Changes between Initial Version and Version 1 of AnnouncerPlugin/MessageEncryption


Ignore:
Timestamp:
Mar 5, 2010, 10:47:08 PM (14 years ago)
Author:
Steffen Hoffmann
Comment:

initial design and content

Legend:

Unmodified
Added
Removed
Modified
  • AnnouncerPlugin/MessageEncryption

    v1 v1  
     1= Messages encryption =
     2I'll document the effort to add support for optionally message encryption using GnuPG.
     3
     4== Code structure ==
     5=== Where ===
     6Where to kick in and mangle the message body is of course an essential decision.
     7Reading the current code from trunk I found this in ./announcerplugin_trunk/announcer/distributors/mail.py
     8{{{
     9        parentMessage.attach(msgText)
     10        decorators = self._get_decorators()
     11        if len(decorators) > 0:
     12            decorator = decorators.pop()
     13            decorator.decorate_message(event, rootMessage, decorators)
     14-->
     15        recip_adds = [x[2] for x in recipients if x]
     16        # Append any to, cc or bccs added to the recipient list
     17        for field in ('To', 'Cc', 'Bcc'):
     18 
     19}}}
     20--> Here I'll add some code to make encryption just work (1st step). Encryption/signing key ID hard-coded, growing number of variables I'd like to see as options in [annoucer] section of trac.ini and other ugliness. This will evolve over time.
     21
     22[FIXME: add more Q+A here to help with code design evaluation and code review] 
     23 ?: Why not implement encryption as another IAnnouncementEmailDecorator
     24  A: Decorators are called without guaranteed order. Encryption needs control, that it'll be the last message body mangling action.
     25 ?: Why not implement encryption as another IAnnouncementFormatter
     26  A: Encryption is not about encoding etc.
     27
     28=== What ===
     29What to do. It greatly depends on decision about how much is read from configuration or qualified deduction/guessing. Less configuration is good for the Admin in charge.
     30
     31Overview of expected behavior/features:
     32 * set gpg environment, preferable a dedicated place
     33 * read recipient list, optionally group recipients into require_encryption_group and allow_verbatim_msg_group
     34 * associate each recipient in require_encryption_group with key
     35 * handle behavior on missing key
     36 * embed DEBUG logging into all operations mentioned above
     37
     38sources (ideas and code)
     39 * Intro to python-gnupg at http://groups.google.de/group/comp.lang.python/browse_thread/thread/f2b97a2c11e1df63
     40 * Python Wrapper for GnuPG v0.2.4 documentation: http://www.red-dove.com/python_gnupg/index.html
     41 * some real-world implementations of python-gnupg (not found by now, hints?)
     42
     43-- hasienda