[DNM] GSoC Work Product

.gitignore

@@ -3,3 +3,5 @@ tests/gnupg/pubring.kbx
 tests/gnupg/trustdb.gpg
 tests/gnupg/tofu.db
 tests/gnupg/pubring.kbx~
+__pycache__/
+*.pyc

src/auxiliary.sh

@@ -31,7 +31,10 @@ is_false() {
 }
 
 gpg_version() {
-    gpg --version | head -n 1 | cut -d" " -f3
+    python3 <<EndOfPythonCode
+import gpg
+print(gpg.Context().engine_info.version)
+EndOfPythonCode
 }
 
 # Return the ids of the keys that are not revoked and not expired.

src/cmd/contact/delete.sh

@@ -22,11 +22,7 @@ cmd_contact_delete() {
     [[ $err != 0 ]] && fail "Usage:\n$(cmd_contact_delete_help)"
     [[ -z $1 ]] && fail "Usage:\n$(cmd_contact_delete_help)"
 
-    if [[ $force == 0 ]]; then
-        gpg --delete-keys "$@"
-    else
-        gpg --batch --no-tty --yes --delete-keys "$@"
-    fi
+    call_gpg contact/delete.py $force "$@"
 }
 
 #

src/cmd/contact/export.sh

@@ -9,7 +9,7 @@ _EOF
 }
 
 cmd_contact_export() {
-    local opts output="-"
+    local opts output
     opts="$(getopt -o o: -l output: -n "$PROGRAM" -- "$@")"
     local err=$?
     eval set -- "$opts"
@@ -21,8 +21,15 @@ cmd_contact_export() {
     done
     [[ $err == 0 ]] || fail "Usage:\n$(cmd_contact_export_help)"
 
+    if [[ -f "$output" ]]; then
+        yesno "File '$output' exists. Overwrite?" || return 1
+    fi
+
+    # set output to stdout if empty
+    [[ -z "$output" ]] && output="-"
+
     # export
-    gpg --armor --export --output $output $@
+    call_gpg contact/export.py "$GNUPGHOME" "$output" "$@"
 }
 
 #

src/cmd/contact/fetch.sh

@@ -30,10 +30,10 @@ cmd_contact_fetch() {
     # export to tmp file
     workdir_make
     local file="$WORKDIR/contacts.asc"
-    gpg --homedir="$homedir" --armor --export "$@" > "$file"
+    call_gpg contact/export.py "$homedir" "$file" "$@"
 
     # import from the tmp file
-    gpg --import "$file"
+    call_gpg contact/import.py "$file"
     workdir_clear
 }
 

src/cmd/contact/fetchuri.sh

@@ -10,11 +10,10 @@ _EOF
 
 cmd_contact_fetchuri() {
     [[ -z $1 ]] && fail "Usage:\n$(cmd_contact_fetchuri_help)"
-    #gpg --fetch-keys "$@"
     workdir_make
     cd "$WORKDIR"
     wget -q $@
-    gpg --import *
+    call_gpg contact/import.py *
     workdir_clear
 }
 

src/cmd/contact/import.sh

@@ -15,7 +15,7 @@ cmd_contact_import() {
 
     # import
     echo "Importing contacts from file: $file"
-    gpg --import "$file"
+    call_gpg contact/import.py "$file"
 }
 
 #

src/cmd/contact/list.sh

@@ -35,14 +35,7 @@ cmd_contact_list() {
         return
 
     # display the details of each key
-    local ids
-    ids=$(gpg --list-keys --with-colons "$@" | grep '^pub' | cut -d: -f5)
-    source "$LIBDIR/fn/print_key.sh"
-    for id in $ids; do
-        echo
-        print_key $id
-        echo
-    done
+    call_gpg contact/list.py "$@"
 }
 
 #

src/cmd/contact/receive.sh

@@ -22,7 +22,7 @@ cmd_contact_receive() {
     [[ $err != 0 ]] && fail "Usage:\n$(cmd_contact_receive_help)"
     [[ -z $1 ]] && fail "Usage:\n$(cmd_contact_receive_help)"
 
-    gpg --keyserver "$keyserver" --recv-keys "$@"
+    call_gpg contact/receive.py "$keyserver" "$@"
 }
 
 #

src/cmd/contact/search.sh

@@ -22,7 +22,7 @@ cmd_contact_search() {
     [[ $err != 0 ]] && fail "Usage:\n$(cmd_contact_search_help)"
     [[ -z $1 ]] && fail "Usage:\n$(cmd_contact_search_help)"
 
-    gpg --keyserver="$keyserver" --search-keys "$@"
+    call_gpg contact/search.py "$keyserver" "$@"
 }
 
 #

src/cmd/contact/trust.sh

@@ -35,8 +35,7 @@ cmd_contact_trust() {
         *) fail "Unknown trust level: $level" ;;
     esac
 
-    local commands=$(echo "$level|quit" | tr '|' "\n")
-    echo -e "$commands" | gpg --no-tty --command-fd=0 --edit-key "$contact" trust 2>/dev/null
+    call_gpg contact/trust.py "$contact" "$level" || fail ""
     call cmd_contact_list "$contact" | grep -e "^uid:" -e "^trust:" -e "^\$"
 }
 

src/cmd/key/delete.sh

@@ -19,8 +19,9 @@ cmd_key_delete() {
     for grip in $(get_keygrips $key_id); do
         rm -f "$GNUPGHOME"/private-keys-v1.d/$grip.key
     done
+
     # delete public keys
-    gpg --delete-keys --batch --yes "$fingerprint"
+    call_gpg key/delete.py "$fingerprint"
 
     # remove any partials
     rm -f "$GNUPGHOME"/$key_id.key.[0-9][0-9][0-9]

src/cmd/key/gen.sh

@@ -59,7 +59,7 @@ cmd_key_gen() {
 
     # generate the key
     haveged_start
-    echo -e "$PARAMETERS" | gpg --batch --gen-key 2>/dev/null
+    call_gpg key/gen.py "$PARAMETERS" || fail ""
     haveged_stop
 
     # restrict expiration time to 1 month from now

src/cmd/key/list.sh

@@ -43,10 +43,9 @@ cmd_key_list() {
         return
 
     # display the details of each key
-    source "$LIBDIR/fn/print_key.sh"
     for gpg_key in $secret_keys; do
         echo
-        print_key $gpg_key
+        call_gpg fn/print_key.py $gpg_key
         echo
     done
 }

src/cmd/key/pass.sh

@@ -17,7 +17,7 @@ Try first:  $(basename $0) key join
       and:  $(basename $0) key split
 "
 
-    gpg --batch --no-tty --passwd $GPG_KEY
+    call_gpg key/pass.py $GPG_KEY
 }
 
 #

src/cmd/key/renew.sh

@@ -28,9 +28,7 @@ Try first:  $(basename $0) key join
     local today=$(date -d $(date +%F) +%s)
     time=$(( ( $expday - $today ) / 86400 ))
 
-    local commands=";expire;$time;y;key 1;expire;$time;y;key 1;save"
-    commands=$(echo "$commands" | tr ';' "\n")
-    echo -e "$commands" | gpg --no-tty --command-fd=0 --key-edit $GPG_KEY 2>/dev/null
+    call_gpg key/renew.py "$GPG_KEY" "$time" || fail ""
     call_fn gpg_send_keys $GPG_KEY
 
     call cmd_key_list

src/cmd/key/rev.sh

@@ -27,7 +27,8 @@ Are you sure about this?" || return 1
 
     # import the revocation certificate
     sed -i "$revcert" -e "s/^:---/---/"
-    gpg --import "$revcert"
+    call_gpg key/rev.py "$revcert" || fail ""
+
     call_fn gpg_send_keys $GPG_KEY
 }
 

src/cmd/open.sh

@@ -18,11 +18,13 @@ cmd_open() {
     local output=${file%.sealed}
     [[ "$output" != "$file" ]] || fail "The given file does not end in '.sealed'."
 
+    if [[ -f "$output" ]]; then
+        yesno "File '$output' exists. Overwrite?" || return 1
+    fi
+
     # decrypt and verify
     gnupghome_setup
-    gpg --keyserver "$KEYSERVER" \
-        --keyserver-options auto-key-retrieve,honor-keyserver-url \
-        --decrypt --output "$output" "$file"
+    call_gpg open.py "$file" "$output" # $output will be overwritten if exists
     gnupghome_reset
 }
 

src/cmd/seal.sh

@@ -19,22 +19,18 @@ cmd_seal() {
         rm -f "$file.sealed"
     fi
 
-    # get recipients
     get_gpg_key
-    local recipients="--recipient $GPG_KEY"
-    while [[ -n "$1" ]]; do
-        recipients="$recipients --recipient $1"
-        shift
-    done
-
+    local recipients=("$GPG_KEY" "$@")
+
     # sign and encrypt
     gnupghome_setup
-    gpg --no-tty --auto-key-locate=local,cert,keyserver,pka \
-        --keyserver "$KEYSERVER" $recipients \
-        --sign --encrypt --armor \
-        --output "$file.sealed" "$file"
+    call_gpg seal.py "$file" "$recipients"
+    local err=$?
     gnupghome_reset
+
+    [[ $err == 0 ]] || fail ""
 
+    [[ -s "$file.sealed" ]] || rm -f "$file.sealed"
     [[ -f "$file.sealed" ]] && shred "$file"
 }
 

src/cmd/sign.sh

@@ -15,8 +15,7 @@ cmd_sign() {
 
     # sign
     gnupghome_setup
-    gpg --local-user $GPG_KEY \
-        --detach-sign --armor --output "$file.signature" "$file"
+    call_gpg sign.py $GPG_KEY "$file"
     gnupghome_reset
 }
 

src/cmd/verify.sh

@@ -17,7 +17,7 @@ cmd_verify() {
     [[ -f "$file" ]] || fail "Cannot find file '$file'"
 
     # verify
-    gpg --verify "$signature" "$file"
+    call_gpg verify.py "$signature" "$file"
 }
 
 #

src/egpg.sh

@@ -121,6 +121,18 @@ call_fn() {
     $fn "$@"
 }
 
+call_gpg() {
+    local file=$1; shift
+    local pyfile="$LIBDIR/gpg/$file"
+    [[ -f "$pyfile" ]] || fail "Cannot find python file: $pyfile"
+    if is_true $DEBUG; then
+        # User can override level by exporting GPGME_DEBUG
+        [[ -z "$GPGME_DEBUG" ]] && export GPGME_DEBUG=2
+    fi
+    export PYTHONPATH=$PYTHONPATH:"$LIBDIR/gpg/"
+    python3 "$pyfile" "$@"
+}
+
 call_ext() {
     local cmd=$1; shift
 
@@ -185,6 +197,7 @@ config() {
 
     export GNUPGHOME
     export GPG_TTY=$(tty)
+    export DEBUG
 
     # create the config file, if it does not exist
     local gpghome="$GNUPGHOME"

src/fn/restore_key.sh

@@ -13,7 +13,7 @@ restore_key() {
 
     # restore public keys
     local pub_key=$(ls "$WORKDIR"/*/*.pub)
-    gpg --import "$pub_key" || fail "Failed to import public key."
+    call_gpg contact/import.py "$pub_key" || fail "Failed to import public key."
 
     # set trust to 'ultimate'
     local key_id=$(basename "${pub_key%.pub}")

src/gpg/contact/delete.py

@@ -0,0 +1,30 @@
+import sys
+
+import gpg
+
+from fn.auxiliary import handle_exception
+from fn.print_key import print_key
+
+
+@handle_exception(gpg.errors.GpgError)
+def delete(contacts, force):
+    c = gpg.Context()
+    for contact in contacts:
+        keys = list(c.keylist(contact))
+        ans = "n"
+        for key in keys:
+            if not force:
+                print_key(key.fpr, end="\n")
+                try:
+                    ans = input("Delete this contact? (y/N)")
+                except EOFError:
+                    exit(0)
+
+            if ans.lower() == 'y' or force:
+                c.op_delete(key, False)
+
+
+if __name__ == "__main__":
+    force = int(sys.argv[1])
+    contacts = sys.argv[2:]
+    delete(contacts, force)