Andrew Engelbrecht [Thu, 21 Jan 2016 21:03:27 +0000 (16:03 -0500)]
improve edward output
now edward puts all the verifications of message correctness before any
quoted message. this has the benefit of making these messages more
prominent.
Andrew Engelbrecht [Thu, 21 Jan 2016 20:59:09 +0000 (15:59 -0500)]
remove extra space from japanese translation
Andrew Engelbrecht [Thu, 21 Jan 2016 20:29:39 +0000 (15:29 -0500)]
verify signatures even if key is new to edward
previously when users sent edward their gpg key and signed that message
with that key, users would not receive a message noting signature
verification success.
this commit processes emails twice so that keys are imported the first
time and signatures are verified the second time around. it is not the
most elegant method, but it works and lengthens run time very little.
for now debug output mentions imported keys twice but debug output is
not visible to users.
Andrew Engelbrecht [Thu, 21 Jan 2016 15:11:27 +0000 (10:11 -0500)]
performance improvement for large emails
very large emails around 4 MB were slowing down edward because it was
using a complex regex. parsing a 4 MB was taking 4 days.
this fix removes group matching, causing 4 MB files to be parsed in a
matter of seconds.
Andrew Engelbrecht [Wed, 20 Jan 2016 22:55:37 +0000 (17:55 -0500)]
reply to 'Reply-To:' address if specified
otherwise reply to 'From:' address
Andrew Engelbrecht [Wed, 20 Jan 2016 21:55:16 +0000 (16:55 -0500)]
only parse header when accessing header fields
this is a simple performance improvement.
Andrew Engelbrecht [Wed, 20 Jan 2016 19:32:14 +0000 (14:32 -0500)]
fixed bug occuring when key cannot be not fetched
Andrew Engelbrecht [Thu, 10 Dec 2015 23:08:37 +0000 (18:08 -0500)]
raise error instead of sending email to no one
... when the processed email contains no from address
Andrew Engelbrecht [Thu, 10 Dec 2015 22:47:53 +0000 (17:47 -0500)]
added test case
it tests the encrypted and signed container of a message and public key.
Andrew Engelbrecht [Thu, 10 Dec 2015 22:44:54 +0000 (17:44 -0500)]
don't quote attachments
this patch improve output sanitization
Andrew Engelbrecht [Thu, 10 Dec 2015 21:03:49 +0000 (16:03 -0500)]
fixed some comments
Andrew Engelbrecht [Tue, 8 Dec 2015 18:22:14 +0000 (13:22 -0500)]
created test case for signed mutt-like nested mime
Andrew Engelbrecht [Mon, 7 Dec 2015 18:57:52 +0000 (13:57 -0500)]
corrected link for original edward source archive
Andrew Engelbrecht [Wed, 2 Dec 2015 19:19:22 +0000 (14:19 -0500)]
clarified configuration step needed to run edward
Andrew Engelbrecht [Tue, 1 Dec 2015 23:15:24 +0000 (18:15 -0500)]
removed unused language file: lang/an.py
Andrew Engelbrecht [Tue, 1 Dec 2015 22:54:57 +0000 (17:54 -0500)]
whitespace formatting for edward-wrapper output
insert a newline at the end of the output of the time command
Andrew Engelbrecht [Tue, 1 Dec 2015 22:43:29 +0000 (17:43 -0500)]
added function docs, removed unused parameter
(the send_reply function)
Andrew Engelbrecht [Tue, 1 Dec 2015 22:01:34 +0000 (17:01 -0500)]
proper email sending methodology
i am now using the smtp facilities of python rather than calling
sendmail.
this resolves a bug induced by any human name in a from address
beginning with a '-' (dash). this confused sendmail, as it interpreted
the dash as an unknown command line option.
Andrew Engelbrecht [Mon, 30 Nov 2015 21:45:37 +0000 (16:45 -0500)]
convert isolated <CR> or <LF> -> <CR><LF>
this is for the sake of proper signature verification.
sometimes mail servers strip <CR><LF>s from the ends of lines. however
these characters are required by RFC 3156 for proper signature
verification.
Andrew Engelbrecht [Wed, 4 Nov 2015 21:48:02 +0000 (16:48 -0500)]
remove colon from procmailrc regex
this fixes an issue related to some messages from the mailer daemon
being treated as normal messages.
Andrew Engelbrecht [Thu, 8 Oct 2015 20:55:05 +0000 (16:55 -0400)]
updated function documentation
Andrew Engelbrecht [Thu, 8 Oct 2015 20:23:23 +0000 (16:23 -0400)]
added instructions to README file
users need to configure some variables during setup.
Andrew Engelbrecht [Thu, 8 Oct 2015 20:20:29 +0000 (16:20 -0400)]
added README file
Andrew Engelbrecht [Thu, 8 Oct 2015 20:19:45 +0000 (16:19 -0400)]
added procmailrc.example and edward-wrapper
this is useful for creating an automated setup with a .procmailrc file
in one's home directory.
Andrew Engelbrecht [Thu, 8 Oct 2015 20:04:38 +0000 (16:04 -0400)]
added translation template
Andrew Engelbrecht [Thu, 8 Oct 2015 20:01:41 +0000 (16:01 -0400)]
updated license info
corrected a link
Andrew Engelbrecht [Thu, 8 Oct 2015 00:10:23 +0000 (20:10 -0400)]
verify sigs. in emails with nested multipart mime
sometimes a multipart mime message is part of another multipart mime
message which contains a signature of one of its subparts.
Andrew Engelbrecht [Tue, 22 Sep 2015 12:42:44 +0000 (08:42 -0400)]
extend testing of pubkey encryption capability
test whether it is expired, invalid, disabled, etc.
Andrew Engelbrecht [Tue, 22 Sep 2015 12:17:27 +0000 (08:17 -0400)]
check keys for revocation status
don't use them as encryption targets if they are revoked.
Andrew Engelbrecht [Fri, 28 Aug 2015 19:52:05 +0000 (15:52 -0400)]
updated link to previous version of edward
Andrew Engelbrecht [Sun, 16 Aug 2015 04:43:38 +0000 (00:43 -0400)]
mild refactoring
Andrew Engelbrecht [Sun, 16 Aug 2015 04:34:53 +0000 (00:34 -0400)]
check to see if a reply encryption key can encrypt
sometimes keys are revoked or expire. if so, they should not be
encrypted to. edward now checks to make sure a key is good before
encrypting a reply with it. if only bad keys are available, edward
complains. however the complaint edward makes is that he does not have
the user's public key. this is because there is currently no translation
set for a more accurate message.
some other refactoring has been performed as well.
Andrew Engelbrecht [Wed, 12 Aug 2015 16:50:20 +0000 (12:50 -0400)]
search for pub keys in inline signatures
these ascii-armored signature blocks are obfuscated until they are
decoded. they may contain public keys, so edward now looks inside.
Andrew Engelbrecht [Wed, 12 Aug 2015 16:49:44 +0000 (12:49 -0400)]
some whitespace changes
Andrew Engelbrecht [Wed, 12 Aug 2015 16:48:53 +0000 (12:48 -0400)]
don't complain about lack of encryption
unless the message has no signature, pub key or encryption.
Andrew Engelbrecht [Wed, 12 Aug 2015 16:09:31 +0000 (12:09 -0400)]
split up reply strings for finer control
now edward can say hello without saying that decryption was successful.
he can also say that decryption was successful without saying he will
quote the reply.
Andrew Engelbrecht [Wed, 12 Aug 2015 15:49:37 +0000 (11:49 -0400)]
don't track the en.pyc file or any .pyc file
Andrew Engelbrecht [Wed, 12 Aug 2015 03:51:41 +0000 (23:51 -0400)]
process email using byte strings
using byte strings when feeding the email into the parser helps avoid
crashes due to non-utf-8 characters placed prior to any mime part, etc.
Andrew Engelbrecht [Tue, 11 Aug 2015 20:40:44 +0000 (16:40 -0400)]
don't complain about missing signatures
the emailselfdefence guide asks users to encrypt messages without a
signature first. it would be confusing to get a message about a missing
signature before a user knows what a signature is.
Andrew Engelbrecht [Tue, 11 Aug 2015 13:41:39 +0000 (09:41 -0400)]
handle encrypted/signed i18l msgs w/o mime headers
edward was chrashing when given encrypted or signed international input
without internal mime headers. edward now defaults to utf-8 if the
character set is not specified in a mime header.
Andrew Engelbrecht [Tue, 11 Aug 2015 13:32:40 +0000 (09:32 -0400)]
added more debug output
about the contents of the reply message
Andrew Engelbrecht [Mon, 10 Aug 2015 16:15:32 +0000 (12:15 -0400)]
renamed example config file
Andrew Engelbrecht [Mon, 10 Aug 2015 00:49:11 +0000 (20:49 -0400)]
added detached signature verification test case
Andrew Engelbrecht [Sun, 9 Aug 2015 21:41:31 +0000 (17:41 -0400)]
added spanish and italian translations
these were in the old edward install, in /home/e/edward
Andrew Engelbrecht [Sun, 9 Aug 2015 21:32:36 +0000 (17:32 -0400)]
changed message generation logic; some refactoring
now edward remains silent about not receiving a public key, unless we
are not given a key and need one for verifying a signature. some
refactoring was required.
edward now complains to the user about lack of of encryption and
signatures in received emails.
i also changed the handling of newlines in email responses.
Andrew Engelbrecht [Fri, 7 Aug 2015 17:46:35 +0000 (13:46 -0400)]
improved key loading and email response code
Andrew Engelbrecht [Wed, 5 Aug 2015 01:45:40 +0000 (21:45 -0400)]
git ignore addition
Andrew Engelbrecht [Wed, 5 Aug 2015 01:44:12 +0000 (21:44 -0400)]
rename the default configuration file
so that it does not conflict with the local modified version of the
default config file.
Andrew Engelbrecht [Tue, 4 Aug 2015 22:28:39 +0000 (18:28 -0400)]
added valid detached signature test
Andrew Engelbrecht [Tue, 4 Aug 2015 21:52:38 +0000 (17:52 -0400)]
always complain about missing signature
Andrew Engelbrecht [Tue, 4 Aug 2015 21:44:49 +0000 (17:44 -0400)]
fixed test case output
the key used to sign this text is not in the git repo's gpg key store,
so the signature cannot be verified unless it is first imported.
Andrew Engelbrecht [Tue, 4 Aug 2015 21:41:33 +0000 (17:41 -0400)]
only quote message if there is a valid signature
there still needs to be work to ensure that the encryption target key is
the same as the one that was used in the first block of encrypted and
verifiably signed text.
Andrew Engelbrecht [Tue, 4 Aug 2015 21:40:49 +0000 (17:40 -0400)]
check for other types of success
sig.summary == 0 appears to be a type of signature success.
Andrew Engelbrecht [Tue, 4 Aug 2015 20:57:10 +0000 (16:57 -0400)]
check for signature validity
knowing the fingerprint that was allegedly used to sign a message is not
sufficent for validating messages.
Andrew Engelbrecht [Tue, 4 Aug 2015 18:28:49 +0000 (14:28 -0400)]
fix test cases
the input messages have good signatures, so the reply must mention the
successful signature verification.
Andrew Engelbrecht [Tue, 4 Aug 2015 18:24:26 +0000 (14:24 -0400)]
count sig/encryption block combos as signatures
Andrew Engelbrecht [Mon, 3 Aug 2015 21:19:42 +0000 (17:19 -0400)]
remove note; pubkeys in encrypted text are useable
if a new, unimported pubkey is contained in an ecrypted and signed block
of text, then that key can be used for the reply, as desired.
Andrew Engelbrecht [Mon, 3 Aug 2015 21:16:23 +0000 (17:16 -0400)]
simplify mime creation; set payload charset
Andrew Engelbrecht [Mon, 3 Aug 2015 20:12:44 +0000 (16:12 -0400)]
added international test with plaintext reply
Andrew Engelbrecht [Mon, 3 Aug 2015 19:43:18 +0000 (15:43 -0400)]
change name of test type
to avoid name collisions between tests
Andrew Engelbrecht [Mon, 3 Aug 2015 19:42:13 +0000 (15:42 -0400)]
add a newline at the end of replies
Andrew Engelbrecht [Mon, 3 Aug 2015 19:40:06 +0000 (15:40 -0400)]
don't sign unencrypted replies
writing code that creates detached mime signatures in a way that
enigmail will accept as valid is proving to be quite difficult. (i only
got it to work for mutt.) if i find a way to make messages validate i
will add that feature back into the program.
Andrew Engelbrecht [Tue, 28 Jul 2015 23:04:22 +0000 (19:04 -0400)]
can now email replies; "-p" prints repies instead
edward now uses sendmail to send email replies to messages piped in
through stdin (one at a time). the "-p" option causes edward to print
replies to stdout instead of emailing them.
Andrew Engelbrecht [Tue, 28 Jul 2015 20:39:17 +0000 (16:39 -0400)]
choose reply from address; fix language selection
Andrew Engelbrecht [Tue, 28 Jul 2015 19:24:32 +0000 (15:24 -0400)]
variable name changes
Andrew Engelbrecht [Tue, 28 Jul 2015 18:39:49 +0000 (14:39 -0400)]
prettier code re-arrangement
Andrew Engelbrecht [Tue, 28 Jul 2015 18:38:57 +0000 (14:38 -0400)]
use enums instead of strings for message type ids
Andrew Engelbrecht [Tue, 28 Jul 2015 16:46:34 +0000 (12:46 -0400)]
clarified some code
Andrew Engelbrecht [Tue, 28 Jul 2015 16:24:36 +0000 (12:24 -0400)]
fix test case result
Andrew Engelbrecht [Mon, 27 Jul 2015 22:01:51 +0000 (18:01 -0400)]
prefer pub key as a fallback key for encryption
Andrew Engelbrecht [Mon, 27 Jul 2015 21:57:13 +0000 (17:57 -0400)]
issue mentioned in comment does not require a fix
Andrew Engelbrecht [Mon, 27 Jul 2015 21:55:16 +0000 (17:55 -0400)]
don't crash with bad gpg key imports
Andrew Engelbrecht [Mon, 27 Jul 2015 21:52:55 +0000 (17:52 -0400)]
catch semi-specific errors only.
Andrew Engelbrecht [Mon, 27 Jul 2015 21:50:55 +0000 (17:50 -0400)]
don't crash when given a corrupted detached sig
Andrew Engelbrecht [Mon, 27 Jul 2015 21:46:41 +0000 (17:46 -0400)]
use the un-decoded mime part in sig verificaion
this is closer to how the OpenPGP MIME spec says it should be done.
Andrew Engelbrecht [Mon, 27 Jul 2015 20:48:04 +0000 (16:48 -0400)]
Removed clearsigning verification
Clearsigning is difficult to verify for all encodings and is not a part
of RFC 3156. Inclusion in this program would encourage its use and lead
users into issues down the road when interacting with other people using
clients that do not support this out of spec feature.
Enigmail uses PGP/MIME by default so users should have an easy time not
creating clearsigned text in their messages unless they decide to paste
clearsigned text straight into a message.
Because the email self-defence guide guides the user through the steps
of installing and setting up enigmail, I am not concerned about leaving
out this feature.
Andrew Engelbrecht [Mon, 27 Jul 2015 20:34:07 +0000 (16:34 -0400)]
changed variable name
clarified the name of the reply email generator's "To:" email address
variable
Andrew Engelbrecht [Mon, 27 Jul 2015 16:49:28 +0000 (12:49 -0400)]
pick out encryption keys from nested signed text
if signed text is then encrypted as a separate step, use the signing key
as the target for encrypting the reply.
Andrew Engelbrecht [Fri, 24 Jul 2015 23:23:33 +0000 (19:23 -0400)]
sign reply message even if not encrypting.
Andrew Engelbrecht [Fri, 24 Jul 2015 23:06:53 +0000 (19:06 -0400)]
whitespace change
Andrew Engelbrecht [Fri, 24 Jul 2015 23:05:49 +0000 (19:05 -0400)]
more documentation
Andrew Engelbrecht [Fri, 24 Jul 2015 23:05:16 +0000 (19:05 -0400)]
removed unused function
Andrew Engelbrecht [Fri, 24 Jul 2015 21:54:17 +0000 (17:54 -0400)]
added note about a needed code fix
Andrew Engelbrecht [Fri, 24 Jul 2015 21:54:04 +0000 (17:54 -0400)]
more function documentation
Andrew Engelbrecht [Fri, 24 Jul 2015 21:25:48 +0000 (17:25 -0400)]
removed comment
it's no longer relevant
Andrew Engelbrecht [Fri, 24 Jul 2015 21:14:52 +0000 (17:14 -0400)]
fixed bug, removed stale code
piece_type is set to "signature", not "message" if it is an armored
signature.
we shouldn't include plaintext unless we don't need further nested
signatures.
Andrew Engelbrecht [Fri, 24 Jul 2015 20:49:22 +0000 (16:49 -0400)]
more functions documented
Andrew Engelbrecht [Fri, 24 Jul 2015 18:41:22 +0000 (14:41 -0400)]
don't use doxygen quite yet.
removed the Doxyfile
Andrew Engelbrecht [Thu, 23 Jul 2015 20:22:21 +0000 (16:22 -0400)]
added Doxyfile for doxygen comment parsing
Andrew Engelbrecht [Fri, 24 Jul 2015 18:36:43 +0000 (14:36 -0400)]
Added more documentation
using python doc strings
Andrew Engelbrecht [Fri, 24 Jul 2015 00:34:03 +0000 (20:34 -0400)]
only run main() if not in interactive mode
Andrew Engelbrecht [Fri, 24 Jul 2015 00:28:29 +0000 (20:28 -0400)]
change classes format
this way, attribute names are shown by python3's help() function
Andrew Engelbrecht [Fri, 24 Jul 2015 00:24:32 +0000 (20:24 -0400)]
added comments to the classes and main()
Andrew Engelbrecht [Thu, 23 Jul 2015 20:08:16 +0000 (16:08 -0400)]
fixed a comment
Andrew Engelbrecht [Thu, 23 Jul 2015 18:34:11 +0000 (14:34 -0400)]
don't use the 'an' language
it currently has no translations, so we should default to english.
Andrew Engelbrecht [Thu, 23 Jul 2015 17:56:48 +0000 (13:56 -0400)]
don't check message block for encryption status
if it was only an armored signature, then it had its piece_type field
changed and this code would not be reached in that case.
Andrew Engelbrecht [Thu, 23 Jul 2015 17:42:52 +0000 (13:42 -0400)]
modified .gitignore
Andrew Engelbrecht [Thu, 23 Jul 2015 17:42:06 +0000 (13:42 -0400)]
updated expected test results; added more tests
Andrew Engelbrecht [Thu, 23 Jul 2015 16:47:08 +0000 (12:47 -0400)]
check unencrypted message blocks for signatures
some message blocks aren't encrypted.
Andrew Engelbrecht [Thu, 23 Jul 2015 16:21:57 +0000 (12:21 -0400)]
fixed some simple bugs