Changes between Version 6 and Version 7 of AnnouncerPlugin/MessageEncryption


Ignore:
Timestamp:
Mar 11, 2010, 9:27:02 PM (14 years ago)
Author:
Steffen Hoffmann
Comment:

updated information according to latest development, some changes to page structure

Legend:

Unmodified
Added
Removed
Modified
  • AnnouncerPlugin/MessageEncryption

    v6 v7  
    55=== Where ===
    66Where to kick in and mangle the message body is of course an essential decision.
    7 Reading the current code from trunk I found this in ./announcerplugin_trunk/announcer/distributors/mail.py
     7My initial assumption that I could add cryptographically functions right before inserting recipient addresses to the message was wrong.
     8 
     9Now I add the following into code of ./announcerplugin_trunk/announcer/distributors/mail.py from trunk of AnnouncerPlugin:
    810{{{
    9         parentMessage.attach(msgText)
    10         decorators = self._get_decorators()
    11         if len(decorators) > 0:
    12             decorator = decorators.pop()
    13             decorator.decorate_message(event, rootMessage, decorators)
    14 -->
    15         recip_adds = [x[2] for x in recipients if x]
    16         # Append any to, cc or bccs added to the recipient list
    17         for field in ('To', 'Cc', 'Bcc'):
     11         return msgid
    1812 
     13     def _do_send(self, transport, event, format, recipients, formatter):
     14         output = formatter.format(transport, event.realm, format, event)
     15+
     16+        email_encrypt = True
     17+        if email_encrypt:
     18+            output = encrypt_txt(output)
     19+            self.log.debug("EmailDistributor successfully encrypted msg.")
     20+
     21         alternate_style = formatter.alternative_style_for(
     22             transport,
     23             event.realm,
    1924}}}
    20 --> Here I'll add some code to make encryption just work (1st step). Encryption/signing key ID hard-coded, growing number of variables I'd like to see as options in [annoucer] section of trac.ini and other ugliness. This will evolve over time, i.e. code will be moved out into a separate python script file and it's function will be imported into mail.py.
    21 
    22 [FIXME: add more Q+A here to help with code design evaluation and code review] 
    23  ?: Why not implement encryption as another IAnnouncementEmailDecorator
    24   A: Decorators are called without guaranteed order. Encryption needs control, that it'll be the last message body mangling action.
    25  ?: Why not implement encryption as another IAnnouncementFormatter
    26   A: Encryption is not about encoding etc.
    2725
    2826=== What ===
     
    3735
    3836=== How ===
     37==== The interface ====
    3938To make it more difficult for me to start I've found not one but several candidates for interacting with GnuPG from Python (http://wiki.python.org/moin/GnuPrivacyGuard has a listing with some more comments):
    4039 * [http://code.google.com/p/python-gnupg/ python-gnupg]
     
    4443   * download and local install without issues,
    4544   * function list_keys() ~~doesn't "just work"~~ works on a known-good gpg keyfile directory - got it
    46    * beware: "gnupghome" directory will be created silently (including parents), if something is not there exactly as specified, __init__ will need to prevent creation of unwanted directories by (worst case: repeated) mis-configuration
    47    *
     45   * beware: "gnupghome" directory will be created silently (including parents), if something is not there exactly as specified, init function will need to prevent creation of unwanted directories by (worst case: repeated) mis-configuration
    4846 * [http://py-gnupg.sourceforge.net/ Python GnuPGInterface]
    4947  * PRO: Debian package python-gnupginterface-0.3.2-9
     
    5553  * PRO: interface to C GPGME library, not limited to gpg by design, other backends planned, works on Windows as well as Unix/Linux, latest release v0.8.1 from 26-11-2008, Debian package python-pyme-0.8.1+clean-1
    5654  * CON: complex dependencies because built on GPGME + Python + SWIG
     55  * '''TEST'''
     56   * Debian package needed upgrade to python-pyme-0.8.1+clean-3+b1 to fix error on GnuPG interface setup call
     57   * much more complex API compared to python-gnupg
     58   * on halt for now, but still considered nice-to-have, since it would allow additional crypto-backends i.e. working with X.509 certificates etc.
    5759 * [http://pypi.python.org/pypi/OpenPGP/ OpenPGP]
    5860  * PRO: ?
     
    6466hints, recommendations? known-good code references or popular applications?
    6567
     68==== The code ====
     69 1. step: add some code to make encryption just work '''done'''[[BR]]
     70  * expect encryption/signing key ID hard-coded, some fixed values for variables I'd like to see as options in [annoucer] section of trac.ini and other ugliness
     71 2. step: code evolution over time, i.e.
     72  a. put code into separate python script and import function into distributors/mail.py '''done'''[[BR]]
     73   * add new reference
     74{{{
     75from announcer.util.mail_encrypt import encrypt_txt
     76}}}
     77   * add ./announcerplugin_trunk/announcer/'''util/mail_encrypt.py''' containing new cryptographic functions
     78  b. consider invention of a new class, i.e. to allow for reusable code, gpg interface initialization before sign and encrypt actions would profit among others
     79  c. add a minimal set of new options to [annoucer] section of trac.ini and replace formerly fixed values to gain planned control about new cryptographic functions
     80 3. step: extend web_ui of AnnouncerPlugin to remote-control new options from user and/or administration settings
     81
     82[FIXME: add more Q+A here to help with code design evaluation and code review] 
     83 ?: Why not implement encryption as another IAnnouncementEmailDecorator
     84  A: Decorators are called without guaranteed order. Encryption needs control, that it'll be the last message body mangling action.
     85 ?: Why not implement encryption as another IAnnouncementFormatter
     86  A: Encryption is not about encoding etc.
     87
    6688=== Sources (ideas and code) ===
    6789 * Intro to python-gnupg at http://groups.google.de/group/comp.lang.python/browse_thread/thread/f2b97a2c11e1df63
     
    6991 * Python e-mail test server http://docs.djangoproject.com/en/1.1/topics/email/#topics-email
    7092 * How Django, another Python based system handles e-mail-encryption with [http://code.google.com/p/django-email-extras/ django-email-extras] ([http://code.google.com/p/django-email-extras/source/browse/trunk/email_extras/ browse the code])
     93 * Python tutorial at http://www.python.org/doc/current/tutorial/index.html to help some newbie like me opening the world of Python code
    7194some more real-world implementations of python-gnupg, hints?
    7295