bernhardreiter
commented
8 years ago https://github.com/Intevation/intelmq-mailgen/issues/12 will start with a "no-mime, system protected privat key"-implementation for sending out emails.
Open bernhardreiter opened 8 years ago
bernhardreiter
commented
8 years ago https://github.com/Intevation/intelmq-mailgen/issues/12 will start with a "no-mime, system protected privat key"-implementation for sending out emails.
sebix
commented
8 years ago I started to implement a RTIR-fetcher bot including decryption a while ago: 96541e2762bf842c7bcd60df951fbed6ea42f136 As it's a proof of concept (or this was the idea) it does not work AFAIR, completely lacks docs and is incomplete. But possibly a good starting point.
bernhardreiter
commented
8 years ago Criteria for selecting a python3 "library" for GnuPG
There are two main choices: a) pyme (with a python3 port in http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=history;f=lang/python;hb=HEAD), GNU LGPL >=2 (compatible) b) pygpgme which comes with a python3 package in Debian and Ubuntu. , same license as gpgme (so probabyl GNU LGPL v>=2, too)
https://tracker.debian.org/pkg/pygpgme https://launchpad.net/ubuntu/+source/pygpgme
https://tracker.debian.org/pkg/pyme https://launchpad.net/ubuntu/+source/pyme
Outside of our design requirements is https://pypi.python.org/pypi/python-gnupg (which is available for python3, but xorg style license, but not following the GnuPG API recommandations).
bernhardreiter
commented
8 years ago @sebix thanks for the pointer. I briefly looked at the code and commented there, I'd rather use something based on the official gnupg api. And you only do decryption, verifying a sender is the more interesting part. :)
bernhardreiter
commented
8 years ago Ranking our options, regarding the criteria
bernhardreiter
commented
8 years ago If 2. would be released, it would be more attractive. I've asked on gnupg-devel about the release schedule. On the other hand it will be comparitively easier to switch to gpgme-python3 once gpgme is released and packaged within the distributions. Compared to package the unreleased version now, repackage it and so on.
bernhardreiter
commented
8 years ago I'll go with pygpgme for now and implement a first sending version in Intevation/intelmq-mailgen#12 see progress there
bernhardreiter
commented
8 years ago It seems an official gpgme release with a python binding is close (within June) https://lists.gnupg.org/pipermail/gnupg-devel/2016-May/031157.html Still pygpgme's availability in Debian and Ubuntu now let me continue with it for now in Intevation/intelmq-mailgen#12
bernhardreiter
commented
8 years ago Note that https://github.com/Intevation/intelmq-mailgen/ has support for creating no-mime signatures (since Intevation/intelmq-mailgen#12 was successfully closed).
aaronkaplan
commented
8 years ago actually this is a mailgen issue and not a core intelmq issue. Moving to v1.1
bernhardreiter
commented
8 years ago Verification the signatures of incoming emails should be a core intelmq issue I guess.
bernhardreiter
commented
7 years ago Meanwhile an official Python3 binding was published from the GnuPG Initiative with gpgme v1.7.0.
This library SHOULD be used in the future. Right now it would add another complex dependency as it is not available from pypi and needs to compile C-source code.
Thus https://github.com/Intevation/intelmq-mailgen/issues/39 will stay with the already used and on-debian-packaged pyme for the time being.
intelMQ shall support cryptographic verification and sending of emails.
There are two competing, well distributed standards for crypto email:
To not add another central service by introducing a PKIX with S/MIME, I propose that we start supporting OpenPGP. Technical aspect: we need an implementation accessible from python3 (and Free Software compatible with intelmq's license) Idea: use a python interface to www.gnupg.org. A list of the official API for GnuPG can be found here https://wiki.gnupg.org/APIs