def encrypt_signed_uid(self, key, filename):
'''Encrypt the file we exported the signed UID to.'''
(base, ext) = os.path.splitext(os.path.basename(filename))
enc_file = '%s_ENCRYPTED%s' % (base, ext)
enc_path = self._outfile_path(enc_file)
if os.path.exists(enc_path):
os.unlink(enc_path)
cmd = [self.gpg] + self.gpg_base_opts + self.gpg_quiet_opts + \
self.gpg_fd_opts + [
'--no-default-keyring',
'--keyring', self.tmp_keyring,
'--always-trust',
'--armor',
'-r', key,
'--output', enc_path,
'-e', filename,
]
logcmd(cmd)
gpg = subprocess.Popen(cmd,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=self.null,
close_fds=True)
# Must send a blank line...
gpg.stdin.write('\n')
while True:
debug('Waiting for response')
line = gpg.stdout.readline().strip()
debug('Got %s' % line)
if PiusSigner.GPG_ENC_BEG in line:
debug('Got GPG_ENC_BEG')
continue
elif PiusSigner.GPG_ENC_COMPLIANT_MODE in line:
debug('Got ENCRYPTION_COMPLIANCE_MODE')
continue
elif PiusSigner.GPG_ENC_END in line:
debug('Got GPG_ENC_END')
break
elif PiusSigner.GPG_ENC_INV in line:
debug('Got GPG_ENC_INV')
raise EncryptionKeyError
elif (PiusSigner.GPG_KEY_EXP in line
or PiusSigner.GPG_SIG_EXP in line):
# These just mean we passed a given key/sig that's expired, there
# may be ones left that are good. We cannot report an error until
# we get a ENC_INV.
debug('Got GPG_KEY_EXP')
continue
elif PiusSigner.GPG_KEY_CONSIDERED in line:
debug('Got KEY_CONSIDERED')
continue
elif PiusSigner.GPG_PROGRESS in line:
debug('Got skippable stuff')
continue
else:
raise EncryptionUnknownError(line)
gpg.wait()
return enc_file
def encrypt_and_sign_file(self, infile, outfile, keyid):
'''Encrypt and sign a file.
Used for PGP/Mime email generation.'''
agent = []
if self.mode == MODE_AGENT:
agent = ['--use-agent']
cmd = [self.gpg] + self.gpg_base_opts + self.gpg_quiet_opts + \
self.gpg_fd_opts + agent + [
'--no-default-keyring',
'--keyring', self.tmp_keyring,
'--no-options',
'--always-trust',
'-u', self.force_signer,
'-aes',
'-r', keyid,
'-r', self.signer,
'--output', outfile,
infile,
]
logcmd(cmd)
gpg = subprocess.Popen(cmd,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=self.null,
close_fds=True)
if self.mode == MODE_AGENT:
# For some reason when using agent an initial enter is needed
gpg.stdin.write('\n')
else:
# For some unidentified reason you must send the passphrase
# first, not when it asks for it.
debug('Sending passphrase')
gpg.stdin.write('%s\n' % self.passphrase)
while True:
debug('Waiting for response')
line = gpg.stdout.readline().strip()
debug('Got %s' % line)
if PiusSigner.GPG_ENC_BEG in line:
debug('Got GPG_ENC_BEG')
continue
elif PiusSigner.GPG_ENC_END in line:
debug('Got GPG_ENC_END')
break
elif PiusSigner.GPG_ENC_INV in line:
debug('Got GPG_ENC_INV')
raise EncryptionKeyError
elif PiusSigner.GPG_KEY_CONSIDERED in line:
debug('Got KEY_CONSIDERED')
continue
elif (PiusSigner.GPG_KEY_EXP in line
or PiusSigner.GPG_SIG_EXP in line):
# These just mean we passed a given key/sig that's expired, there
# may be ones left that are good. We cannot report an error until
# we get a ENC_INV.
debug('Got GPG_KEY/SIG_EXP')
continue
elif (PiusSigner.GPG_USERID in line
or PiusSigner.GPG_NEED_PASS in line
or PiusSigner.GPG_GOOD_PASS in line
or PiusSigner.GPG_SIG_BEG in line
or PiusSigner.GPG_SIG_CREATED in line
or PiusSigner.GPG_PROGRESS in line
or PiusSigner.GPG_PINENTRY_LAUNCHED in line
or PiusSigner.GPG_WARN_VERSION):
debug('Got skippable stuff')
continue
else:
raise EncryptionUnknownError(line)
retval = gpg.wait()
if retval != 0:
raise EncryptionUnknownError("Return code was %s" % retval)
def encrypt_and_sign_file(self, infile, outfile, keyid):
"""Encrypt and sign a file.
Used for PGP/Mime email generation."""
cmd = ([self.gpg] + GPG_BASE_OPTS + GPG_QUIET_OPTS + GPG_FD_OPTS + [
"--keyring",
self.tmp_keyring,
"--no-options",
"--always-trust",
"-u",
self.force_signer,
"-aes",
"-r",
keyid,
"-r",
self.signer,
"--output",
outfile,
infile,
])
PiusUtil.logcmd(cmd)
gpg = subprocess.Popen(
cmd,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=self.null,
close_fds=True,
text=True,
)
# For some reason when using agent an initial enter is needed
gpg.stdin.write("\n")
skippable = [
PiusSigner.GPG_USERID,
PiusSigner.GPG_NEED_PASS,
PiusSigner.GPG_GOOD_PASS,
PiusSigner.GPG_SIG_BEG,
PiusSigner.GPG_SIG_CREATED,
PiusSigner.GPG_PROGRESS,
PiusSigner.GPG_PINENTRY_LAUNCHED,
PiusSigner.GPG_WARN_VERSION,
]
while True:
PiusUtil.debug("Waiting for response")
line = gpg.stdout.readline().strip()
PiusUtil.debug("Got %s" % line)
if PiusSigner.GPG_ENC_BEG in line:
PiusUtil.debug("Got GPG_ENC_BEG")
continue
elif PiusSigner.GPG_ENC_END in line:
PiusUtil.debug("Got GPG_ENC_END")
break
elif PiusSigner.GPG_ENC_INV in line:
PiusUtil.debug("Got GPG_ENC_INV")
raise EncryptionKeyError
elif PiusSigner.GPG_KEY_CONSIDERED in line:
PiusUtil.debug("Got KEY_CONSIDERED")
continue
elif (PiusSigner.GPG_KEY_EXP in line
or PiusSigner.GPG_SIG_EXP in line):
# These just mean we passed a given key/sig that's expired,
# there may be ones left that are good. We cannot report an
# error until we get a ENC_INV.
PiusUtil.debug("Got GPG_KEY/SIG_EXP")
continue
elif any([s in line for s in skippable]):
PiusUtil.debug("Got skippable stuff")
continue
else:
raise EncryptionUnknownError(line)
retval = gpg.wait()
if retval != 0:
raise EncryptionUnknownError("Return code was %s" % retval)
def encrypt_signed_uid(self, key, filename):
"""Encrypt the file we exported the signed UID to."""
(base, ext) = os.path.splitext(os.path.basename(filename))
enc_file = "%s_ENCRYPTED%s" % (base, ext)
enc_path = self._outfile_path(enc_file)
if os.path.exists(enc_path):
os.unlink(enc_path)
cmd = ([self.gpg] + GPG_BASE_OPTS + GPG_QUIET_OPTS + GPG_FD_OPTS + [
"--keyring",
self.tmp_keyring,
"--always-trust",
"--armor",
"-r",
key,
"--output",
enc_path,
"-e",
filename,
])
PiusUtil.logcmd(cmd)
gpg = subprocess.Popen(
cmd,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=self.null,
close_fds=True,
)
# Must send a blank line...
gpg.stdin.write("\n")
while True:
PiusUtil.debug("Waiting for response")
line = gpg.stdout.readline().strip()
PiusUtil.debug("Got %s" % line)
if PiusSigner.GPG_ENC_BEG in line:
PiusUtil.debug("Got GPG_ENC_BEG")
continue
elif PiusSigner.GPG_ENC_COMPLIANT_MODE in line:
PiusUtil.debug("Got ENCRYPTION_COMPLIANCE_MODE")
continue
elif PiusSigner.GPG_ENC_END in line:
PiusUtil.debug("Got GPG_ENC_END")
break
elif PiusSigner.GPG_ENC_INV in line:
PiusUtil.debug("Got GPG_ENC_INV")
raise EncryptionKeyError
elif (PiusSigner.GPG_KEY_EXP in line
or PiusSigner.GPG_SIG_EXP in line):
# These just mean we passed a given key/sig that's expired,
# there may be ones left that are good. We cannot report an
# error until we get a ENC_INV.
PiusUtil.debug("Got GPG_KEY_EXP")
continue
elif PiusSigner.GPG_KEY_CONSIDERED in line:
PiusUtil.debug("Got KEY_CONSIDERED")
continue
elif PiusSigner.GPG_PROGRESS in line:
PiusUtil.debug("Got skippable stuff")
continue
else:
raise EncryptionUnknownError(line)
gpg.wait()
return enc_file