-*- mode: org -*-
It would be nice to make the file descriptors for communication with the GnuPG process configurable, and not the default, hard-coded 0=stdin 1=stdout 2=stderr.
see :compatibility:gen__key_input:
DONE: use gnupg._util._is_gpg2() and gnupg.util._is_gpg1() to check versions
If we add a GnuPG version detection feature (the version string is already obtained in GPG.___init___() gnupg.py:407), then we can automatically chain GPG.gen__key_input() to another new feature for ‘–edit-key’. This chaining would likely need to happen here gnupg.py:1146.
In the docstring of GPG.gen__key_input() gnupg.py:1068, for the parameter ‘passphrase’, it is explained that:
:param str passphrase: The passphrase for the new key. The default is to not use any passphrase. Note that GnuPG>=2.1.x will not allow you to specify a passphrase for batch key generation – GnuPG will ignore the “passphrase“ parameter, stop, and ask the user for the new passphrase. However, we can put the command ‘%no-protection’ into the batch key generation file to allow a passwordless key to be created, which can then have its passphrase set later with ‘–edit-key’.
This would be necessary for adding a passphrase to the key after passwordless generation in GnuPG>=2.1.0.
DONE: GnuPG version detection in gen_key_input() was added in commits 6eccbe704841cca90573dc554019712528d927a0 and 1e867d6e117f603cd9f2238641a1fb9cb87d4b51
(python-gnupg)∃!isisⒶwintermute:~/code/riseup/python-gnupg ∴ ipython WARNING: Attempting to work in a virtualenv. If you encounter problems, please install IPython inside the virtualenv.
In [1]: import gnupg GnuPG logging disabled…
In [2]: gpg = gnupg.GPG(homedir=’./tests/doctests’)
In [3]: key_input = gpg.gen_key_input()
In [4]: print key_input Key-Type: default Key-Length: 4096 Subkey-Type: default Name-Email: isis@wintermute Expire-Date: 2014-05-28 Name-Real: Autogenerated Key %commit
In [5]: key = gpg.gen_key(key_input)
In [6]: print key.stderr gpg: -:1: invalid algorithm [GNUPG:] KEY_NOT_CREATED
In [7]: quit() (python-gnupg)∃!isisⒶwintermute:~/code/riseup/python-gnupg ∴ which gpg /usr/bin/gpg (python-gnupg)∃!isisⒶwintermute:~/code/riseup/python-gnupg ∴ gpg –version gpg (GnuPG) 1.4.12 Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 (python-gnupg)∃!isisⒶwintermute:~/code/riseup/python-gnupg ∴
Ughh…this is the ugliest code I think I’ve ever written. It works, but I worry that it is fragile, not to mention I have trouble reading it, and I fucking wrote the damn thing. There’s probably not much that could be done to make it more Pythonic, because type checks and input validation are pretty much intrinsically non-Pythonic. But did i mention that it’s ugly? I’m sure these functions would be pretty glad to get a shower, shave, and haircut.
There is a lot of madness dealing with stupid things like hyphens vs. underscores, and lists of options vs. strings. This can definitely be cleaned up.