;;; pgg-gpg.el --- GnuPG support for PGG.
-;; Copyright (C) 1999, 2000, 2003 Free Software Foundation, Inc.
+;; Copyright (C) 1999, 2000, 2002, 2003, 2004,
+;; 2005, 2006 Free Software Foundation, Inc.
;; Author: Daiki Ueno <ueno@unixuser.org>
+;; Symmetric encryption added by: Sascha Wilde <wilde@sha-bang.de>
;; Created: 1999/10/28
;; Keywords: PGP, OpenPGP, GnuPG
;; You should have received a copy of the GNU General Public License
;; along with GNU Emacs; see the file COPYING. If not, write to the
-;; Free Software Foundation, Inc., 59 Temple Place - Suite 330,
-;; Boston, MA 02111-1307, USA.
+;; Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+;; Boston, MA 02110-1301, USA.
;;; Code:
(require 'pgg))
(defgroup pgg-gpg ()
- "GnuPG interface"
+ "GnuPG interface."
:group 'pgg)
-(defcustom pgg-gpg-program "gpg"
+(defcustom pgg-gpg-program "gpg"
"The GnuPG executable."
:group 'pgg-gpg
:type 'string)
:group 'pgg-gpg
:type '(repeat (string :tag "Argument")))
+(defcustom pgg-gpg-recipient-argument "--recipient"
+ "GnuPG option to specify recipient."
+ :group 'pgg-gpg
+ :type '(choice (const :tag "New `--recipient' option" "--recipient")
+ (const :tag "Old `--remote-user' option" "--remote-user")))
+
(defvar pgg-gpg-user-id nil
"GnuPG ID of your default identity.")
(unwind-protect
(progn
(set-default-file-modes 448)
- (let ((coding-system-for-write 'binary)
+ (let ((coding-system-for-write 'binary)
(input (buffer-substring-no-properties start end))
(default-enable-multibyte-characters nil))
- (with-temp-buffer
- (when passphrase
- (insert passphrase "\n"))
- (insert input)
- (setq exit-status
- (apply #'call-process-region (point-min) (point-max) program
- nil errors-buffer nil args))))
+ (with-temp-buffer
+ (when passphrase
+ (insert passphrase "\n"))
+ (insert input)
+ (setq exit-status
+ (apply #'call-process-region (point-min) (point-max) program
+ nil errors-buffer nil args))))
(with-current-buffer (get-buffer-create output-buffer)
(buffer-disable-undo)
(erase-buffer)
(if (file-exists-p output-file-name)
- (let ((coding-system-for-read 'raw-text-dos))
+ (let ((coding-system-for-read (if pgg-text-mode
+ 'raw-text
+ 'binary)))
(insert-file-contents output-file-name)))
(set-buffer errors-buffer)
(if (not (equal exit-status 0))
(insert (format "\n%s exited abnormally: '%s'\n"
- program exit-status)))))
+ program exit-status)))))
(if (file-exists-p output-file-name)
(delete-file output-file-name))
(set-default-file-modes orig-mode))))
-(defun pgg-gpg-possibly-cache-passphrase (passphrase)
+(defun pgg-gpg-possibly-cache-passphrase (passphrase &optional key notruncate)
(if (and pgg-cache-passphrase
(progn
(goto-char (point-min))
- (re-search-forward "^\\[GNUPG:] GOOD_PASSPHRASE\\>" nil t)))
- (pgg-add-passphrase-cache
- (progn
- (goto-char (point-min))
- (if (re-search-forward
- "^\\[GNUPG:] NEED_PASSPHRASE \\w+ ?\\w*" nil t)
- (substring (match-string 0) -8)))
- passphrase)))
+ (re-search-forward "^\\[GNUPG:] \\(GOOD_PASSPHRASE\\>\\)\\|\\(SIG_CREATED\\)" nil t)))
+ (pgg-add-passphrase-to-cache
+ (or key
+ (progn
+ (goto-char (point-min))
+ (if (re-search-forward
+ "^\\[GNUPG:] NEED_PASSPHRASE\\(_PIN\\)? \\w+ ?\\w*" nil t)
+ (substring (match-string 0) -8))))
+ passphrase
+ notruncate)))
+
+(defvar pgg-gpg-all-secret-keys 'unknown)
+
+(defun pgg-gpg-lookup-all-secret-keys ()
+ "Return all secret keys present in secret key ring."
+ (when (eq pgg-gpg-all-secret-keys 'unknown)
+ (setq pgg-gpg-all-secret-keys '())
+ (let ((args (list "--with-colons" "--no-greeting" "--batch"
+ "--list-secret-keys")))
+ (with-temp-buffer
+ (apply #'call-process pgg-gpg-program nil t nil args)
+ (goto-char (point-min))
+ (while (re-search-forward
+ "^\\(sec\\|pub\\):[^:]*:[^:]*:[^:]*:\\([^:]*\\)" nil t)
+ (push (substring (match-string 2) 8)
+ pgg-gpg-all-secret-keys)))))
+ pgg-gpg-all-secret-keys)
(defun pgg-gpg-lookup-key (string &optional type)
"Search keys associated with STRING."
(with-temp-buffer
(apply #'call-process pgg-gpg-program nil t nil args)
(goto-char (point-min))
- (if (re-search-forward "^\\(sec\\|pub\\):" nil t)
- (substring
- (nth 3 (split-string
- (buffer-substring (match-end 0)
- (progn (end-of-line)(point)))
- ":")) 8)))))
+ (if (re-search-forward "^\\(sec\\|pub\\):[^:]*:[^:]*:[^:]*:\\([^:]*\\)"
+ nil t)
+ (substring (match-string 2) 8)))))
+
+(defun pgg-gpg-lookup-key-owner (string &optional all)
+ "Search keys associated with STRING and return owner of identified key.
+
+The value may be just the bare key id, or it may be a combination of the
+user name associated with the key and the key id, with the key id enclosed
+in \"<...>\" angle brackets.
+
+Optional ALL non-nil means search all keys, including secret keys."
+ (let ((args (list "--with-colons" "--no-greeting" "--batch"
+ (if all "--list-secret-keys" "--list-keys")
+ string))
+ (key-regexp (concat "^\\(sec\\|pub\\)"
+ ":[^:]*:[^:]*:[^:]*:\\([^:]*\\):[^:]*"
+ ":[^:]*:[^:]*:[^:]*:\\([^:]*\\):")))
+ (with-temp-buffer
+ (apply #'call-process pgg-gpg-program nil t nil args)
+ (goto-char (point-min))
+ (if (re-search-forward key-regexp
+ nil t)
+ (match-string 3)))))
-(defun pgg-gpg-encrypt-region (start end recipients &optional sign)
+(defun pgg-gpg-key-id-from-key-owner (key-owner)
+ (cond ((not key-owner) nil)
+ ;; Extract bare key id from outermost paired angle brackets, if any:
+ ((string-match "[^<]*<\\(.+\\)>[^>]*" key-owner)
+ (substring key-owner (match-beginning 1)(match-end 1)))
+ (key-owner)))
+
+(defun pgg-gpg-encrypt-region (start end recipients &optional sign passphrase)
"Encrypt the current region between START and END.
-If optional argument SIGN is non-nil, do a combined sign and encrypt."
+
+If optional argument SIGN is non-nil, do a combined sign and encrypt.
+
+If optional PASSPHRASE is not specified, it will be obtained from the
+passphrase cache or user."
(let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
- (passphrase
- (when sign
- (pgg-read-passphrase
- (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
- (pgg-gpg-lookup-key pgg-gpg-user-id 'encrypt))))
+ (passphrase (or passphrase
+ (when sign
+ (pgg-read-passphrase
+ (format "GnuPG passphrase for %s: "
+ pgg-gpg-user-id)
+ pgg-gpg-user-id))))
(args
(append
(list "--batch" "--armor" "--always-trust" "--encrypt")
+ (if pgg-text-mode (list "--textmode"))
(if sign (list "--sign" "--local-user" pgg-gpg-user-id))
(if recipients
(apply #'nconc
(mapcar (lambda (rcpt)
- (list "--remote-user" rcpt))
+ (list pgg-gpg-recipient-argument rcpt))
(append recipients
(if pgg-encrypt-for-me
(list pgg-gpg-user-id)))))))))
- (pgg-as-lbt start end 'CRLF
- (pgg-gpg-process-region start end passphrase pgg-gpg-program args))
+ (pgg-gpg-process-region start end passphrase pgg-gpg-program args)
(when sign
(with-current-buffer pgg-errors-buffer
+ ;; Possibly cache passphrase under, e.g. "jas", for future sign.
+ (pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)
+ ;; Possibly cache passphrase under, e.g. B565716F, for future decrypt.
(pgg-gpg-possibly-cache-passphrase passphrase)))
(pgg-process-when-success)))
-(defun pgg-gpg-decrypt-region (start end)
- "Decrypt the current region between START and END."
- (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
- (passphrase
- (pgg-read-passphrase
- (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
- (pgg-gpg-lookup-key pgg-gpg-user-id 'encrypt)))
+(defun pgg-gpg-encrypt-symmetric-region (start end &optional passphrase)
+ "Encrypt the current region between START and END with symmetric cipher.
+
+If optional PASSPHRASE is not specified, it will be obtained from the
+passphrase cache or user."
+ (let* ((passphrase (or passphrase
+ (pgg-read-passphrase
+ "GnuPG passphrase for symmetric encryption: ")))
+ (args
+ (append (list "--batch" "--armor" "--symmetric" )
+ (if pgg-text-mode (list "--textmode")))))
+ (pgg-gpg-process-region start end passphrase pgg-gpg-program args)
+ (pgg-process-when-success)))
+
+(defun pgg-gpg-decrypt-region (start end &optional passphrase)
+ "Decrypt the current region between START and END.
+
+If optional PASSPHRASE is not specified, it will be obtained from the
+passphrase cache or user."
+ (let* ((current-buffer (current-buffer))
+ (message-keys (with-temp-buffer
+ (insert-buffer-substring current-buffer)
+ (pgg-decode-armor-region (point-min) (point-max))))
+ (secret-keys (pgg-gpg-lookup-all-secret-keys))
+ ;; XXX the user is stuck if they need to use the passphrase for
+ ;; any but the first secret key for which the message is
+ ;; encrypted. ideally, we would incrementally give them a
+ ;; chance with subsequent keys each time they fail with one.
+ (key (pgg-gpg-select-matching-key message-keys secret-keys))
+ (key-owner (and key (pgg-gpg-lookup-key-owner key t)))
+ (key-id (pgg-gpg-key-id-from-key-owner key-owner))
+ (pgg-gpg-user-id (or key-id key
+ pgg-gpg-user-id pgg-default-user-id))
+ (passphrase (or passphrase
+ (pgg-read-passphrase
+ (format (if (pgg-gpg-symmetric-key-p message-keys)
+ "Passphrase for symmetric decryption: "
+ "GnuPG passphrase for %s: ")
+ (or key-owner "??"))
+ pgg-gpg-user-id)))
(args '("--batch" "--decrypt")))
(pgg-gpg-process-region start end passphrase pgg-gpg-program args)
(with-current-buffer pgg-errors-buffer
- (pgg-gpg-possibly-cache-passphrase passphrase)
+ (pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)
(goto-char (point-min))
(re-search-forward "^\\[GNUPG:] DECRYPTION_OKAY\\>" nil t))))
-(defun pgg-gpg-sign-region (start end &optional cleartext)
+;;;###autoload
+(defun pgg-gpg-symmetric-key-p (message-keys)
+ "True if decoded armor MESSAGE-KEYS has symmetric encryption indicator."
+ (let (result)
+ (dolist (key message-keys result)
+ (when (and (eq (car key) 3)
+ (member '(symmetric-key-algorithm) key))
+ (setq result key)))))
+
+(defun pgg-gpg-select-matching-key (message-keys secret-keys)
+ "Choose a key from MESSAGE-KEYS that matches one of the keys in SECRET-KEYS."
+ (loop for message-key in message-keys
+ for message-key-id = (and (equal (car message-key) 1)
+ (cdr (assq 'key-identifier
+ (cdr message-key))))
+ for key = (and message-key-id (pgg-lookup-key message-key-id 'encrypt))
+ when (and key (member key secret-keys)) return key))
+
+(defun pgg-gpg-sign-region (start end &optional cleartext passphrase)
"Make detached signature from text between START and END."
(let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
- (passphrase
- (pgg-read-passphrase
- (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
- (pgg-gpg-lookup-key pgg-gpg-user-id 'sign)))
+ (passphrase (or passphrase
+ (pgg-read-passphrase
+ (format "GnuPG passphrase for %s: " pgg-gpg-user-id)
+ pgg-gpg-user-id)))
(args
- (list (if cleartext "--clearsign" "--detach-sign")
- "--armor" "--batch" "--verbose"
- "--local-user" pgg-gpg-user-id))
+ (append (list (if cleartext "--clearsign" "--detach-sign")
+ "--armor" "--batch" "--verbose"
+ "--local-user" pgg-gpg-user-id)
+ (if pgg-text-mode (list "--textmode"))))
(inhibit-read-only t)
buffer-read-only)
- (pgg-as-lbt start end 'CRLF
- (pgg-gpg-process-region start end passphrase pgg-gpg-program args))
+ (pgg-gpg-process-region start end passphrase pgg-gpg-program args)
(with-current-buffer pgg-errors-buffer
+ ;; Possibly cache passphrase under, e.g. "jas", for future sign.
+ (pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)
+ ;; Possibly cache passphrase under, e.g. B565716F, for future decrypt.
(pgg-gpg-possibly-cache-passphrase passphrase))
(pgg-process-when-success)))
(when (re-search-forward "^\\[GNUPG:] IMPORT_RES\\>" nil t)
(setq status (buffer-substring (match-end 0)
(progn (end-of-line)(point)))
- status (vconcat (mapcar #'string-to-int (split-string status))))
+ status (vconcat (mapcar #'string-to-number (split-string status))))
(erase-buffer)
(insert (format "Imported %d key(s).
\tArmor contains %d key(s) [%d bad, %d old].\n"
(provide 'pgg-gpg)
+;;; arch-tag: 2aa5d5d8-93a0-4865-9312-33e29830e000
;;; pgg-gpg.el ends here