From e2ef883ec26335754b67583b013230487f0338f5 Mon Sep 17 00:00:00 2001 From: fkrone Date: Sat, 14 Feb 2015 16:01:58 +0100 Subject: [PATCH] Merged change: https://github.com/uragit/gpg-mailgate/commit/584eee18dc67c6c0f29bbd46ffe4791752c281de ( Added check that config file keymap fingerprint exists in actual GPG keyring. Decline encryption if mismatch. ) --- GnuPG/__init__.py | 8 ++++---- gpg-mailgate.py | 10 ++++++++-- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/GnuPG/__init__.py b/GnuPG/__init__.py index e34d22e..595838e 100644 --- a/GnuPG/__init__.py +++ b/GnuPG/__init__.py @@ -28,14 +28,14 @@ def public_keys( keyhome ): cmd = ['/usr/bin/gpg', '--homedir', keyhome, '--list-keys', '--with-colons'] p = subprocess.Popen( cmd, stdin=None, stdout=subprocess.PIPE, stderr=subprocess.PIPE ) p.wait() - keys = list() + keys = dict() for line in p.stdout.readlines(): if line[0:3] == 'uid' or line[0:3] == 'pub': if ('<' not in line or '>' not in line): continue - key = line.split('<')[1].split('>')[0].lower() - if keys.count(key) == 0: - keys.append(key) + email = line.split('<')[1].split('>')[0] + fingerprint = line.split(':')[4] + keys[fingerprint] = email return keys # confirms a key has a given email address diff --git a/gpg-mailgate.py b/gpg-mailgate.py index 035695e..64d020b 100755 --- a/gpg-mailgate.py +++ b/gpg-mailgate.py @@ -178,10 +178,16 @@ ungpg_to = list() for to in to_addrs: to = to.lower() - if to in keys and not ( cfg['default'].has_key('keymap_only') and cfg['default']['keymap_only'] == 'yes' ): + if to in keys.values() and not ( cfg['default'].has_key('keymap_only') and cfg['default']['keymap_only'] == 'yes' ): gpg_to.append( (to, to) ) elif cfg.has_key('keymap') and cfg['keymap'].has_key(to): - gpg_to.append( (to, cfg['keymap'][to]) ) + log("Keymap has key '%s'" % cfg['keymap'][to] ) + # Check we've got a matching key! If not, decline to attempt encryption. + if not keys.has_key(cfg['keymap'][to]): + log("Key '%s' in keymap not found in keyring for email address '%s'. Won't encrypt." % (cfg['keymap'][to], to)) + ungpg_to.append(to) + else: + gpg_to.append( (to, cfg['keymap'][to]) ) else: if verbose: log("Recipient (%s) not in PGP domain list." % to)