CryptoPlugin Development Sketch Board
important considerations and random traces
This page documents the effort to establish and maintain cryptographic foundation classes for Trac. Historically the code has evolved from development of encryption for AnnouncerPlugin email messages using GnuPG, but other Trac plugins could use it in the future as well.
See other pages for additional development aspects:
Cryptography could help to push Trac towards what I proposed as TrustedTrac.
Imagine, you're using Trac in a corporate environment, typically allowing external access to Trac, repositories etc. only after authorization or not at all. Still, you may wish to keep business partners, support customers, etc. informed about certain or all developments, and that involves sending potentially sensitive (security, privacy ...) information outside the tightly controlled corporate network. Co-workers in a home office setup may create a similar demand.
Use tickets, wiki and it's notification without concerns on authenticity and discretion:
- Signing content will help recipients to be sure, that they got unaltered content and got it really from the announced author.
- Encrypting content will help to circumvent certain limitations of other Trac plugins, that try to restrict access to sensitive content.
It'll be superior, because the implementation strategy backed by state-of-the-art cryptography is "inherently secure by design", witch non of the other currently available solutions can provide.
Here is a description of what shall be done. Experts and GPG/PGP users may wish to skip that section and go to the proposal for Trac-specific use right away.
FIXME: I'll write here and cite sources for more detailed explanation of OpenPGP standard and cryptography in communication in general.
Development diary and notes
Hints, recommendations? Known-good code references or popular applications? Put your comments in here, please.
Available interfaces with GnuPG
To make it more difficult for me to start I've found not one but several candidates for interacting with GnuPG from Python (http://wiki.python.org/moin/GnuPrivacyGuard has a listing with some more comments):
- PRO: no additional dependencies but pure Python, works on Windows as well as Unix/Linux, most complete set of gpg actions including key generation and management, active development - python 3 support since July 2009, latest release v0.2.9 from 29-03-2012
- CON: no Debian package?
- download and local install without issues,
- function list_keys()
doesn't "just work"works on a known-good gpg keyfile directory - got it
- beware: "gnupghome" directory will be created silently (including parents), if something is not there exactly as specified, init function will need to prevent creation of unwanted directories by (worst case: repeated) mis-configuration
- Python GnuPGInterface
- PRO: Debian package python-gnupginterface-0.3.2-9.1
- CON: concentrates on interacting with GnuPG via filehandles, based on Perl module GnuPG::Interface by same author, rumors about being "not very easy to use", doesn't work on Windows (open feature request since 2007, even has predecessor from 2002 that was plainly rejected), quite old - latest release v0.3.2 from 24-02-2002, even looks unmaintained since 2008
- PRO: Debian package python-gpgme-0.1+bzr20090820-1+b1, interface to gpgme without SWIG
- CON: ?
- PRO: interface to C GPGME library, not limited to gpg by design, other backends planned, works on Windows as well as Unix/Linux, latest release v0.8.1 from 26-11-2008, Debian package python-pyme-0.8.1+clean-1
- CON: complex dependencies because built on GPGME + Python + SWIG
- Debian package needed upgrade to python-pyme-0.8.1+clean-4 to fix error on GnuPG interface setup call
- much more complex API compared to python-gnupg
- on halt for now, but still considered nice-to-have, since it would allow additional crypto-backends i.e. working with X.509 certificates etc.
- PRO: ?
- CON: no Debian package, no information on Windows support, quite old - latest release v0.2.3 from 01-07-2005, even looks unmaintained (project homepage
http://www.aonalu.net/openpgpceased to exist)
- PRO: interface to a range of plug-in encryption modules, not only but including gnupg, language bindings for C / C++, C# / .NET, Delphi, Java, Python, and Visual Basic, re-entrant and completely thread-safe, most core algorithms implemented in assembly language, support crypto hardware acceleration facilities like in Via C3 CPU family, extensive documentation designed for cut-n-paste directly from manual
- CON: no Debian package - probably in part due to licensing issue
- PRO: ?
- CON: looks incredibly complex at first glance
- ezPyCrypto, a simpler API on top of PyCrypto
The choice: python-gnupg
python-gnupg was tested, PyMe a little too. It became clear, that python-gnupg just worked without much hassle. Anything else had more dependencies and was more complicated i.e. by introducing GPGME. This applies to PyMe as well as PyGPGME. GnuPGInterface, OpenPGP, cryptlib where skipped right after the initial interface research.
[FIXME: add more Q+A here to help with code design evaluation and code review]
?: Does python-gnupg support GnuPG v2?
A: AFAIK yes, both versions support same CLI syntax. I'll test with both versions in the future to maintain compatibility. There might be even a bonus from using GnuPG v2, since it is announced to be PGP/MIME aware. However this subject to exploration in the implementation process.
Development traces (history)
This is kept for reference and personal attitude to preserve historical notes. See the initial development, that has been done since March 2010 inside TracAnnouncer (AnnouncerPlugin).
Resources (for ideas and code)
- GNU Privacy Guard Manual at http://www.gnupg.org/documentation/manuals/gnupg/
- Why sign&encrypt is not very secure by default see http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html (discussion about vulnerability againgst "surreptitious forwarding")
- Intro to python-gnupg at http://groups.google.de/group/comp.lang.python/browse_thread/thread/f2b97a2c11e1df63
- Python Wrapper for GnuPG v0.2.4 documentation: http://www.red-dove.com/python_gnupg/index.html
- How Django, another Python based system handles e-mail-encryption with django-email-extras (browse the code)
- Python tutorial at http://www.python.org/doc/current/tutorial/index.html to help some newbie like me opening the world of Python code
some more real-world implementations of python-gnupg, hints?