[tor-commits] [bridgedb/master] 5463 - Adds GPG clearsign to email distributor.

aagbsn at torproject.org aagbsn at torproject.org
Sat Mar 16 23:46:31 UTC 2013


commit ca5398470108b8f9444b5c0f823411eb735dcfd0
Author: aagbsn <aagbsn at extc.org>
Date:   Wed Jun 20 05:55:49 2012 -0700

    5463 - Adds GPG clearsign to email distributor.
    
    Two new configuration options are added to bridgedb.conf:
    
    EMAIL_GPG_SIGNING_ENABLED
    EMAIL_GPG_SIGNING_KEY
    
    The former may be either True or False, and the latter must
    point to the ascii-armored key file. The keyfile must not be
    passphrase protected.
    
    The gpgme library will add the secret key to the secret key ring of
    user who runs BridgeDB.
---
 README                 |   16 ++++++++--
 bridgedb.conf          |    4 ++
 lib/bridgedb/Main.py   |    2 +
 lib/bridgedb/Server.py |   79 +++++++++++++++++++++++++++++++++++++++++++----
 4 files changed, 91 insertions(+), 10 deletions(-)

diff --git a/README b/README
index 6ab1545..baca007 100644
--- a/README
+++ b/README
@@ -20,10 +20,11 @@ To set up:
    - A recaptcha.net account is required. 
    - Install these required packages:
      - Debian: apt-get install python-recaptcha python-beautifulsoup
-     - Python: pip install recaptcha-client BeautifulSoup
+       python-gpgme
+     - Python: pip install recaptcha-client BeautifulSoup pygpgme
      - Others: http://pypi.python.org/pypi/recaptcha-client
-             : http://pypi.python.org/pypi/BeautifulSoup
-
+               http://pypi.python.org/pypi/BeautifulSoup
+               http://pypi.python.org/pypi/pygpgme
 
 To re-generate and update the i18n files (in case translated strings
 have changed in BridgeDB):
@@ -67,6 +68,15 @@ To indicate which bridges are blocked:
  - If this file is present, bridgedb will filter blocked bridges from responses
  - For GeoIP support make sure to install Maxmind GeoIP
 
+To sign emails with gpg:
+ - Add these two options to your bridgedb.conf:
+
+            EMAIL_GPG_SIGNING_ENABLED, EMAIL_GPG_SIGNING_KEY
+    
+   The former may be either True or False, and the latter must
+   point to the ascii-armored key file. The keyfile must not be
+   passphrase protected.
+
 To update the SQL schema:
  - Install sqlite3:
    - Debian: apt-get install sqlite3
diff --git a/bridgedb.conf b/bridgedb.conf
index f044ee6..2b97d78 100644
--- a/bridgedb.conf
+++ b/bridgedb.conf
@@ -146,6 +146,10 @@ EMAIL_N_BRIDGES_PER_ANSWER=3
 # once we have the vidalia/tor interaction fixed for everbody.
 EMAIL_INCLUDE_FINGERPRINTS=False
 
+# Configuration options for GPG signed messages
+EMAIL_GPG_SIGNING_ENABLED = False
+EMAIL_GPG_SIGNING_KEY = ''
+
 #==========
 # Options related to unallocated bridges.
 
diff --git a/lib/bridgedb/Main.py b/lib/bridgedb/Main.py
index 69a4761..977f37a 100644
--- a/lib/bridgedb/Main.py
+++ b/lib/bridgedb/Main.py
@@ -97,6 +97,8 @@ CONFIG = Conf(
     EMAIL_INCLUDE_FINGERPRINTS = False,
     EMAIL_SMTP_HOST="127.0.0.1",
     EMAIL_SMTP_PORT=25,
+    EMAIL_GPG_SIGNING_ENABLED = False,
+    EMAIL_GPG_SIGNING_KEY = "bridgedb-gpg.sec",
 
     RESERVED_SHARE=2,
 
diff --git a/lib/bridgedb/Server.py b/lib/bridgedb/Server.py
index 8ce9ce2..5c4641c 100644
--- a/lib/bridgedb/Server.py
+++ b/lib/bridgedb/Server.py
@@ -6,7 +6,7 @@
 This module implements the web and email interfaces to the bridge database.
 """
 
-from cStringIO import StringIO
+from StringIO import StringIO
 import MimeWriter
 import rfc822
 import time
@@ -31,12 +31,15 @@ from random import randint
 from bridgedb.Raptcha import Raptcha
 import base64
 import textwrap
+
 from ipaddr import IPv4Address, IPv6Address
 from bridgedb.Dist import BadEmail, TooSoonEmail, IgnoreEmail
 
 from bridgedb.Filters import filterBridgesByIP6
 from bridgedb.Filters import filterBridgesByIP4
 from bridgedb.Filters import filterBridgesByTransport
+
+import gpgme
  
 try:
     import GeoIP
@@ -458,7 +461,8 @@ def getMailResponse(lines, ctx):
         # Compose a warning email
         # MAX_EMAIL_RATE is in seconds, convert to hours
         body  = buildSpamWarningTemplate(t) % (bridgedb.Dist.MAX_EMAIL_RATE / 3600)
-        return composeEmail(ctx.fromAddr, clientAddr, subject, body, msgID)
+        return composeEmail(ctx.fromAddr, clientAddr, subject, body, msgID,
+                gpgContext=ctx.gpgContext)
 
     except IgnoreEmail, e:
         logging.info("Got a mail too frequently; ignoring %r: %s.",
@@ -483,7 +487,8 @@ def getMailResponse(lines, ctx):
 
     body = buildMessageTemplate(t) % answer
     # Generate the message.
-    return composeEmail(ctx.fromAddr, clientAddr, subject, body, msgID)
+    return composeEmail(ctx.fromAddr, clientAddr, subject, body, msgID,
+            gpgContext=ctx.gpgContext)
 
 def buildMessageTemplate(t):
     msg_template =  t.gettext(I18n.BRIDGEDB_TEXT[5]) + "\n\n" \
@@ -575,6 +580,9 @@ class MailContext:
         # The number of bridges to send for each email.
         self.N = cfg.EMAIL_N_BRIDGES_PER_ANSWER
 
+        # Initialize a gpg context or set to None for backward compatibliity.
+        self.gpgContext = getGPGContext(cfg)
+
         self.cfg = cfg
 
 class MailMessage:
@@ -690,7 +698,9 @@ def getCCFromRequest(request):
         return path.lower()
     return None 
 
-def composeEmail(fromAddr, clientAddr, subject, body, msgID=False):
+def composeEmail(fromAddr, clientAddr, subject, body, msgID=False,
+        gpgContext=None):
+
     f = StringIO()
     w = MimeWriter.MimeWriter(f)
     w.addheader("From", fromAddr)
@@ -702,10 +712,65 @@ def composeEmail(fromAddr, clientAddr, subject, body, msgID=False):
         w.addheader("In-Reply-To", msgID)
     w.addheader("Date", twisted.mail.smtp.rfc822date())
     mailbody = w.startbody("text/plain")
-    mailbody.write(body)
 
-    f.seek(0)
-    logging.debug(f.readlines())
+    # gpg-clearsign messages
+    if gpgContext:
+        signature = StringIO()
+        plaintext = StringIO(body)
+        sigs = gpgContext.sign(plaintext, signature, gpgme.SIG_MODE_CLEAR)
+        if (len(sigs) != 1):
+            logging.warn('Failed to sign message!')
+        signature.seek(0)
+        [mailbody.write(l) for l in signature]
+    else:
+        mailbody.write(body)
+
     f.seek(0)
     logging.info("Email looks good; we should send an answer.")
     return clientAddr, f
+
+def getGPGContext(cfg):
+    """ Returns a gpgme Context() with the signers initialized by the keyfile 
+    specified by the option EMAIL_GPG_SIGNING_KEY in bridgedb.conf, or None
+    if the option was not enabled or unable to initialize.
+
+    The key should not be protected by a passphrase.
+    """
+    try:
+        # must have enabled signing and specified a key file
+        if not cfg.EMAIL_GPG_SIGNING_ENABLED or not cfg.EMAIL_GPG_SIGNING_KEY:
+            return None
+    except AttributeError:
+        return None
+
+    try:
+        # import the key
+        keyfile = open(cfg.EMAIL_GPG_SIGNING_KEY)
+        logging.debug("Opened GPG Keyfile %s" % cfg.EMAIL_GPG_SIGNING_KEY)
+        ctx = gpgme.Context()
+        result = ctx.import_(keyfile)
+
+        assert len(result.imports) == 1
+        fingerprint = result.imports[0][0]
+        keyfile.close()
+        logging.debug("GPG Key with fingerprint %s imported" % fingerprint)
+
+        ctx.armor = True
+        ctx.signers = [ctx.get_key(fingerprint)]
+        assert len(ctx.signers) == 1
+
+        # make sure we can sign
+        message = StringIO('Test')
+        signature = StringIO()
+        new_sigs = ctx.sign(message, signature, gpgme.SIG_MODE_CLEAR)
+        assert len(new_sigs) == 1
+
+        # return the ctx
+        return ctx
+
+    except IOError, e:
+        # exit noisily if keyfile not found
+        exit(e)
+    except AssertionError:
+        # exit noisily if key does not pass tests
+        exit('Invalid GPG Signing Key')





More information about the tor-commits mailing list