| 1 | = Messages encryption = |
| 2 | I'll document the effort to add support for optionally message encryption using GnuPG. |
| 3 | |
| 4 | == Code structure == |
| 5 | === Where === |
| 6 | Where to kick in and mangle the message body is of course an essential decision. |
| 7 | Reading the current code from trunk I found this in ./announcerplugin_trunk/announcer/distributors/mail.py |
| 8 | {{{ |
| 9 | parentMessage.attach(msgText) |
| 10 | decorators = self._get_decorators() |
| 11 | if len(decorators) > 0: |
| 12 | decorator = decorators.pop() |
| 13 | decorator.decorate_message(event, rootMessage, decorators) |
| 14 | --> |
| 15 | recip_adds = [x[2] for x in recipients if x] |
| 16 | # Append any to, cc or bccs added to the recipient list |
| 17 | for field in ('To', 'Cc', 'Bcc'): |
| 18 | |
| 19 | }}} |
| 20 | --> Here I'll add some code to make encryption just work (1st step). Encryption/signing key ID hard-coded, growing number of variables I'd like to see as options in [annoucer] section of trac.ini and other ugliness. This will evolve over time. |
| 21 | |
| 22 | [FIXME: add more Q+A here to help with code design evaluation and code review] |
| 23 | ?: Why not implement encryption as another IAnnouncementEmailDecorator |
| 24 | A: Decorators are called without guaranteed order. Encryption needs control, that it'll be the last message body mangling action. |
| 25 | ?: Why not implement encryption as another IAnnouncementFormatter |
| 26 | A: Encryption is not about encoding etc. |
| 27 | |
| 28 | === What === |
| 29 | What to do. It greatly depends on decision about how much is read from configuration or qualified deduction/guessing. Less configuration is good for the Admin in charge. |
| 30 | |
| 31 | Overview of expected behavior/features: |
| 32 | * set gpg environment, preferable a dedicated place |
| 33 | * read recipient list, optionally group recipients into require_encryption_group and allow_verbatim_msg_group |
| 34 | * associate each recipient in require_encryption_group with key |
| 35 | * handle behavior on missing key |
| 36 | * embed DEBUG logging into all operations mentioned above |
| 37 | |
| 38 | sources (ideas and code) |
| 39 | * Intro to python-gnupg at http://groups.google.de/group/comp.lang.python/browse_thread/thread/f2b97a2c11e1df63 |
| 40 | * Python Wrapper for GnuPG v0.2.4 documentation: http://www.red-dove.com/python_gnupg/index.html |
| 41 | * some real-world implementations of python-gnupg (not found by now, hints?) |
| 42 | |
| 43 | -- hasienda |