Changes between Version 6 and Version 7 of AnnouncerPlugin/MessageEncryption
- Timestamp:
- Mar 11, 2010, 9:27:02 PM (14 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
AnnouncerPlugin/MessageEncryption
v6 v7 5 5 === Where === 6 6 Where to kick in and mangle the message body is of course an essential decision. 7 Reading the current code from trunk I found this in ./announcerplugin_trunk/announcer/distributors/mail.py 7 My initial assumption that I could add cryptographically functions right before inserting recipient addresses to the message was wrong. 8 9 Now I add the following into code of ./announcerplugin_trunk/announcer/distributors/mail.py from trunk of AnnouncerPlugin: 8 10 {{{ 9 parentMessage.attach(msgText) 10 decorators = self._get_decorators() 11 if len(decorators) > 0: 12 decorator = decorators.pop() 13 decorator.decorate_message(event, rootMessage, decorators) 14 --> 15 recip_adds = [x[2] for x in recipients if x] 16 # Append any to, cc or bccs added to the recipient list 17 for field in ('To', 'Cc', 'Bcc'): 11 return msgid 18 12 13 def _do_send(self, transport, event, format, recipients, formatter): 14 output = formatter.format(transport, event.realm, format, event) 15 + 16 + email_encrypt = True 17 + if email_encrypt: 18 + output = encrypt_txt(output) 19 + self.log.debug("EmailDistributor successfully encrypted msg.") 20 + 21 alternate_style = formatter.alternative_style_for( 22 transport, 23 event.realm, 19 24 }}} 20 --> Here I'll add some code to make encryption just work (1st step). Encryption/signing key ID hard-coded, growing number of variables I'd like to see as options in [annoucer] section of trac.ini and other ugliness. This will evolve over time, i.e. code will be moved out into a separate python script file and it's function will be imported into mail.py.21 22 [FIXME: add more Q+A here to help with code design evaluation and code review]23 ?: Why not implement encryption as another IAnnouncementEmailDecorator24 A: Decorators are called without guaranteed order. Encryption needs control, that it'll be the last message body mangling action.25 ?: Why not implement encryption as another IAnnouncementFormatter26 A: Encryption is not about encoding etc.27 25 28 26 === What === … … 37 35 38 36 === How === 37 ==== The interface ==== 39 38 To make it more difficult for me to start I've found not one but several candidates for interacting with GnuPG from Python (http://wiki.python.org/moin/GnuPrivacyGuard has a listing with some more comments): 40 39 * [http://code.google.com/p/python-gnupg/ python-gnupg] … … 44 43 * download and local install without issues, 45 44 * function list_keys() ~~doesn't "just work"~~ works on a known-good gpg keyfile directory - got it 46 * beware: "gnupghome" directory will be created silently (including parents), if something is not there exactly as specified, __init__ will need to prevent creation of unwanted directories by (worst case: repeated) mis-configuration 47 * 45 * beware: "gnupghome" directory will be created silently (including parents), if something is not there exactly as specified, init function will need to prevent creation of unwanted directories by (worst case: repeated) mis-configuration 48 46 * [http://py-gnupg.sourceforge.net/ Python GnuPGInterface] 49 47 * PRO: Debian package python-gnupginterface-0.3.2-9 … … 55 53 * PRO: interface to C GPGME library, not limited to gpg by design, other backends planned, works on Windows as well as Unix/Linux, latest release v0.8.1 from 26-11-2008, Debian package python-pyme-0.8.1+clean-1 56 54 * CON: complex dependencies because built on GPGME + Python + SWIG 55 * '''TEST''' 56 * Debian package needed upgrade to python-pyme-0.8.1+clean-3+b1 to fix error on GnuPG interface setup call 57 * much more complex API compared to python-gnupg 58 * on halt for now, but still considered nice-to-have, since it would allow additional crypto-backends i.e. working with X.509 certificates etc. 57 59 * [http://pypi.python.org/pypi/OpenPGP/ OpenPGP] 58 60 * PRO: ? … … 64 66 hints, recommendations? known-good code references or popular applications? 65 67 68 ==== The code ==== 69 1. step: add some code to make encryption just work '''done'''[[BR]] 70 * expect encryption/signing key ID hard-coded, some fixed values for variables I'd like to see as options in [annoucer] section of trac.ini and other ugliness 71 2. step: code evolution over time, i.e. 72 a. put code into separate python script and import function into distributors/mail.py '''done'''[[BR]] 73 * add new reference 74 {{{ 75 from announcer.util.mail_encrypt import encrypt_txt 76 }}} 77 * add ./announcerplugin_trunk/announcer/'''util/mail_encrypt.py''' containing new cryptographic functions 78 b. consider invention of a new class, i.e. to allow for reusable code, gpg interface initialization before sign and encrypt actions would profit among others 79 c. add a minimal set of new options to [annoucer] section of trac.ini and replace formerly fixed values to gain planned control about new cryptographic functions 80 3. step: extend web_ui of AnnouncerPlugin to remote-control new options from user and/or administration settings 81 82 [FIXME: add more Q+A here to help with code design evaluation and code review] 83 ?: Why not implement encryption as another IAnnouncementEmailDecorator 84 A: Decorators are called without guaranteed order. Encryption needs control, that it'll be the last message body mangling action. 85 ?: Why not implement encryption as another IAnnouncementFormatter 86 A: Encryption is not about encoding etc. 87 66 88 === Sources (ideas and code) === 67 89 * Intro to python-gnupg at http://groups.google.de/group/comp.lang.python/browse_thread/thread/f2b97a2c11e1df63 … … 69 91 * Python e-mail test server http://docs.djangoproject.com/en/1.1/topics/email/#topics-email 70 92 * How Django, another Python based system handles e-mail-encryption with [http://code.google.com/p/django-email-extras/ django-email-extras] ([http://code.google.com/p/django-email-extras/source/browse/trunk/email_extras/ browse the code]) 93 * Python tutorial at http://www.python.org/doc/current/tutorial/index.html to help some newbie like me opening the world of Python code 71 94 some more real-world implementations of python-gnupg, hints? 72 95