# HG changeset patch # User Paul Boddie # Date 1373387336 -7200 # Node ID 8825008d6eb1e07bd9b48af0afb7ff32863e1bd9 # Parent f2cdf0361901f0fcfb961f4e4b14a40f11388683 Added support for signing encrypted (signed) messages for forwarding purposes. diff -r f2cdf0361901 -r 8825008d6eb1 README.txt --- a/README.txt Tue Jun 25 18:28:44 2013 +0200 +++ b/README.txt Tue Jul 09 18:28:56 2013 +0200 @@ -172,6 +172,12 @@ server environment. It also uses a modified trust model when invoking gpg in order to avoid complaints about the identity of the sender during encryption. +To sign the encrypted message for forwarding, the above command is modified: + +python tests/test_send.py 1C1AAF83 0891463A --forward 1C1AAF83 \ + http://localhost/wiki/ShareTest \ + collection update 'An update to the Wiki.' 'Another update.' + Below, the mechanisms employed are illustrated through the use of the other test programs. @@ -235,6 +241,34 @@ | gpg --armor -r 0891463A --encrypt --trust-model always \ | python tests/test_encrypt_wrap.py +Signing and Encrypting then Signing +----------------------------------- + +Where a message is to be forwarded and not decrypted, it will be signed by the +author, encrypted, but then signed by the forwarder (perhaps initially the +author): + + python tests/test_message.py collection update 'An update to the Wiki.' \ + 'Another update.' \ +| python tests/test_sign.py 1C1AAF83 \ +| python tests/test_encrypt.py 0891463A \ +| python tests/test_sign.py 1C1AAF83 + +The complicated recipe based on the individual operations is as follows: + + python tests/test_message.py collection update 'An update to the Wiki.' \ + 'Another update.' \ +> test.txt \ +&& cat test.txt \ +| gpg --armor -u 1C1AAF83 --detach-sig \ +| python tests/test_sign_wrap.py test.txt \ +| gpg --armor -r 0891463A --encrypt --trust-model always \ +| python tests/test_encrypt_wrap.py \ +> test2.txt \ +&& cat test2.txt \ +| gpg --armor -u 1C1AAF83 --detach-sig \ +| python tests/test_sign_wrap.py test2.txt + Posting a Message ----------------- diff -r f2cdf0361901 -r 8825008d6eb1 tests/test_send.py --- a/tests/test_send.py Tue Jun 25 18:28:44 2013 +0200 +++ b/tests/test_send.py Tue Jul 09 18:28:56 2013 +0200 @@ -8,15 +8,25 @@ try: signer = sys.argv[1] recipient = sys.argv[2] - url = sys.argv[3] + "?action=PostMessage" - type = sys.argv[4] - action = sys.argv[5] - args = sys.argv[6:] + if sys.argv[3] == "--forward": + forwarder = sys.argv[4] + i = 5 + else: + forwarder = None + i = 3 + url = sys.argv[i] + "?action=PostMessage" + type = sys.argv[i+1] + action = sys.argv[i+2] + args = sys.argv[i+3:] except IndexError: args = None if not args: print >>sys.stderr, "Need a signer, recipient, URL, update type, action and some updates as arguments to this program." + print >>sys.stderr, "Syntax:" + print >>sys.stderr, sys.argv[0], " " \ + "[ --forward ] " \ + " ..." sys.exit(1) message = Message() @@ -40,8 +50,18 @@ try: signed_message = gpg.signMessage(email_message, signer) - encrypted_message = gpg.encryptMessage(signed_message, recipient) - print sendMessage(encrypted_message, url) + message_to_send = gpg.encryptMessage(signed_message, recipient) + + # Forwarded messages should be timestamped and must be directed to a + # message store. + + if forwarder: + timestamp(message_to_send) + message_to_send["Update-Action"] = "store" + message_to_send = gpg.signMessage(message_to_send, forwarder) + + print sendMessage(message_to_send, url) + except MoinMessageError, exc: print exc