Merged change:

584eee18dc
( Added check that config file keymap fingerprint exists in actual GPG keyring. Decline encryption if mismatch. )

GnuPG/__init__.py

@@ -28,14 +28,14 @@ def public_keys( keyhome ):
 	cmd = ['/usr/bin/gpg', '--homedir', keyhome, '--list-keys', '--with-colons']
 	p = subprocess.Popen( cmd, stdin=None, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
 	p.wait()
-	keys = list()
+	keys = dict()
 	for line in p.stdout.readlines():
 		if line[0:3] == 'uid' or line[0:3] == 'pub':
 			if ('<' not in line or '>' not in line):
 				continue
-			key = line.split('<')[1].split('>')[0].lower()
-			if keys.count(key) == 0:
-				keys.append(key)
+			email = line.split('<')[1].split('>')[0]
+			fingerprint = line.split(':')[4]
+			keys[fingerprint] = email
 	return keys
 
 # confirms a key has a given email address

gpg-mailgate.py

@@ -178,10 +178,16 @@ ungpg_to = list()
 
 for to in to_addrs:
 	to = to.lower()
-	if to in keys and not ( cfg['default'].has_key('keymap_only') and cfg['default']['keymap_only'] == 'yes'  ):
+	if to in keys.values() and not ( cfg['default'].has_key('keymap_only') and cfg['default']['keymap_only'] == 'yes'  ):
 		gpg_to.append( (to, to) )
 	elif cfg.has_key('keymap') and cfg['keymap'].has_key(to):
-		gpg_to.append( (to, cfg['keymap'][to]) )
+		log("Keymap has key '%s'" % cfg['keymap'][to] )
+		# Check we've got a matching key!  If not, decline to attempt encryption.
+		if not keys.has_key(cfg['keymap'][to]):
+			log("Key '%s' in keymap not found in keyring for email address '%s'.  Won't encrypt." % (cfg['keymap'][to], to))
+			ungpg_to.append(to)
+		else:
+			gpg_to.append( (to, cfg['keymap'][to]) )
 	else:
 		if verbose:
 			log("Recipient (%s) not in PGP domain list." % to)