X-Git-Url: http://cgit.sxemacs.org/?a=blobdiff_plain;f=lisp%2Fpgg-gpg.el;h=78db15787c081cc09c918768dba9742577feed05;hb=9002a084723b19bb6638edc40f7e5938f9ec9876;hp=d453abf9ffbec865e9090112ab074316610bd705;hpb=c8282af8747f02a97ccdf2c8f5e664ad3060109b;p=gnus diff --git a/lisp/pgg-gpg.el b/lisp/pgg-gpg.el index d453abf9f..78db15787 100644 --- a/lisp/pgg-gpg.el +++ b/lisp/pgg-gpg.el @@ -1,8 +1,10 @@ ;;; pgg-gpg.el --- GnuPG support for PGG. -;; Copyright (C) 1999, 2000, 2003, 2004 Free Software Foundation, Inc. +;; Copyright (C) 1999, 2000, 2002, 2003, 2004, +;; 2005, 2006 Free Software Foundation, Inc. ;; Author: Daiki Ueno +;; Symmetric encryption added by: Sascha Wilde ;; Created: 1999/10/28 ;; Keywords: PGP, OpenPGP, GnuPG @@ -20,8 +22,8 @@ ;; You should have received a copy of the GNU General Public License ;; along with GNU Emacs; see the file COPYING. If not, write to the -;; Free Software Foundation, Inc., 59 Temple Place - Suite 330, -;; Boston, MA 02111-1307, USA. +;; Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +;; Boston, MA 02110-1301, USA. ;;; Code: @@ -30,7 +32,7 @@ (require 'pgg)) (defgroup pgg-gpg () - "GnuPG interface" + "GnuPG interface." :group 'pgg) (defcustom pgg-gpg-program "gpg" @@ -85,7 +87,9 @@ (buffer-disable-undo) (erase-buffer) (if (file-exists-p output-file-name) - (let ((coding-system-for-read 'raw-text-dos)) + (let ((coding-system-for-read (if pgg-text-mode + 'raw-text + 'binary))) (insert-file-contents output-file-name))) (set-buffer errors-buffer) (if (not (equal exit-status 0)) @@ -95,19 +99,20 @@ (delete-file output-file-name)) (set-default-file-modes orig-mode)))) -(defun pgg-gpg-possibly-cache-passphrase (passphrase &optional key) +(defun pgg-gpg-possibly-cache-passphrase (passphrase &optional key notruncate) (if (and pgg-cache-passphrase (progn (goto-char (point-min)) - (re-search-forward "^\\[GNUPG:] GOOD_PASSPHRASE\\>" nil t))) - (pgg-add-passphrase-cache + (re-search-forward "^\\[GNUPG:] \\(GOOD_PASSPHRASE\\>\\)\\|\\(SIG_CREATED\\)" nil t))) + (pgg-add-passphrase-to-cache (or key (progn (goto-char (point-min)) (if (re-search-forward - "^\\[GNUPG:] NEED_PASSPHRASE \\w+ ?\\w*" nil t) + "^\\[GNUPG:] NEED_PASSPHRASE\\(_PIN\\)? \\w+ ?\\w*" nil t) (substring (match-string 0) -8)))) - passphrase))) + passphrase + notruncate))) (defvar pgg-gpg-all-secret-keys 'unknown) @@ -138,18 +143,52 @@ nil t) (substring (match-string 2) 8))))) -(defun pgg-gpg-encrypt-region (start end recipients &optional sign) +(defun pgg-gpg-lookup-key-owner (string &optional all) + "Search keys associated with STRING and return owner of identified key. + +The value may be just the bare key id, or it may be a combination of the +user name associated with the key and the key id, with the key id enclosed +in \"<...>\" angle brackets. + +Optional ALL non-nil means search all keys, including secret keys." + (let ((args (list "--with-colons" "--no-greeting" "--batch" + (if all "--list-secret-keys" "--list-keys") + string)) + (key-regexp (concat "^\\(sec\\|pub\\)" + ":[^:]*:[^:]*:[^:]*:\\([^:]*\\):[^:]*" + ":[^:]*:[^:]*:[^:]*:\\([^:]*\\):"))) + (with-temp-buffer + (apply #'call-process pgg-gpg-program nil t nil args) + (goto-char (point-min)) + (if (re-search-forward key-regexp + nil t) + (match-string 3))))) + +(defun pgg-gpg-key-id-from-key-owner (key-owner) + (cond ((not key-owner) nil) + ;; Extract bare key id from outermost paired angle brackets, if any: + ((string-match "[^<]*<\\(.+\\)>[^>]*" key-owner) + (substring key-owner (match-beginning 1)(match-end 1))) + (key-owner))) + +(defun pgg-gpg-encrypt-region (start end recipients &optional sign passphrase) "Encrypt the current region between START and END. -If optional argument SIGN is non-nil, do a combined sign and encrypt." + +If optional argument SIGN is non-nil, do a combined sign and encrypt. + +If optional PASSPHRASE is not specified, it will be obtained from the +passphrase cache or user." (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id)) - (passphrase - (when sign - (pgg-read-passphrase - (format "GnuPG passphrase for %s: " pgg-gpg-user-id) - pgg-gpg-user-id))) + (passphrase (or passphrase + (when sign + (pgg-read-passphrase + (format "GnuPG passphrase for %s: " + pgg-gpg-user-id) + pgg-gpg-user-id)))) (args (append (list "--batch" "--armor" "--always-trust" "--encrypt") + (if pgg-text-mode (list "--textmode")) (if sign (list "--sign" "--local-user" pgg-gpg-user-id)) (if recipients (apply #'nconc @@ -158,8 +197,7 @@ If optional argument SIGN is non-nil, do a combined sign and encrypt." (append recipients (if pgg-encrypt-for-me (list pgg-gpg-user-id))))))))) - (pgg-as-lbt start end 'CRLF - (pgg-gpg-process-region start end passphrase pgg-gpg-program args)) + (pgg-gpg-process-region start end passphrase pgg-gpg-program args) (when sign (with-current-buffer pgg-errors-buffer ;; Possibly cache passphrase under, e.g. "jas", for future sign. @@ -168,19 +206,46 @@ If optional argument SIGN is non-nil, do a combined sign and encrypt." (pgg-gpg-possibly-cache-passphrase passphrase))) (pgg-process-when-success))) -(defun pgg-gpg-decrypt-region (start end) - "Decrypt the current region between START and END." +(defun pgg-gpg-encrypt-symmetric-region (start end &optional passphrase) + "Encrypt the current region between START and END with symmetric cipher. + +If optional PASSPHRASE is not specified, it will be obtained from the +passphrase cache or user." + (let* ((passphrase (or passphrase + (pgg-read-passphrase + "GnuPG passphrase for symmetric encryption: "))) + (args + (append (list "--batch" "--armor" "--symmetric" ) + (if pgg-text-mode (list "--textmode"))))) + (pgg-gpg-process-region start end passphrase pgg-gpg-program args) + (pgg-process-when-success))) + +(defun pgg-gpg-decrypt-region (start end &optional passphrase) + "Decrypt the current region between START and END. + +If optional PASSPHRASE is not specified, it will be obtained from the +passphrase cache or user." (let* ((current-buffer (current-buffer)) (message-keys (with-temp-buffer (insert-buffer-substring current-buffer) (pgg-decode-armor-region (point-min) (point-max)))) (secret-keys (pgg-gpg-lookup-all-secret-keys)) + ;; XXX the user is stuck if they need to use the passphrase for + ;; any but the first secret key for which the message is + ;; encrypted. ideally, we would incrementally give them a + ;; chance with subsequent keys each time they fail with one. (key (pgg-gpg-select-matching-key message-keys secret-keys)) - (pgg-gpg-user-id (or key pgg-gpg-user-id pgg-default-user-id)) - (passphrase - (pgg-read-passphrase - (format "GnuPG passphrase for %s: " pgg-gpg-user-id) - pgg-gpg-user-id)) + (key-owner (and key (pgg-gpg-lookup-key-owner key t))) + (key-id (pgg-gpg-key-id-from-key-owner key-owner)) + (pgg-gpg-user-id (or key-id key + pgg-gpg-user-id pgg-default-user-id)) + (passphrase (or passphrase + (pgg-read-passphrase + (format (if (pgg-gpg-symmetric-key-p message-keys) + "Passphrase for symmetric decryption: " + "GnuPG passphrase for %s: ") + (or key-owner "??")) + pgg-gpg-user-id))) (args '("--batch" "--decrypt"))) (pgg-gpg-process-region start end passphrase pgg-gpg-program args) (with-current-buffer pgg-errors-buffer @@ -188,29 +253,39 @@ If optional argument SIGN is non-nil, do a combined sign and encrypt." (goto-char (point-min)) (re-search-forward "^\\[GNUPG:] DECRYPTION_OKAY\\>" nil t)))) +;;;###autoload +(defun pgg-gpg-symmetric-key-p (message-keys) + "True if decoded armor MESSAGE-KEYS has symmetric encryption indicator." + (let (result) + (dolist (key message-keys result) + (when (and (eq (car key) 3) + (member '(symmetric-key-algorithm) key)) + (setq result key))))) + (defun pgg-gpg-select-matching-key (message-keys secret-keys) "Choose a key from MESSAGE-KEYS that matches one of the keys in SECRET-KEYS." (loop for message-key in message-keys for message-key-id = (and (equal (car message-key) 1) - (cdr (assq 'key-identifier message-key))) + (cdr (assq 'key-identifier + (cdr message-key)))) for key = (and message-key-id (pgg-lookup-key message-key-id 'encrypt)) when (and key (member key secret-keys)) return key)) -(defun pgg-gpg-sign-region (start end &optional cleartext) +(defun pgg-gpg-sign-region (start end &optional cleartext passphrase) "Make detached signature from text between START and END." (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id)) - (passphrase - (pgg-read-passphrase - (format "GnuPG passphrase for %s: " pgg-gpg-user-id) - pgg-gpg-user-id)) + (passphrase (or passphrase + (pgg-read-passphrase + (format "GnuPG passphrase for %s: " pgg-gpg-user-id) + pgg-gpg-user-id))) (args - (list (if cleartext "--clearsign" "--detach-sign") - "--armor" "--batch" "--verbose" - "--local-user" pgg-gpg-user-id)) + (append (list (if cleartext "--clearsign" "--detach-sign") + "--armor" "--batch" "--verbose" + "--local-user" pgg-gpg-user-id) + (if pgg-text-mode (list "--textmode")))) (inhibit-read-only t) buffer-read-only) - (pgg-as-lbt start end 'CRLF - (pgg-gpg-process-region start end passphrase pgg-gpg-program args)) + (pgg-gpg-process-region start end passphrase pgg-gpg-program args) (with-current-buffer pgg-errors-buffer ;; Possibly cache passphrase under, e.g. "jas", for future sign. (pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id) @@ -252,7 +327,7 @@ If optional argument SIGN is non-nil, do a combined sign and encrypt." (when (re-search-forward "^\\[GNUPG:] IMPORT_RES\\>" nil t) (setq status (buffer-substring (match-end 0) (progn (end-of-line)(point))) - status (vconcat (mapcar #'string-to-int (split-string status)))) + status (vconcat (mapcar #'string-to-number (split-string status)))) (erase-buffer) (insert (format "Imported %d key(s). \tArmor contains %d key(s) [%d bad, %d old].\n" @@ -270,4 +345,5 @@ If optional argument SIGN is non-nil, do a combined sign and encrypt." (provide 'pgg-gpg) +;;; arch-tag: 2aa5d5d8-93a0-4865-9312-33e29830e000 ;;; pgg-gpg.el ends here