= Messages encryption = I'll document the effort to add support for optionally message encryption using GnuPG. == Code structure == === Where === Where to kick in and mangle the message body is of course an essential decision. Reading the current code from trunk I found this in ./announcerplugin_trunk/announcer/distributors/mail.py {{{ parentMessage.attach(msgText) decorators = self._get_decorators() if len(decorators) > 0: decorator = decorators.pop() decorator.decorate_message(event, rootMessage, decorators) --> recip_adds = [x[2] for x in recipients if x] # Append any to, cc or bccs added to the recipient list for field in ('To', 'Cc', 'Bcc'): }}} --> Here I'll add some code to make encryption just work (1st step). Encryption/signing key ID hard-coded, growing number of variables I'd like to see as options in [annoucer] section of trac.ini and other ugliness. This will evolve over time. [FIXME: add more Q+A here to help with code design evaluation and code review] ?: Why not implement encryption as another IAnnouncementEmailDecorator A: Decorators are called without guaranteed order. Encryption needs control, that it'll be the last message body mangling action. ?: Why not implement encryption as another IAnnouncementFormatter A: Encryption is not about encoding etc. === What === What to do. It greatly depends on decision about how much is read from configuration or qualified deduction/guessing. Less configuration is good for the Admin in charge. Overview of expected behavior/features: * set gpg environment, preferable a dedicated place * read recipient list, optionally group recipients into require_encryption_group and allow_verbatim_msg_group * associate each recipient in require_encryption_group with key * handle behavior on missing key * embed DEBUG logging into all operations mentioned above sources (ideas and code) * Intro to python-gnupg at http://groups.google.de/group/comp.lang.python/browse_thread/thread/f2b97a2c11e1df63 * Python Wrapper for GnuPG v0.2.4 documentation: http://www.red-dove.com/python_gnupg/index.html * some real-world implementations of python-gnupg (not found by now, hints?) -- hasienda