wiki:AnnouncerPlugin/MessageEncryption

Version 6 (modified by hasienda, 5 years ago) (diff)

made test information more readable

Messages encryption

I'll document the effort to add support for optionally message encryption using GnuPG. See #6773 for the corresponding ticket asking for this enhancement.

Code structure

Where

Where to kick in and mangle the message body is of course an essential decision. Reading the current code from trunk I found this in ./announcerplugin_trunk/announcer/distributors/mail.py

        parentMessage.attach(msgText)
        decorators = self._get_decorators()
        if len(decorators) > 0:
            decorator = decorators.pop()
            decorator.decorate_message(event, rootMessage, decorators)
-->
        recip_adds = [x[2] for x in recipients if x]
        # Append any to, cc or bccs added to the recipient list
        for field in ('To', 'Cc', 'Bcc'):
 

--> Here I'll add some code to make encryption just work (1st step). Encryption/signing key ID hard-coded, growing number of variables I'd like to see as options in [annoucer] section of trac.ini and other ugliness. This will evolve over time, i.e. code will be moved out into a separate python script file and it's function will be imported into mail.py.

[FIXME: add more Q+A here to help with code design evaluation and code review]

?: Why not implement encryption as another IAnnouncementEmailDecorator

A: Decorators are called without guaranteed order. Encryption needs control, that it'll be the last message body mangling action.

?: Why not implement encryption as another IAnnouncementFormatter

A: Encryption is not about encoding etc.

What

What to do. It greatly depends on decision about how much is read from configuration or qualified deduction/guessing. Less configuration is good for the Admin in charge.

Overview of expected behavior/features:

  • set gpg environment, preferable a dedicated place
  • read recipient list, optionally group recipients into require_encryption_group and allow_verbatim_msg_group
  • associate each recipient in require_encryption_group with key
  • handle behavior on missing key
  • embed DEBUG logging into all operations mentioned above

How

To make it more difficult for me to start I've found not one but several candidates for interacting with GnuPG from Python (http://wiki.python.org/moin/GnuPrivacyGuard has a listing with some more comments):

  • python-gnupg
    • PRO: no additional dependencies but pure Python, works on Windows as well as Unix/Linux, most complete set of gpg actions including key generation and management, active development - python 3 support since July 2009, latest release v0.2.4 from 01-03-2010
    • CON: no Debian package?
    • TEST:
      • download and local install without issues,
      • function list_keys() doesn't "just work" works on a known-good gpg keyfile directory - got it
      • beware: "gnupghome" directory will be created silently (including parents), if something is not there exactly as specified, init will need to prevent creation of unwanted directories by (worst case: repeated) mis-configuration
  • Python GnuPGInterface
    • PRO: Debian package python-gnupginterface-0.3.2-9
    • CON: concentrates on interacting with GnuPG via filehandles, based on Perl module GnuPG::Interface by same author, rumors about being "not very easy to use", doesn't work on Windows (open feature request since 2007, even has predecessor from 2002 that was plainly rejected), quite old - latest release v0.3.2 from 24-02-2002, even looks unmaintained since 2008
  • PyGPGME
    • PRO: Debian package python-gpgme-0.1+bzr20090820-1+b1
    • CON: ?
  • PyMe
    • PRO: interface to C GPGME library, not limited to gpg by design, other backends planned, works on Windows as well as Unix/Linux, latest release v0.8.1 from 26-11-2008, Debian package python-pyme-0.8.1+clean-1
    • CON: complex dependencies because built on GPGME + Python + SWIG
  • OpenPGP
    • PRO: ?
    • CON: no Debian package?, no information on Windows support, quite old - latest release v0.2.3 from 01-07-2005, even looks unmaintained (project homepage currently unreachable)
  • cryptlib
    • PRO: interface to a range of plug-in encryption modules, not only but including gnupg, language bindings for C / C++, C# / .NET, Delphi, Java, Python, and Visual Basic, re-entrant and completely thread-safe, most core algorithms implemented in assembly language, support crypto hardware acceleration facilities like in Via C3 CPU family, extensive documentation designed for cut-n-paste directly from manual
    • CON: no Debian package?

conclusion: test python-gnupg, PyMe, PyGPGME, skip GnuPGInterface, OpenPGP, cryptlib (for now)
hints, recommendations? known-good code references or popular applications?

Sources (ideas and code)

some more real-world implementations of python-gnupg, hints?

-- hasienda

Attachments (1)

Download all attachments as: .zip