# HG changeset patch # User Paul Boddie # Date 1389142557 -3600 # Node ID 5798c36178755fc40116f408f8b789df3da98d45 # Parent 40886b6893b42e4706d7851e84075cd20bd22a84 Added support for "authorship" verification of transferred content. diff -r 40886b6893b4 -r 5798c3617875 scripts/getfiles.py --- a/scripts/getfiles.py Wed Jan 08 01:07:30 2014 +0100 +++ b/scripts/getfiles.py Wed Jan 08 01:55:57 2014 +0100 @@ -7,7 +7,6 @@ """ from MoinMessage import * -from email.mime.application import MIMEApplication from email.mime.text import MIMEText from email.parser import Parser from os.path import join, exists @@ -21,6 +20,13 @@ finally: f.close() +def decrypt(gpg, content): + if is_encrypted(content): + text = gpg.decryptMessage(content) + return Parser().parsestr(text) + else: + return content + if __name__ == "__main__": try: service = sys.argv[1] @@ -46,29 +52,22 @@ # Get the e-mail message itself. - message = message.get_payload() + email_message = message.get_payload() - # Encrypt, sign and send the message. + # Encrypt, sign and send the request. gpg = GPG() - message = gpg.encryptMessage(message, service) - message = gpg.signMessage(message, signer) - resp = sendMessageForReading(message, url) + encrypted_message = gpg.encryptMessage(email_message, service) + signed_message = gpg.signMessage(encrypted_message, signer) + resp = sendMessageForReading(signed_message, url) - # Verify, decrypt and unpack the message. + # Verify the response after possible transport encryption. try: - if not is_signed(message): - print >>sys.stderr, "Incoming message was not signed." - sys.exit(1) - message = Parser().parse(resp) + message = decrypt(gpg, message) fingerprint, identity, content = gpg.verifyMessage(message) - if is_encrypted(content): - text = gpg.decryptMessage(content) - content = Parser().parsestr(text) - except MoinMessageDecodingError: print >>sys.stderr, "Incoming message was improperly encoded." sys.exit(1) @@ -86,20 +85,17 @@ # file, even though the eventual filename in the directory may be # different. - filename = part["Content-Disposition"] - directory, leafname = filename.split("/") + directory = part["Content-Disposition"] - # The data may be encrypted. + # The retrieved content may be encrypted. + + part = decrypt(gpg, part) - try: - data = gpg.decryptMessage(part) - except MoinMessageError: - print >>sys.stderr, "Message part was not decrypted." - data = part.get_payload(decode=True) + # The original sender may now be verified. - # Parse the decoded data. - - content = Parser().parsestr(data) + if is_signed(part): + fingerprint, identity, content = gpg.verifyMessage(part) + print >>sys.stderr, "Content signed by %s." % identity if content.is_multipart(): files = content.get_payload() @@ -111,8 +107,8 @@ for file in files: data = file.get_payload(decode=True) - realname = file.get("Content-Disposition") - filename = join(directory, realname or leafname) + realname = file["Content-Disposition"] + filename = join(directory, realname) dirpath = join(target_dir, directory) if not exists(dirpath): diff -r 40886b6893b4 -r 5798c3617875 scripts/sendfiles.py --- a/scripts/sendfiles.py Wed Jan 08 01:07:30 2014 +0100 +++ b/scripts/sendfiles.py Wed Jan 08 01:55:57 2014 +0100 @@ -48,7 +48,8 @@ email_message = message.get_payload() - # Sign, encrypt, sign and send the message. + # Sign (for authorship), encrypt (for privacy), sign (for authentication), + # and send the message. gpg = GPG() signed_message = gpg.signMessage(email_message, signer)