1 #! /usr/bin/env python3
2 # -*- coding: utf-8 -*-
3 """*********************************************************************
4 * Edward is free software: you can redistribute it and/or modify *
5 * it under the terms of the GNU Affero Public License as published by *
6 * the Free Software Foundation, either version 3 of the License, or *
7 * (at your option) any later version. *
9 * Edward is distributed in the hope that it will be useful, *
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
12 * GNU Affero Public License for more details. *
14 * You should have received a copy of the GNU Affero Public License *
15 * along with Edward. If not, see <http://www.gnu.org/licenses/>. *
17 * Copyright (C) 2014-2015 Andrew Engelbrecht (AGPLv3+) *
18 * Copyright (C) 2014 Josh Drake (AGPLv3+) *
19 * Copyright (C) 2014 Lisa Marie Maginnis (AGPLv3+) *
20 * Copyright (C) 2009-2015 Tails developers <tails@boum.org> ( GPLv3+) *
21 * Copyright (C) 2009 W. Trevor King <wking@drexel.edu> ( GPLv2+) *
23 * Special thanks to Josh Drake for writing the original edward bot! :) *
25 ************************************************************************
27 Code sourced from these projects:
29 * http://agpl.fsf.org/emailselfdefense.fsf.org/edward/PREVIOUS-20150530/edward.tar.gz
30 * https://git-tails.immerda.ch/whisperback/tree/whisperBack/encryption.py?h=feature/python3
31 * http://www.physics.drexel.edu/~wking/code/python/send_pgp_mime
47 from email
.mime
.text
import MIMEText
48 from email
.mime
.multipart
import MIMEMultipart
49 from email
.mime
.application
import MIMEApplication
50 from email
.mime
.nonmultipart
import MIMENonMultipart
54 langs
= ["de", "el", "en", "es", "fr", "it", "ja", "pt-br", "ro", "ru", "tr"]
56 """This list contains the abbreviated names of reply languages available to
59 class TxtType (enum
.Enum
):
67 match_pairs
= [(TxtType
.message
,
68 '-----BEGIN PGP MESSAGE-----.*?-----END PGP MESSAGE-----'),
70 '-----BEGIN PGP PUBLIC KEY BLOCK-----.*?-----END PGP PUBLIC KEY BLOCK-----'),
72 '-----BEGIN PGP SIGNATURE-----.*?-----END PGP SIGNATURE-----')]
74 """This list of tuples matches query names with re.search() queries used
75 to find GPG data for edward to process."""
78 class EddyMsg (object):
80 The EddyMsg class represents relevant parts of a mime message.
82 The represented message can be single-part or multi-part.
84 'multipart' is set to True if there are multiple mime parts.
86 'subparts' points to a list of mime sub-parts if it is a multi-part
87 message. Otherwise it points to an empty list.
89 'payload_bytes' is a binary representation of the mime part before header
90 removal and message decoding.
92 'payload_pieces' is a list of objects containing strings that when strung
93 together form the fully-decoded string representation of the mime part.
95 The 'filename', 'content_type' and 'description_list' come from the mime
107 description_list
= None
110 class PayloadPiece (object):
112 PayloadPiece represents a complte or sub-section of a mime part.
114 Instances of this class are often strung together within one or more arrays
115 pointed to by each instance of the EddyMsg class.
117 'piece_type' refers to an enum whose value describes the content of
118 'string'. Examples include TxtType.pubkey, for public keys, and
119 TxtType.message, for encrypted data (or armored signatures until they are
120 known to be such.) Some of the names derive from the header and footer of
121 each of these ascii-encoded gpg blocks.
123 'string' contains some string of text, such as non-GPG text, an encrypted
124 block of text, a signature, or a public key.
126 'gpg_data' points to any instances of GPGData that have been created based
127 on the contents of 'string'.
135 class GPGData (object):
137 GPGData holds info from decryption, sig. verification, and/or pub. keys.
139 Instances of this class contain decrypted information, signature
140 fingerprints and/or fingerprints of processed and imported public keys.
142 'decrypted' is set to True if 'plainobj' was created from encrypted data.
144 'plainobj' points to any decrypted, or signed part of, a GPG signature. It
145 is intended to be an instance of the EddyMsg class.
147 'sigs' is a list of fingerprints of keys used to sign the data in plainobj.
149 'sigkey_missing' is set to True if edward doesn't have the key it needs to
150 verify the signature on a block of text.
152 'key_cannot_encrypt' is set to True if pubkeys or sigs' keys in the payload
153 piece are not capable of encryption, are revoked or expired, for instance.
155 'keys' is a list of fingerprints of keys obtained in public key blocks.
162 sigkey_missing
= False
163 key_cannot_encrypt
= False
167 class ReplyInfo (object):
169 ReplyInfo contains details that edward uses in generating its reply.
171 Instances of this class contain information about whether a message was
172 successfully encrypted or signed, and whether a public key was attached, or
173 retrievable, from the local GPG store. It stores the fingerprints of
174 potential encryption key candidates and the message (if any at all) to
175 quote in edward's reply.
177 'replies' points one of the dictionaries of translated replies.
179 'target_key' refers to the fingerprint of a key used to sign encrypted
180 data. This is the preferred key, if it is set, and if is available.
182 'fallback_target_key' referst to the fingerprint of a key used to sign
183 unencrypted data; alternatively it may be a public key attached to the
186 'encrypt_to_key' the key object to use when encrypting edward's reply
188 'msg_to_quote' refers to the part of a message which edward should quote in
189 his reply. This should remain as None if there was no encrypted and singed
190 part. This is to avoid making edward a service for decrypting other
191 people's messages to edward.
193 'decrypt_success' is set to True if edward could decrypt part of the
196 'sig_success' is set to True if edward could to some extent verify the
197 signature of a signed part of the message to edward.
199 'key_can_encrypt' is set to True if a key which can be encrypted to has
202 'sig_failure' is set to True if edward could not verify a siganture.
204 'pubkey_success' is set to True if edward successfully imported a public
207 'sigkey_missing' is set to True if edward doesn't have the public key
208 needed for signature verification.
210 'key_cannot_encrypt' is set to True if pubkeys or sig's keys in a payload
211 piece of the message are not capable of encryption.
213 'have_repy_key' is set to True if edward has a public key to encrypt its
220 fallback_target_key
= None
221 encrypt_to_key
= None
224 decrypt_success
= False
226 pubkey_success
= False
227 key_can_encrypt
= False
229 decrypt_failure
= False
231 sigkey_missing
= False
232 key_cannot_encrypt
= False
234 have_reply_key
= False
240 This is the main function for edward, a GPG reply bot.
242 Edward responds to GPG-encrypted and signed mail, encrypting and signing
243 the response if the user's public key is, or was, included in the message.
252 Mime or plaintext email passing in through standard input. Portions of
253 the email may be encrypted. If the To: address contains the text
254 "edward-ja", then the reply will contain a reply written in the
255 Japanese language. There are other languages as well. The default
259 A reply email will be printed to standard output. The contents of the
260 reply email depends on whether the original email was encrypted or not,
261 has or doesn't have a signature, whether a public key used in the
262 original message is provided or locally stored, and the language
263 implied by the To: address in the original email.
266 print_reply_only
= handle_args()
268 gpgme_ctx
= get_gpg_context(edward_config
.gnupghome
,
269 edward_config
.sign_with_key
)
271 email_bytes
= sys
.stdin
.buffer.read()
272 email_struct
= parse_pgp_mime(email_bytes
, gpgme_ctx
)
274 email_to
, email_from
, email_subject
= email_to_from_subject(email_bytes
)
275 lang
, reply_from
= import_lang_pick_address(email_to
, edward_config
.hostname
)
277 replyinfo_obj
= ReplyInfo()
278 replyinfo_obj
.replies
= lang
.replies
280 prepare_for_reply(email_struct
, replyinfo_obj
)
281 get_key_from_fp(replyinfo_obj
, gpgme_ctx
)
282 reply_plaintext
= write_reply(replyinfo_obj
)
284 reply_mime
= generate_encrypted_mime(reply_plaintext
, email_from
, \
285 email_subject
, replyinfo_obj
.encrypt_to_key
,
288 if print_reply_only
== True:
291 send_reply(reply_mime
, email_from
, reply_from
)
294 def get_gpg_context (gnupghome
, sign_with_key_fp
):
296 This function returns the GPG context needed for encryption and signing.
298 The context is needed by other functions which use GPG functionality.
301 gnupghome: The path to "~/.gnupg/" or its alternative.
302 sign_with_key: The fingerprint of the key to sign with
305 A gpgme context to be used for GPG functions.
308 the 'armor' flag is set to True and the list of signing keys contains
309 the single specified key
312 os
.environ
['GNUPGHOME'] = gnupghome
314 gpgme_ctx
= gpgme
.Context()
315 gpgme_ctx
.armor
= True
318 sign_with_key
= gpgme_ctx
.get_key(sign_with_key_fp
)
319 except gpgme
.GpgmeError
:
320 error("unable to load signing key. is the gnupghome "
321 + "and signing key properly set in the edward_config.py?")
324 gpgme_ctx
.signers
= [sign_with_key
]
329 def parse_pgp_mime (email_bytes
, gpgme_ctx
):
330 """Parses the email for mime payloads and decrypts/verfies signatures.
332 This function creates a representation of a mime or plaintext email with
333 the EddyMsg class. It then splits each mime payload into one or more pieces
334 which may be plain text or GPG data. It then decrypts encrypted parts and
335 does some very basic signature verification on those parts.
338 email_bytes: an email message in byte string format
339 gpgme_ctx: a gpgme context
342 A message as an instance of EddyMsg
345 the returned EddyMsg instance has split, decrypted, verified and pubkey
349 email_struct
= email
.parser
.BytesParser().parsebytes(email_bytes
)
351 eddymsg_obj
= parse_mime(email_struct
)
352 split_payloads(eddymsg_obj
)
353 gpg_on_payloads(eddymsg_obj
, gpgme_ctx
)
358 def parse_mime(msg_struct
):
359 """Translates python's email.parser format into an EddyMsg format
361 If the message is multi-part, then a recursive object is created, where
362 each sub-part is also a EddyMsg instance.
365 msg_struct: an email parsed with email.parser.Parser(), which can be
369 an instance of EddyMsg, potentially a recursive one.
372 eddymsg_obj
= get_subpart_data(msg_struct
)
374 if msg_struct
.is_multipart() == True:
375 payloads
= msg_struct
.get_payload()
377 eddymsg_obj
.multipart
= True
378 eddymsg_obj
.subparts
= list(map(parse_mime
, payloads
))
383 def scan_and_split (payload_piece
, match_name
, pattern
):
384 """This splits the payloads of an EddyMsg object into GPG and text parts.
386 An EddyMsg object's payload_pieces starts off as a list containing a single
387 PayloadPiece object. This function returns a list of these objects which
388 have been split into GPG data and regular text, if such splits need to be/
392 payload_piece: a single payload or a split part of a payload
393 match_name: the type of data to try to spit out from the payload piece
394 pattern: the search pattern to be used for finding that type of data
397 a list of objects of the PayloadPiece class, in the order that the
398 string part of payload_piece originally was, broken up according to
399 matches specified by 'pattern'.
402 # don't try to re-split pieces containing gpg data
403 if payload_piece
.piece_type
!= TxtType
.text
:
404 return [payload_piece
]
406 flags
= re
.DOTALL | re
.MULTILINE
407 matches
= re
.search("(?P<beginning>.*?)(?P<match>" + pattern
+
408 ")(?P<rest>.*)", payload_piece
.string
, flags
=flags
)
411 pieces
= [payload_piece
]
415 beginning
= PayloadPiece()
416 beginning
.string
= matches
.group('beginning')
417 beginning
.piece_type
= payload_piece
.piece_type
419 match
= PayloadPiece()
420 match
.string
= matches
.group('match')
421 match
.piece_type
= match_name
423 rest
= PayloadPiece()
424 rest
.string
= matches
.group('rest')
425 rest
.piece_type
= payload_piece
.piece_type
427 more_pieces
= scan_and_split(rest
, match_name
, pattern
)
428 pieces
= [beginning
, match
] + more_pieces
433 def get_subpart_data (part
):
434 """This function grabs information from a mime part.
436 It copies needed data from a email.parser.Parser() object over to an
440 part: a mime.parser.Parser() object
448 mime_decoded_bytes
= part
.get_payload(decode
=True)
449 charset
= part
.get_content_charset()
451 # your guess is as good as a-myy-ee-ine...
455 payload_string
= part
.as_string()
456 if payload_string
!= None:
457 # convert each isolated carriage return or line feed to carriage return + line feed
458 payload_string_crlf
= re
.sub(r
'\n', '\r\n', re
.sub(r
'\r', '\n', re
.sub(r
'\r\n', '\n', payload_string
)))
459 obj
.payload_bytes
= payload_string_crlf
.encode(charset
)
461 obj
.filename
= part
.get_filename()
462 obj
.content_type
= part
.get_content_type()
463 obj
.description_list
= part
['content-description']
465 if mime_decoded_bytes
!= None:
467 payload
= PayloadPiece()
468 payload
.string
= mime_decoded_bytes
.decode(charset
)
469 payload
.piece_type
= TxtType
.text
471 obj
.payload_pieces
= [payload
]
472 except UnicodeDecodeError:
478 def do_to_eddys_pieces (function_to_do
, eddymsg_obj
, data
):
479 """A function which maps another function onto a message's subparts.
481 This is a higer-order function which recursively performs a specified
482 function on each subpart of a multi-part message. Each single-part sub-part
483 has the function applied to it. This function also works if the part passed
487 function_to_do: function to perform on sub-parts
488 eddymsg_obj: a single part or multi-part EddyMsg object
489 data: a second argument to pass to 'function_to_do'
495 The passed-in EddyMsg object is transformed recursively on its
496 sub-parts according to 'function_to_do'.
499 if eddymsg_obj
.multipart
== True:
500 for sub
in eddymsg_obj
.subparts
:
501 do_to_eddys_pieces(function_to_do
, sub
, data
)
503 function_to_do(eddymsg_obj
, data
)
506 def split_payloads (eddymsg_obj
):
507 """Splits all (sub-)payloads of a message into GPG data and regular text.
509 Recursively performs payload splitting on all sub-parts of an EddyMsg
510 object into the various GPG data types, such as GPG messages, public key
511 blocks and signed text.
514 eddymsg_obj: an instance of EddyMsg
520 The EddyMsg object has payloads that are unsplit (by may be split)..
523 The EddyMsg object's payloads are all split into GPG and non-GPG parts.
526 for match_pair
in match_pairs
:
527 do_to_eddys_pieces(split_payload_pieces
, eddymsg_obj
, match_pair
)
530 def split_payload_pieces (eddymsg_obj
, match_pair
):
531 """A helper function for split_payloads(); works on PayloadPiece objects.
533 This function splits up PayloadPiece objects into multipe PayloadPiece
534 objects and replaces the EddyMsg object's previous list of payload pieces
535 with the new split up one.
538 eddymsg_obj: a single-part EddyMsg object.
539 match_pair: a tuple from the match_pairs list, which specifies a match
540 name and a match pattern.
546 The payload piece(s) of an EddyMsg object may be already split or
550 The EddyMsg object's payload piece(s) are split into a list of pieces
551 if matches of the match_pair are found.
554 (match_name
, pattern
) = match_pair
557 for piece
in eddymsg_obj
.payload_pieces
:
558 new_pieces_list
+= scan_and_split(piece
, match_name
, pattern
)
560 eddymsg_obj
.payload_pieces
= new_pieces_list
563 def gpg_on_payloads (eddymsg_obj
, gpgme_ctx
, prev_parts
=[]):
564 """Performs GPG operations on the GPG parts of the message
566 This function decrypts text, verifies signatures, and imports public keys
567 included in an email.
570 eddymsg_obj: an EddyMsg object with its payload_pieces split into GPG
571 and non-GPG sections by split_payloads()
572 gpgme_ctx: a gpgme context
574 prev_parts: a list of mime parts that occur before the eddymsg_obj
575 part, under the same multi-part mime part. This is used for
576 verifying detached signatures. For the root mime part, this should
577 be an empty list, which is the default value if this paramater is
584 eddymsg_obj should have its payloads split into gpg and non-gpg pieces.
587 Decryption, verification and key imports occur. the gpg_data members of
588 PayloadPiece objects get filled in with GPGData objects with some of
589 their attributes set.
592 if eddymsg_obj
.multipart
== True:
594 for sub
in eddymsg_obj
.subparts
:
595 gpg_on_payloads (sub
, gpgme_ctx
, prev_parts
)
600 for piece
in eddymsg_obj
.payload_pieces
:
602 if piece
.piece_type
== TxtType
.text
:
603 # don't transform the plaintext.
606 elif piece
.piece_type
== TxtType
.message
:
607 piece
.gpg_data
= GPGData()
609 (plaintext_b
, sigs
, sigkey_missing
, key_cannot_encrypt
) = decrypt_block(piece
.string
, gpgme_ctx
)
611 piece
.gpg_data
.sigkey_missing
= sigkey_missing
612 piece
.gpg_data
.key_cannot_encrypt
= key_cannot_encrypt
615 piece
.gpg_data
.decrypted
= True
616 piece
.gpg_data
.sigs
= sigs
618 piece
.gpg_data
.plainobj
= parse_pgp_mime(plaintext_b
, gpgme_ctx
)
621 # if not encrypted, check to see if this is an armored signature.
622 (plaintext_b
, sigs
, sigkey_missing
, key_cannot_encrypt
) = verify_sig_message(piece
.string
, gpgme_ctx
)
624 piece
.gpg_data
.sigkey_missing
= sigkey_missing
625 piece
.gpg_data
.key_cannot_encrypt
= key_cannot_encrypt
628 piece
.piece_type
= TxtType
.signature
629 piece
.gpg_data
.sigs
= sigs
631 piece
.gpg_data
.plainobj
= parse_pgp_mime(plaintext_b
, gpgme_ctx
)
633 elif piece
.piece_type
== TxtType
.pubkey
:
634 piece
.gpg_data
= GPGData()
636 (key_fps
, key_cannot_encrypt
) = add_gpg_key(piece
.string
, gpgme_ctx
)
638 piece
.gpg_data
.key_cannot_encrypt
= key_cannot_encrypt
641 piece
.gpg_data
.keys
= key_fps
643 elif piece
.piece_type
== TxtType
.detachedsig
:
644 piece
.gpg_data
= GPGData()
646 for prev
in prev_parts
:
647 (sig_fps
, sigkey_missing
, key_cannot_encrypt
) = verify_detached_signature(piece
.string
, prev
.payload_bytes
, gpgme_ctx
)
649 piece
.gpg_data
.sigkey_missing
= sigkey_missing
650 piece
.gpg_data
.key_cannot_encrypt
= key_cannot_encrypt
653 piece
.gpg_data
.sigs
= sig_fps
654 piece
.gpg_data
.plainobj
= prev
661 def prepare_for_reply (eddymsg_obj
, replyinfo_obj
):
662 """Updates replyinfo_obj with info on the message's GPG success/failures
664 This function marks replyinfo_obj with information about whether encrypted
665 text in eddymsg_obj was successfully decrypted, signatures were verified
666 and whether a public key was found or not.
669 eddymsg_obj: a message in the EddyMsg format
670 replyinfo_obj: an instance of ReplyInfo
676 eddymsg_obj has had its gpg_data created by gpg_on_payloads
679 replyinfo_obj has been updated with info about decryption/sig
680 verififcation status, etc. However the desired key isn't imported until
681 later, so the success or failure of that updates the values set here.
684 do_to_eddys_pieces(prepare_for_reply_pieces
, eddymsg_obj
, replyinfo_obj
)
686 def prepare_for_reply_pieces (eddymsg_obj
, replyinfo_obj
):
687 """A helper function for prepare_for_reply
689 It updates replyinfo_obj with GPG success/failure information, when
690 supplied a single-part EddyMsg object.
693 eddymsg_obj: a single-part message in the EddyMsg format
694 replyinfo_obj: an object which holds information about the message's
701 eddymsg_obj is a single-part message. (it may be a part of a multi-part
702 message.) It has had its gpg_data created by gpg_on_payloads if it has
706 replyinfo_obj has been updated with gpg success/failure information
709 for piece
in eddymsg_obj
.payload_pieces
:
710 if piece
.piece_type
== TxtType
.text
:
711 # don't quote the plaintext part.
714 elif piece
.piece_type
== TxtType
.message
:
715 prepare_for_reply_message(piece
, replyinfo_obj
)
717 elif piece
.piece_type
== TxtType
.pubkey
:
718 prepare_for_reply_pubkey(piece
, replyinfo_obj
)
720 elif (piece
.piece_type
== TxtType
.detachedsig
) \
721 or (piece
.piece_type
== TxtType
.signature
):
722 prepare_for_reply_sig(piece
, replyinfo_obj
)
725 def prepare_for_reply_message (piece
, replyinfo_obj
):
726 """Helper function for prepare_for_reply()
728 This function is called when the piece_type of a payload piece is
729 TxtType.message, or GPG Message block. This should be encrypted text. If
730 the encryted block is correclty signed, a sig will be attached to
731 .target_key unless there is already one there.
734 piece: a PayloadPiece object.
735 replyinfo_obj: object which gets updated with decryption status, etc.
741 the piece.payload_piece value should be TxtType.message.
744 replyinfo_obj gets updated with decryption status, signing status, a
745 potential signing key, posession status of the public key for the
746 signature and encryption capability status if that key is missing.
749 if piece
.gpg_data
.plainobj
== None:
750 replyinfo_obj
.decrypt_failure
= True
753 replyinfo_obj
.decrypt_success
= True
755 # we already have a key (and a message)
756 if replyinfo_obj
.target_key
!= None:
759 if piece
.gpg_data
.sigs
== []:
760 if piece
.gpg_data
.sigkey_missing
== True:
761 replyinfo_obj
.sigkey_missing
= True
763 if piece
.gpg_data
.key_cannot_encrypt
== True:
764 replyinfo_obj
.key_cannot_encrypt
= True
766 # only include a signed message in the reply.
767 get_signed_part
= True
770 replyinfo_obj
.target_key
= piece
.gpg_data
.sigs
[0]
771 replyinfo_obj
.sig_success
= True
772 get_signed_part
= False
774 flatten_decrypted_payloads(piece
.gpg_data
.plainobj
, replyinfo_obj
, get_signed_part
)
776 # to catch public keys in encrypted blocks
777 prepare_for_reply(piece
.gpg_data
.plainobj
, replyinfo_obj
)
780 def prepare_for_reply_pubkey (piece
, replyinfo_obj
):
781 """Helper function for prepare_for_reply(). Marks pubkey import status.
783 Marks replyinfo_obj with pub key import status.
786 piece: a PayloadPiece object
787 replyinfo_obj: a ReplyInfo object
790 piece.piece_type should be set to TxtType.pubkey .
793 replyinfo_obj has its fields updated.
796 if piece
.gpg_data
.keys
== []:
797 if piece
.gpg_data
.key_cannot_encrypt
== True:
798 replyinfo_obj
.key_cannot_encrypt
= True
800 replyinfo_obj
.pubkey_success
= True
802 # prefer public key as a fallback for the encrypted reply
803 replyinfo_obj
.fallback_target_key
= piece
.gpg_data
.keys
[0]
806 def prepare_for_reply_sig (piece
, replyinfo_obj
):
807 """Helper function for prepare_for_reply(). Marks sig verification status.
809 Marks replyinfo_obj with signature verification status.
812 piece: a PayloadPiece object
813 replyinfo_obj: a ReplyInfo object
816 piece.piece_type should be set to TxtType.signature, or
817 TxtType.detachedsig .
820 replyinfo_obj has its fields updated.
823 if piece
.gpg_data
.sigs
== []:
824 replyinfo_obj
.sig_failure
= True
826 if piece
.gpg_data
.sigkey_missing
== True:
827 replyinfo_obj
.sigkey_missing
= True
829 if piece
.gpg_data
.key_cannot_encrypt
== True:
830 replyinfo_obj
.key_cannot_encrypt
= True
833 replyinfo_obj
.sig_success
= True
835 if replyinfo_obj
.fallback_target_key
== None:
836 replyinfo_obj
.fallback_target_key
= piece
.gpg_data
.sigs
[0]
838 if (piece
.piece_type
== TxtType
.signature
):
839 # to catch public keys in signature blocks
840 prepare_for_reply(piece
.gpg_data
.plainobj
, replyinfo_obj
)
843 def flatten_decrypted_payloads (eddymsg_obj
, replyinfo_obj
, get_signed_part
):
844 """For creating a string representation of a signed, encrypted part.
846 When given a decrypted payload, it will add either the plaintext or signed
847 plaintext to the reply message, depeding on 'get_signed_part'. This is
848 useful for ensuring that the reply message only comes from a signed and
849 ecrypted GPG message. It also sets the target_key for encrypting the reply
850 if it's told to get signed text only.
853 eddymsg_obj: the message in EddyMsg format created by decrypting GPG
855 replyinfo_obj: a ReplyInfo object for holding the message to quote and
856 the target_key to encrypt to.
857 get_signed_part: True if we should only include text that contains a
858 further signature. If False, then include plain text.
864 The EddyMsg instance passed in should be a piece.gpg_data.plainobj
865 which represents decrypted text. It may or may not be signed on that
869 the ReplyInfo instance may have a new 'target_key' set and its
870 'msg_to_quote' will be updated with (possibly signed) plaintext, if any
874 if eddymsg_obj
== None:
877 # recurse on multi-part mime
878 if eddymsg_obj
.multipart
== True:
879 for sub
in eddymsg_obj
.subparts
:
880 flatten_decrypted_payloads(sub
, replyinfo_obj
, get_signed_part
)
882 for piece
in eddymsg_obj
.payload_pieces
:
883 if (get_signed_part
):
884 if ((piece
.piece_type
== TxtType
.detachedsig
) \
885 or (piece
.piece_type
== TxtType
.signature
)) \
886 and (piece
.gpg_data
!= None) \
887 and (piece
.gpg_data
.plainobj
!= None):
888 flatten_decrypted_payloads(piece
.gpg_data
.plainobj
, replyinfo_obj
, False)
889 replyinfo_obj
.target_key
= piece
.gpg_data
.sigs
[0]
892 if piece
.piece_type
== TxtType
.text
:
893 replyinfo_obj
.msg_to_quote
+= piece
.string
896 def get_key_from_fp (replyinfo_obj
, gpgme_ctx
):
897 """Obtains a public key object from a key fingerprint
899 If the .target_key is not set, then we use .fallback_target_key, if
903 replyinfo_obj: ReplyInfo instance
904 gpgme_ctx: the gpgme context
910 Loading a key requires that we have the public key imported. This
911 requires that they email contains the pub key block, or that it was
912 previously sent to edward.
915 If the key can be loaded, then replyinfo_obj.reply_to_key points to the
916 public key object. If the key cannot be loaded, then the replyinfo_obj
917 is marked as having no public key available. If the key is not capable
918 of encryption, it will not be used, and replyinfo_obj will be marked
922 for key
in (replyinfo_obj
.target_key
, replyinfo_obj
.fallback_target_key
):
925 encrypt_to_key
= gpgme_ctx
.get_key(key
)
927 except gpgme
.GpgmeError
:
930 if is_key_usable(encrypt_to_key
):
931 replyinfo_obj
.encrypt_to_key
= encrypt_to_key
932 replyinfo_obj
.have_reply_key
= True
933 replyinfo_obj
.key_can_encrypt
= True
937 replyinfo_obj
.key_cannot_encrypt
= True
941 def write_reply (replyinfo_obj
):
942 """Write the reply email body about the GPG successes/failures.
944 The reply is about whether decryption, sig verification and key
945 import/loading was successful or failed. If text was successfully decrypted
946 and verified, then the first instance of such text will be included in
950 replyinfo_obj: contains details of GPG processing status
953 the plaintext message to be sent to the user
956 replyinfo_obj should be populated with info about GPG processing status.
961 if (replyinfo_obj
.pubkey_success
== True):
962 reply_plain
+= replyinfo_obj
.replies
['greeting']
963 reply_plain
+= "\n\n"
966 if replyinfo_obj
.decrypt_success
== True:
967 debug('decrypt success')
968 reply_plain
+= replyinfo_obj
.replies
['success_decrypt']
970 if (replyinfo_obj
.sig_success
== True) and (replyinfo_obj
.have_reply_key
== True):
971 debug('message quoted')
972 reply_plain
+= replyinfo_obj
.replies
['space']
973 reply_plain
+= replyinfo_obj
.replies
['quote_follows']
974 reply_plain
+= "\n\n"
975 quoted_text
= email_quote_text(replyinfo_obj
.msg_to_quote
)
976 reply_plain
+= quoted_text
978 reply_plain
+= "\n\n"
980 elif replyinfo_obj
.decrypt_failure
== True:
981 debug('decrypt failure')
982 reply_plain
+= replyinfo_obj
.replies
['failed_decrypt']
983 reply_plain
+= "\n\n"
986 if replyinfo_obj
.sig_success
== True:
987 debug('signature success')
988 reply_plain
+= replyinfo_obj
.replies
['sig_success']
989 reply_plain
+= "\n\n"
991 elif replyinfo_obj
.sig_failure
== True:
992 debug('signature failure')
993 reply_plain
+= replyinfo_obj
.replies
['sig_failure']
994 reply_plain
+= "\n\n"
997 if (replyinfo_obj
.pubkey_success
== True):
998 debug('public key received')
999 reply_plain
+= replyinfo_obj
.replies
['public_key_received']
1000 reply_plain
+= "\n\n"
1002 elif (replyinfo_obj
.sigkey_missing
== True):
1003 debug('no public key')
1004 reply_plain
+= replyinfo_obj
.replies
['no_public_key']
1005 reply_plain
+= "\n\n"
1007 elif (replyinfo_obj
.key_can_encrypt
== False) \
1008 and (replyinfo_obj
.key_cannot_encrypt
== True):
1009 debug('bad public key')
1010 reply_plain
+= replyinfo_obj
.replies
['no_public_key']
1011 reply_plain
+= "\n\n"
1014 if (reply_plain
== ""):
1015 debug('plaintext message')
1016 reply_plain
+= replyinfo_obj
.replies
['failed_decrypt']
1017 reply_plain
+= "\n\n"
1020 reply_plain
+= replyinfo_obj
.replies
['signature']
1021 reply_plain
+= "\n\n"
1026 def add_gpg_key (key_block
, gpgme_ctx
):
1027 """Adds a GPG pubkey to the local keystore
1029 This adds keys received through email into the key store so they can be
1033 key_block: the string form of the ascii-armored public key block
1034 gpgme_ctx: the gpgme context
1037 the fingerprint(s) of the imported key(s) which can be used for
1038 encryption, and a boolean marking whether none of the keys are capable
1042 fp
= io
.BytesIO(key_block
.encode('ascii'))
1045 result
= gpgme_ctx
.import_(fp
)
1046 imports
= result
.imports
1047 except gpgme
.GpgmeError
:
1050 key_fingerprints
= []
1051 key_cannot_encrypt
= False
1053 for import_res
in imports
:
1054 fingerprint
= import_res
[0]
1057 key_obj
= gpgme_ctx
.get_key(fingerprint
)
1061 if is_key_usable(key_obj
):
1062 key_fingerprints
+= [fingerprint
]
1063 key_cannot_encrypt
= False
1065 debug("added gpg key: " + fingerprint
)
1067 elif key_fingerprints
== []:
1068 key_cannot_encrypt
= True
1070 return (key_fingerprints
, key_cannot_encrypt
)
1073 def verify_sig_message (msg_block
, gpgme_ctx
):
1074 """Verifies the signature of a signed, ascii-armored block of text.
1076 It encodes the string into ascii, since binary GPG files are currently
1077 unsupported, and alternative, the ascii-armored format is encodable into
1081 msg_block: a GPG Message block in string form. It may be encrypted or
1082 not. If it is encrypted, it will return empty results.
1083 gpgme_ctx: the gpgme context
1086 A tuple containing the plaintext bytes of the signed part, the list of
1087 fingerprints of encryption-capable keys signing the data, a boolean
1088 marking whether edward is missing all public keys for validating any of
1089 the signatures, and a boolean marking whether all sigs' keys are
1090 incapable of encryption. If verification failed, perhaps because the
1091 message was also encrypted, sensible default values are returned.
1094 block_b
= io
.BytesIO(msg_block
.encode('ascii'))
1095 plain_b
= io
.BytesIO()
1098 sigs
= gpgme_ctx
.verify(block_b
, None, plain_b
)
1099 except gpgme
.GpgmeError
:
1100 return ("",[],False,False)
1102 plaintext_b
= plain_b
.getvalue()
1104 (fingerprints
, sigkey_missing
, key_cannot_encrypt
) = get_signature_fp(sigs
, gpgme_ctx
)
1106 return (plaintext_b
, fingerprints
, sigkey_missing
, key_cannot_encrypt
)
1109 def verify_detached_signature (detached_sig
, plaintext_bytes
, gpgme_ctx
):
1110 """Verifies the signature of a detached signature.
1112 This requires the signature part and the signed part as separate arguments.
1115 detached_sig: the signature part of the detached signature
1116 plaintext_bytes: the byte form of the message being signed.
1117 gpgme_ctx: the gpgme context
1120 A tuple containging a list of encryption capable signing fingerprints
1121 if the signature verification was sucessful, a boolean marking whether
1122 edward is missing all public keys for validating any of the signatures,
1123 and a boolean marking whether all signing keys are incapable of
1124 encryption. Otherwise, a tuple containing an empty list and True are
1128 detached_sig_fp
= io
.BytesIO(detached_sig
.encode('ascii'))
1129 plaintext_fp
= io
.BytesIO(plaintext_bytes
)
1132 sigs
= gpgme_ctx
.verify(detached_sig_fp
, plaintext_fp
, None)
1133 except gpgme
.GpgmeError
:
1134 return ([],False,False)
1136 (fingerprints
, sigkey_missing
, key_cannot_encrypt
) = get_signature_fp(sigs
, gpgme_ctx
)
1138 return (fingerprints
, sigkey_missing
, key_cannot_encrypt
)
1141 def decrypt_block (msg_block
, gpgme_ctx
):
1142 """Decrypts a block of GPG text and verifies any included sigatures.
1144 Some encypted messages have embeded signatures, so those are verified too.
1147 msg_block: the encrypted(/signed) text
1148 gpgme_ctx: the gpgme context
1151 A tuple containing plaintext bytes, encryption-capable signatures (if
1152 decryption and signature verification were successful, respectively), a
1153 boolean marking whether edward is missing all public keys for
1154 validating any of the signatures, and a boolean marking whether all
1155 signature keys are incapable of encryption.
1158 block_b
= io
.BytesIO(msg_block
.encode('ascii'))
1159 plain_b
= io
.BytesIO()
1162 sigs
= gpgme_ctx
.decrypt_verify(block_b
, plain_b
)
1163 except gpgme
.GpgmeError
:
1164 return ("",[],False,False)
1166 plaintext_b
= plain_b
.getvalue()
1168 (fingerprints
, sigkey_missing
, key_cannot_encrypt
) = get_signature_fp(sigs
, gpgme_ctx
)
1170 return (plaintext_b
, fingerprints
, sigkey_missing
, key_cannot_encrypt
)
1173 def get_signature_fp (sigs
, gpgme_ctx
):
1174 """Selects valid signatures from output of gpgme signature verifying functions
1176 get_signature_fp returns a list of valid signature fingerprints if those
1177 fingerprints are associated with available keys capable of encryption.
1180 sigs: a signature verification result object list
1181 gpgme_ctx: a gpgme context
1184 fingerprints: a list of fingerprints
1185 sigkey_missing: a boolean marking whether public keys are missing for
1186 all available signatures.
1187 key_cannot_encrypt: a boolearn marking whether available public keys are
1188 incapable of encryption.
1191 sigkey_missing
= False
1192 key_cannot_encrypt
= False
1196 if (sig
.summary
== 0) or (sig
.summary
& gpgme
.SIGSUM_VALID
!= 0) or (sig
.summary
& gpgme
.SIGSUM_GREEN
!= 0):
1198 key_obj
= gpgme_ctx
.get_key(sig
.fpr
)
1200 if fingerprints
== []:
1201 sigkey_missing
= True
1204 if is_key_usable(key_obj
):
1205 fingerprints
+= [sig
.fpr
]
1206 key_cannot_encrypt
= False
1207 sigkey_missing
= False
1209 elif fingerprints
== []:
1210 key_cannot_encrypt
= True
1212 elif fingerprints
== []:
1213 if (sig
.summary
& gpgme
.SIGSUM_KEY_MISSING
!= 0):
1214 sigkey_missing
= True
1216 return (fingerprints
, sigkey_missing
, key_cannot_encrypt
)
1219 def is_key_usable (key_obj
):
1220 """Returns boolean representing key usability regarding encryption
1222 Tests various feature of key and returns usability
1225 key_obj: a gpgme key object
1228 A boolean representing key usability
1230 if key_obj
.can_encrypt
and not key_obj
.invalid
and not key_obj
.expired \
1231 and not key_obj
.revoked
and not key_obj
.disabled
:
1237 def email_to_from_subject (email_bytes
):
1238 """Returns the values of the email's To:, From: and Subject: fields
1240 Returns this information from an email.
1243 email_bytes: the byte string form of the email
1246 the email To:, From:, and Subject: fields as strings
1249 email_struct
= email
.parser
.BytesParser().parsebytes(email_bytes
)
1251 email_to
= email_struct
['To']
1252 email_from
= email_struct
['From']
1253 email_subject
= email_struct
['Subject']
1255 return email_to
, email_from
, email_subject
1258 def import_lang_pick_address(email_to
, hostname
):
1259 """Imports language file for i18n support; makes reply from address
1261 The language imported depends on the To: address of the email received by
1262 edward. an -en ending implies the English language, whereas a -ja ending
1263 implies Japanese. The list of supported languages is listed in the 'langs'
1264 list at the beginning of the program. This function also chooses the
1265 language-dependent address which can be used as the From address in the
1269 email_to: the string containing the email address that the mail was
1271 hostname: the hostname part of the reply email's from address
1274 the reference to the imported language module. The only variable in
1275 this file is the 'replies' dictionary.
1281 if email_to
!= None:
1283 if "edward-" + lang
in email_to
:
1287 lang_mod_name
= "lang." + re
.sub('-', '_', use_lang
)
1288 lang_module
= importlib
.import_module(lang_mod_name
)
1290 reply_from
= "edward-" + use_lang
+ "@" + hostname
1292 return lang_module
, reply_from
1295 def generate_encrypted_mime (plaintext
, email_to
, email_subject
, encrypt_to_key
,
1297 """This function creates the mime email reply. It can encrypt the email.
1299 If the encrypt_key is included, then the email is encrypted and signed.
1300 Otherwise it is unencrypted.
1303 plaintext: the plaintext body of the message to create.
1304 email_to: the email address to reply to
1305 email_subject: the subject to use in reply
1306 encrypt_to_key: the key object to use for encrypting the email. (or
1308 gpgme_ctx: the gpgme context
1311 A string version of the mime message, possibly encrypted and signed.
1314 plaintext_mime
= MIMEText(plaintext
)
1315 plaintext_mime
.set_charset('utf-8')
1317 if (encrypt_to_key
!= None):
1319 encrypted_text
= encrypt_sign_message(plaintext_mime
.as_string(),
1323 control_mime
= MIMEApplication("Version: 1",
1324 _subtype
='pgp-encrypted',
1325 _encoder
=email
.encoders
.encode_7or8bit
)
1326 control_mime
['Content-Description'] = 'PGP/MIME version identification'
1327 control_mime
.set_charset('us-ascii')
1329 encoded_mime
= MIMEApplication(encrypted_text
,
1330 _subtype
='octet-stream; name="encrypted.asc"',
1331 _encoder
=email
.encoders
.encode_7or8bit
)
1332 encoded_mime
['Content-Description'] = 'OpenPGP encrypted message'
1333 encoded_mime
['Content-Disposition'] = 'inline; filename="encrypted.asc"'
1334 encoded_mime
.set_charset('us-ascii')
1336 message_mime
= MIMEMultipart(_subtype
="encrypted", protocol
="application/pgp-encrypted")
1337 message_mime
.attach(control_mime
)
1338 message_mime
.attach(encoded_mime
)
1339 message_mime
['Content-Disposition'] = 'inline'
1342 message_mime
= plaintext_mime
1344 message_mime
['To'] = email_to
1345 message_mime
['Subject'] = email_subject
1347 reply
= message_mime
.as_string()
1352 def send_reply(email_txt
, reply_to
, reply_from
):
1353 """Sends reply email
1355 Sent to original sender
1358 email_txt: message as a string
1359 reply_to: recipient of reply
1360 reply_from: edward's specific email address
1367 s
= smtplib
.SMTP('localhost')
1368 s
.sendmail(reply_from
, reply_to
, email_txt
)
1372 def email_quote_text (text
):
1373 """Quotes input text by inserting "> "s
1375 This is useful for quoting a text for the reply message. It inserts "> "
1376 strings at the beginning of lines.
1379 text: plain text to quote
1385 quoted_message
= re
.sub(r
'^', r
'> ', text
, flags
=re
.MULTILINE
)
1387 return quoted_message
1390 def encrypt_sign_message (plaintext
, encrypt_to_key
, gpgme_ctx
):
1391 """Encrypts and signs plaintext
1393 This encrypts and signs a message.
1396 plaintext: text to sign and ecrypt
1397 encrypt_to_key: the key object to encrypt to
1398 gpgme_ctx: the gpgme context
1401 An encrypted and signed string of text
1404 # the plaintext should be mime encoded in an ascii-compatible form
1405 plaintext_bytes
= io
.BytesIO(plaintext
.encode('ascii'))
1406 encrypted_bytes
= io
.BytesIO()
1408 gpgme_ctx
.encrypt_sign([encrypt_to_key
], gpgme
.ENCRYPT_ALWAYS_TRUST
,
1409 plaintext_bytes
, encrypted_bytes
)
1411 encrypted_txt
= encrypted_bytes
.getvalue().decode('ascii')
1412 return encrypted_txt
1415 def error (error_msg
):
1416 """Write an error message to stdout
1418 The error message includes the program name.
1421 error_msg: the message to print
1427 An error message is printed to stdout
1430 sys
.stderr
.write(progname
+ ": " + str(error_msg
) + "\n")
1433 def debug (debug_msg
):
1434 """Writes a debug message to stdout if debug == True
1436 If the debug option is set in edward_config.py, then the passed message
1437 gets printed to stdout.
1440 debug_msg: the message to print to stdout
1446 A debug message is printed to stdout
1449 if edward_config
.debug
== True:
1454 """Sets the progname variable and processes optional argument
1456 If there are more than two arguments then edward complains and quits. An
1457 single "-p" argument sets the print_reply_only option, which makes edward
1458 print email replies instead of mailing them.
1464 True if edward should print arguments instead of mailing them,
1465 otherwise it returns False.
1468 Exits with error 1 if there are more than two arguments, otherwise
1469 returns the print_reply_only option.
1473 progname
= sys
.argv
[0]
1475 print_reply_only
= False
1477 if len(sys
.argv
) > 2:
1478 print(progname
+ " usage: " + progname
+ " [-p]\n\n" \
1479 + " -p print reply message to stdout, do not mail it\n", \
1483 elif (len(sys
.argv
) == 2) and (sys
.argv
[1] == "-p"):
1484 print_reply_only
= True
1486 return print_reply_only
1489 if __name__
== "__main__":
1490 """Executes main if this file is not loaded interactively"""