dict(protocol="application/pgp-encrypted")) p = MIMEBase.MIMEBase("application", 'pgp-encrypted') p.set_payload("Version: 1\r\n") payload.attach(p) p = MIMEBase.MIMEBase("application", 'octet-stream') p.set_payload(cipher.read()) payload.attach(p) except errors.GPGMEError, ex: self.error = "GPG error: %s" % ex.getstring() return False