Merged change:
584eee18dc
( Added check that config file keymap fingerprint exists in actual GPG keyring. Decline encryption if mismatch. )
This commit is contained in:
parent
63435c72c5
commit
e2ef883ec2
|
@ -28,14 +28,14 @@ def public_keys( keyhome ):
|
||||||
cmd = ['/usr/bin/gpg', '--homedir', keyhome, '--list-keys', '--with-colons']
|
cmd = ['/usr/bin/gpg', '--homedir', keyhome, '--list-keys', '--with-colons']
|
||||||
p = subprocess.Popen( cmd, stdin=None, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
|
p = subprocess.Popen( cmd, stdin=None, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
|
||||||
p.wait()
|
p.wait()
|
||||||
keys = list()
|
keys = dict()
|
||||||
for line in p.stdout.readlines():
|
for line in p.stdout.readlines():
|
||||||
if line[0:3] == 'uid' or line[0:3] == 'pub':
|
if line[0:3] == 'uid' or line[0:3] == 'pub':
|
||||||
if ('<' not in line or '>' not in line):
|
if ('<' not in line or '>' not in line):
|
||||||
continue
|
continue
|
||||||
key = line.split('<')[1].split('>')[0].lower()
|
email = line.split('<')[1].split('>')[0]
|
||||||
if keys.count(key) == 0:
|
fingerprint = line.split(':')[4]
|
||||||
keys.append(key)
|
keys[fingerprint] = email
|
||||||
return keys
|
return keys
|
||||||
|
|
||||||
# confirms a key has a given email address
|
# confirms a key has a given email address
|
||||||
|
|
|
@ -178,9 +178,15 @@ ungpg_to = list()
|
||||||
|
|
||||||
for to in to_addrs:
|
for to in to_addrs:
|
||||||
to = to.lower()
|
to = to.lower()
|
||||||
if to in keys and not ( cfg['default'].has_key('keymap_only') and cfg['default']['keymap_only'] == 'yes' ):
|
if to in keys.values() and not ( cfg['default'].has_key('keymap_only') and cfg['default']['keymap_only'] == 'yes' ):
|
||||||
gpg_to.append( (to, to) )
|
gpg_to.append( (to, to) )
|
||||||
elif cfg.has_key('keymap') and cfg['keymap'].has_key(to):
|
elif cfg.has_key('keymap') and cfg['keymap'].has_key(to):
|
||||||
|
log("Keymap has key '%s'" % cfg['keymap'][to] )
|
||||||
|
# Check we've got a matching key! If not, decline to attempt encryption.
|
||||||
|
if not keys.has_key(cfg['keymap'][to]):
|
||||||
|
log("Key '%s' in keymap not found in keyring for email address '%s'. Won't encrypt." % (cfg['keymap'][to], to))
|
||||||
|
ungpg_to.append(to)
|
||||||
|
else:
|
||||||
gpg_to.append( (to, cfg['keymap'][to]) )
|
gpg_to.append( (to, cfg['keymap'][to]) )
|
||||||
else:
|
else:
|
||||||
if verbose:
|
if verbose:
|
||||||
|
|
Loading…
Reference in New Issue