[bpt/emacs.git] / lisp / pgg-gpg.el

;;; pgg-gpg.el --- GnuPG support for PGG.

;; Copyright (C) 1999, 2000, 2002, 2003, 2004,
;;   2005, 2006, 2007, 2008 Free Software Foundation, Inc.

;; Author: Daiki Ueno <ueno@unixuser.org>
;; Symmetric encryption and gpg-agent support added by: 
;;   Sascha Wilde <wilde@sha-bang.de>
;; Created: 1999/10/28
;; Keywords: PGP, OpenPGP, GnuPG

;; This file is part of GNU Emacs.

;; GNU Emacs is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation; either version 3, or (at your option)
;; any later version.

;; GNU Emacs is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;; GNU General Public License for more details.

;; You should have received a copy of the GNU General Public License
;; along with GNU Emacs; see the file COPYING.  If not, write to the
;; Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
;; Boston, MA 02110-1301, USA.

;;; Code:

(eval-when-compile
  (require 'cl)				; for gpg macros
  (require 'pgg))

(defgroup pgg-gpg ()
  "GnuPG interface."
  :group 'pgg)

(defcustom pgg-gpg-program "gpg"
  "The GnuPG executable."
  :group 'pgg-gpg
  :type 'string)

(defcustom pgg-gpg-extra-args nil
  "Extra arguments for every GnuPG invocation."
  :group 'pgg-gpg
  :type '(repeat (string :tag "Argument")))

(defcustom pgg-gpg-recipient-argument "--recipient"
  "GnuPG option to specify recipient."
  :group 'pgg-gpg
  :type '(choice (const :tag "New `--recipient' option" "--recipient")
		 (const :tag "Old `--remote-user' option" "--remote-user")))

(defcustom pgg-gpg-use-agent t
  "Whether to use gnupg agent for key caching."
  :group 'pgg-gpg
  :type 'boolean)

(defvar pgg-gpg-user-id nil
  "GnuPG ID of your default identity.")

(defun pgg-gpg-process-region (start end passphrase program args)
  (let* ((use-agent (and (null passphrase) (pgg-gpg-use-agent-p)))
	 (output-file-name (pgg-make-temp-file "pgg-output"))
	 (args
	  `("--status-fd" "2"
	    ,@(if use-agent '("--use-agent")
		(if passphrase '("--passphrase-fd" "0")))
	    "--yes" ; overwrite
	    "--output" ,output-file-name
	    ,@pgg-gpg-extra-args ,@args))
	 (output-buffer pgg-output-buffer)
	 (errors-buffer pgg-errors-buffer)
	 (orig-mode (default-file-modes))
	 (process-connection-type nil)
	 (inhibit-redisplay t)
	 process status exit-status
	 passphrase-with-newline
	 encoded-passphrase-with-new-line)
    (with-current-buffer (get-buffer-create errors-buffer)
      (buffer-disable-undo)
      (erase-buffer))
    (unwind-protect
	(progn
	  (set-default-file-modes 448)
	  (let ((coding-system-for-write 'binary))
	    (setq process
		  (apply #'start-process "*GnuPG*" errors-buffer
			 program args)))
	  (set-process-sentinel process #'ignore)
	  (when passphrase
	    (setq passphrase-with-newline (concat passphrase "\n"))
	    (if pgg-passphrase-coding-system
		(progn
		  (setq encoded-passphrase-with-new-line
			(encode-coding-string
			 passphrase-with-newline
			 (coding-system-change-eol-conversion
			  pgg-passphrase-coding-system 'unix)))
		  (pgg-clear-string passphrase-with-newline))
	      (setq encoded-passphrase-with-new-line passphrase-with-newline
		    passphrase-with-newline nil))
	    (process-send-string process encoded-passphrase-with-new-line))
	  (process-send-region process start end)
	  (process-send-eof process)
	  (while (eq 'run (process-status process))
	    (accept-process-output process 5))
	  (setq status (process-status process)
		exit-status (process-exit-status process))
	  (delete-process process)
	  (with-current-buffer (get-buffer-create output-buffer)
	    (buffer-disable-undo)
	    (erase-buffer)
	    (if (file-exists-p output-file-name)
		(let ((coding-system-for-read (if pgg-text-mode
						  'raw-text
						'binary)))
		  (insert-file-contents output-file-name)))
	    (set-buffer errors-buffer)
	    (if (memq status '(stop signal))
		(error "%s exited abnormally: '%s'" program exit-status))
	    (if (= 127 exit-status)
		(error "%s could not be found" program))))
      (if passphrase-with-newline
	  (pgg-clear-string passphrase-with-newline))
      (if encoded-passphrase-with-new-line
	  (pgg-clear-string encoded-passphrase-with-new-line))
      (if (and process (eq 'run (process-status process)))
	  (interrupt-process process))
      (if (file-exists-p output-file-name)
	  (delete-file output-file-name))
      (set-default-file-modes orig-mode))))

(defun pgg-gpg-possibly-cache-passphrase (passphrase &optional key notruncate)
  (if (and passphrase
	   pgg-cache-passphrase
	   (progn
	     (goto-char (point-min))
	     (re-search-forward "^\\[GNUPG:] \\(GOOD_PASSPHRASE\\>\\)\\|\\(SIG_CREATED\\)" nil t)))
      (pgg-add-passphrase-to-cache
       (or key
	   (progn
	     (goto-char (point-min))
	     (if (re-search-forward
		  "^\\[GNUPG:] NEED_PASSPHRASE\\(_PIN\\)? \\w+ ?\\w*" nil t)
		 (substring (match-string 0) -8))))
       passphrase
       notruncate)))

(defvar pgg-gpg-all-secret-keys 'unknown)

(defun pgg-gpg-lookup-all-secret-keys ()
  "Return all secret keys present in secret key ring."
  (when (eq pgg-gpg-all-secret-keys 'unknown)
    (setq pgg-gpg-all-secret-keys '())
    (let ((args (list "--with-colons" "--no-greeting" "--batch"
		      "--list-secret-keys")))
      (with-temp-buffer
	(apply #'call-process pgg-gpg-program nil t nil args)
	(goto-char (point-min))
	(while (re-search-forward
		"^\\(sec\\|pub\\):[^:]*:[^:]*:[^:]*:\\([^:]*\\)" nil t)
	  (push (substring (match-string 2) 8)
		pgg-gpg-all-secret-keys)))))
  pgg-gpg-all-secret-keys)

(defun pgg-gpg-lookup-key (string &optional type)
  "Search keys associated with STRING."
  (let ((args (list "--with-colons" "--no-greeting" "--batch"
		    (if type "--list-secret-keys" "--list-keys")
		    string)))
    (with-temp-buffer
      (apply #'call-process pgg-gpg-program nil t nil args)
      (goto-char (point-min))
      (if (re-search-forward "^\\(sec\\|pub\\):[^:]*:[^:]*:[^:]*:\\([^:]*\\)"
			     nil t)
	  (substring (match-string 2) 8)))))

(defun pgg-gpg-lookup-key-owner (string &optional all)
  "Search keys associated with STRING and return owner of identified key.

The value may be just the bare key id, or it may be a combination of the
user name associated with the key and the key id, with the key id enclosed
in \"<...>\" angle brackets.

Optional ALL non-nil means search all keys, including secret keys."
  (let ((args (list "--with-colons" "--no-greeting" "--batch"
		    (if all "--list-secret-keys" "--list-keys")
		    string))
	(key-regexp (concat "^\\(sec\\|pub\\)"
			    ":[^:]*:[^:]*:[^:]*:\\([^:]*\\):[^:]*"
			    ":[^:]*:[^:]*:[^:]*:\\([^:]*\\):")))
    (with-temp-buffer
      (apply #'call-process pgg-gpg-program nil t nil args)
      (goto-char (point-min))
      (if (re-search-forward key-regexp
			     nil t)
	  (match-string 3)))))

(defun pgg-gpg-key-id-from-key-owner (key-owner)
  (cond ((not key-owner) nil)
	;; Extract bare key id from outermost paired angle brackets, if any:
	((string-match "[^<]*<\\(.+\\)>[^>]*" key-owner)
	 (substring key-owner (match-beginning 1)(match-end 1)))
	(key-owner)))

(defun pgg-gpg-encrypt-region (start end recipients &optional sign passphrase)
  "Encrypt the current region between START and END.

If optional argument SIGN is non-nil, do a combined sign and encrypt.

If optional PASSPHRASE is not specified, it will be obtained from the
passphrase cache or user."
  (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
	 (passphrase (or passphrase
			 (when (and sign (not (pgg-gpg-use-agent-p)))
			   (pgg-read-passphrase
			    (format "GnuPG passphrase for %s: "
				    pgg-gpg-user-id)
			    pgg-gpg-user-id))))
	 (args
	  (append
	   (list "--batch" "--armor" "--always-trust" "--encrypt")
	   (if pgg-text-mode (list "--textmode"))
	   (if sign (list "--sign" "--local-user" pgg-gpg-user-id))
	   (if (or recipients pgg-encrypt-for-me)
	       (apply #'nconc
		      (mapcar (lambda (rcpt)
				(list pgg-gpg-recipient-argument rcpt))
			      (append recipients
				      (if pgg-encrypt-for-me
					  (list pgg-gpg-user-id)))))))))
    (pgg-gpg-process-region start end passphrase pgg-gpg-program args)
    (when sign
      (with-current-buffer pgg-errors-buffer
	;; Possibly cache passphrase under, e.g. "jas", for future sign.
	(pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)
	;; Possibly cache passphrase under, e.g. B565716F, for future decrypt.
	(pgg-gpg-possibly-cache-passphrase passphrase)))
    (pgg-process-when-success)))

(defun pgg-gpg-encrypt-symmetric-region (start end &optional passphrase)
  "Encrypt the current region between START and END with symmetric cipher.

If optional PASSPHRASE is not specified, it will be obtained from the
passphrase cache or user."
  (let* ((passphrase (or passphrase
			 (when (not (pgg-gpg-use-agent-p))
			   (pgg-read-passphrase
			    "GnuPG passphrase for symmetric encryption: "))))
	 (args
	  (append (list "--batch" "--armor" "--symmetric" )
		  (if pgg-text-mode (list "--textmode")))))
    (pgg-gpg-process-region start end passphrase pgg-gpg-program args)
    (pgg-process-when-success)))

(defun pgg-gpg-decrypt-region (start end &optional passphrase)
  "Decrypt the current region between START and END.

If optional PASSPHRASE is not specified, it will be obtained from the
passphrase cache or user."
  (let* ((current-buffer (current-buffer))
	 (message-keys (with-temp-buffer
			 (insert-buffer-substring current-buffer)
			 (pgg-decode-armor-region (point-min) (point-max))))
	 (secret-keys (pgg-gpg-lookup-all-secret-keys))
	 ;; XXX the user is stuck if they need to use the passphrase for
	 ;;     any but the first secret key for which the message is
	 ;;     encrypted.  ideally, we would incrementally give them a
	 ;;     chance with subsequent keys each time they fail with one.
	 (key (pgg-gpg-select-matching-key message-keys secret-keys))
	 (key-owner (and key (pgg-gpg-lookup-key-owner key t)))
	 (key-id (pgg-gpg-key-id-from-key-owner key-owner))
	 (pgg-gpg-user-id (or key-id key
			      pgg-gpg-user-id pgg-default-user-id))
	 (passphrase (or passphrase
			 (when (not (pgg-gpg-use-agent-p))
			   (pgg-read-passphrase
			    (format (if (pgg-gpg-symmetric-key-p message-keys)
					"Passphrase for symmetric decryption: "
				      "GnuPG passphrase for %s: ")
				    (or key-owner "??"))
			    pgg-gpg-user-id))))
	 (args '("--batch" "--decrypt")))
    (pgg-gpg-process-region start end passphrase pgg-gpg-program args)
    (with-current-buffer pgg-errors-buffer
      (pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)
      (goto-char (point-min))
      (re-search-forward "^\\[GNUPG:] DECRYPTION_OKAY\\>" nil t))))

;;;###autoload
(defun pgg-gpg-symmetric-key-p (message-keys)
  "True if decoded armor MESSAGE-KEYS has symmetric encryption indicator."
  (let (result)
    (dolist (key message-keys result)
      (when (and (eq (car key) 3)
		 (member '(symmetric-key-algorithm) key))
	(setq result key)))))

(defun pgg-gpg-select-matching-key (message-keys secret-keys)
  "Choose a key from MESSAGE-KEYS that matches one of the keys in SECRET-KEYS."
  (loop for message-key in message-keys
	for message-key-id = (and (equal (car message-key) 1)
				  (cdr (assq 'key-identifier
					     (cdr message-key))))
	for key = (and message-key-id (pgg-lookup-key message-key-id 'encrypt))
	when (and key (member key secret-keys)) return key))

(defun pgg-gpg-sign-region (start end &optional cleartext passphrase)
  "Make detached signature from text between START and END."
  (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
	 (passphrase (or passphrase
			 (when (not (pgg-gpg-use-agent-p))
			   (pgg-read-passphrase
			    (format "GnuPG passphrase for %s: "
				    pgg-gpg-user-id)
			    pgg-gpg-user-id))))
	 (args
	  (append (list (if cleartext "--clearsign" "--detach-sign")
			"--armor" "--batch" "--verbose"
			"--local-user" pgg-gpg-user-id)
		  (if pgg-text-mode (list "--textmode"))))
	 (inhibit-read-only t)
	 buffer-read-only)
    (pgg-gpg-process-region start end passphrase pgg-gpg-program args)
    (with-current-buffer pgg-errors-buffer
      ;; Possibly cache passphrase under, e.g. "jas", for future sign.
      (pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)
      ;; Possibly cache passphrase under, e.g. B565716F, for future decrypt.
      (pgg-gpg-possibly-cache-passphrase passphrase))
    (pgg-process-when-success)))

(defun pgg-gpg-verify-region (start end &optional signature)
  "Verify region between START and END as the detached signature SIGNATURE."
  (let ((args '("--batch" "--verify")))
    (when (stringp signature)
      (setq args (append args (list signature))))
    (setq args (append args '("-")))
    (pgg-gpg-process-region start end nil pgg-gpg-program args)
    (with-current-buffer pgg-errors-buffer
      (goto-char (point-min))
      (while (re-search-forward "^gpg: \\(.*\\)\n" nil t)
	(with-current-buffer pgg-output-buffer
	  (insert-buffer-substring pgg-errors-buffer
				   (match-beginning 1) (match-end 0)))
	(delete-region (match-beginning 0) (match-end 0)))
      (goto-char (point-min))
      (re-search-forward "^\\[GNUPG:] GOODSIG\\>" nil t))))

(defun pgg-gpg-insert-key ()
  "Insert public key at point."
  (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
	 (args (list "--batch" "--export" "--armor"
		     pgg-gpg-user-id)))
    (pgg-gpg-process-region (point)(point) nil pgg-gpg-program args)
    (insert-buffer-substring pgg-output-buffer)))

(defun pgg-gpg-snarf-keys-region (start end)
  "Add all public keys in region between START and END to the keyring."
  (let ((args '("--import" "--batch" "-")) status)
    (pgg-gpg-process-region start end nil pgg-gpg-program args)
    (set-buffer pgg-errors-buffer)
    (goto-char (point-min))
    (when (re-search-forward "^\\[GNUPG:] IMPORT_RES\\>" nil t)
      (setq status (buffer-substring (match-end 0)
				     (progn (end-of-line)(point)))
	    status (vconcat (mapcar #'string-to-number (split-string status))))
      (erase-buffer)
      (insert (format "Imported %d key(s).
\tArmor contains %d key(s) [%d bad, %d old].\n"
		      (+ (aref status 2)
			 (aref status 10))
		      (aref status 0)
		      (aref status 1)
		      (+ (aref status 4)
			 (aref status 11)))
	      (if (zerop (aref status 9))
		  ""
		"\tSecret keys are imported.\n")))
    (append-to-buffer pgg-output-buffer (point-min)(point-max))
    (pgg-process-when-success)))

(defun pgg-gpg-update-agent ()
  "Try to connet to gpg-agent and send UPDATESTARTUPTTY."
  (if (fboundp 'make-network-process)
      (let* ((agent-info (getenv "GPG_AGENT_INFO"))
	     (socket (and agent-info
			  (string-match "^\\([^:]*\\)" agent-info)
			  (match-string 1 agent-info)))
	     (conn (and socket
			(make-network-process :name "gpg-agent-process"
					      :host 'local :family 'local
					      :service socket))))
	(when (and conn (eq (process-status conn) 'open))
	  (process-send-string conn "UPDATESTARTUPTTY\n")
	  (delete-process conn)
	  t))
    ;; We can't check, so assume gpg-agent is up.
    t))

(defun pgg-gpg-use-agent-p ()
  "Return t if `pgg-gpg-use-agent' is t and gpg-agent is available."
  (and pgg-gpg-use-agent (pgg-gpg-update-agent)))

(provide 'pgg-gpg)

;; arch-tag: 2aa5d5d8-93a0-4865-9312-33e29830e000
;;; pgg-gpg.el ends here
Commit	Line	Data
23f87bed MB	1	;;; pgg-gpg.el --- GnuPG support for PGG.
23f87bed MB	2
e84b4b86	3	;; Copyright (C) 1999, 2000, 2002, 2003, 2004,
409cc4a3	4	;; 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
23f87bed MB	5
23f87bed MB	6	;; Author: Daiki Ueno <ueno@unixuser.org>
60c6189d RS	7	;; Symmetric encryption and gpg-agent support added by:
60c6189d RS	8	;; Sascha Wilde <wilde@sha-bang.de>
23f87bed MB	9	;; Created: 1999/10/28
	10	;; Keywords: PGP, OpenPGP, GnuPG
	11
	12	;; This file is part of GNU Emacs.
	13
	14	;; GNU Emacs is free software; you can redistribute it and/or modify
	15	;; it under the terms of the GNU General Public License as published by
b4aa6026	16	;; the Free Software Foundation; either version 3, or (at your option)
23f87bed MB	17	;; any later version.
	18
	19	;; GNU Emacs is distributed in the hope that it will be useful,
	20	;; but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	;; GNU General Public License for more details.
	23
	24	;; You should have received a copy of the GNU General Public License
	25	;; along with GNU Emacs; see the file COPYING. If not, write to the
3a35cf56 LK	26	;; Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
3a35cf56 LK	27	;; Boston, MA 02110-1301, USA.
23f87bed MB	28
	29	;;; Code:
	30
	31	(eval-when-compile
30ceaa68	32	(require 'cl) ; for gpg macros
23f87bed MB	33	(require 'pgg))
	34
	35	(defgroup pgg-gpg ()
4a836a63	36	"GnuPG interface."
23f87bed MB	37	:group 'pgg)
	38
	39	(defcustom pgg-gpg-program "gpg"
	40	"The GnuPG executable."
	41	:group 'pgg-gpg
	42	:type 'string)
	43
	44	(defcustom pgg-gpg-extra-args nil
	45	"Extra arguments for every GnuPG invocation."
	46	:group 'pgg-gpg
	47	:type '(repeat (string :tag "Argument")))
	48
	49	(defcustom pgg-gpg-recipient-argument "--recipient"
	50	"GnuPG option to specify recipient."
	51	:group 'pgg-gpg
	52	:type '(choice (const :tag "New `--recipient' option" "--recipient")
	53	(const :tag "Old `--remote-user' option" "--remote-user")))
	54
2016560b	55	(defcustom pgg-gpg-use-agent t
60c6189d RS	56	"Whether to use gnupg agent for key caching."
	57	:group 'pgg-gpg
	58	:type 'boolean)
	59
23f87bed MB	60	(defvar pgg-gpg-user-id nil
	61	"GnuPG ID of your default identity.")
	62
30ceaa68	63	(defun pgg-gpg-process-region (start end passphrase program args)
4ebb03e6	64	(let* ((use-agent (and (null passphrase) (pgg-gpg-use-agent-p)))
60c6189d	65	(output-file-name (pgg-make-temp-file "pgg-output"))
23f87bed	66	(args
30ceaa68	67	`("--status-fd" "2"
60c6189d RS	68	,@(if use-agent '("--use-agent")
60c6189d RS	69	(if passphrase '("--passphrase-fd" "0")))
30ceaa68 RF	70	"--yes" ; overwrite
	71	"--output" ,output-file-name
	72	,@pgg-gpg-extra-args ,@args))
	73	(output-buffer pgg-output-buffer)
	74	(errors-buffer pgg-errors-buffer)
276e2740	75	(orig-mode (default-file-modes))
30ceaa68	76	(process-connection-type nil)
8fbdffe5 MB	77	(inhibit-redisplay t)
	78	process status exit-status
	79	passphrase-with-newline
	80	encoded-passphrase-with-new-line)
30ceaa68 RF	81	(with-current-buffer (get-buffer-create errors-buffer)
	82	(buffer-disable-undo)
	83	(erase-buffer))
23f87bed MB	84	(unwind-protect
	85	(progn
	86	(set-default-file-modes 448)
d7093904 MB	87	(let ((coding-system-for-write 'binary))
	88	(setq process
	89	(apply #'start-process "GnuPG" errors-buffer
	90	program args)))
	91	(set-process-sentinel process #'ignore)
	92	(when passphrase
8fbdffe5	93	(setq passphrase-with-newline (concat passphrase "\n"))
31a7c2ff	94	(if pgg-passphrase-coding-system
8fbdffe5 MB	95	(progn
8fbdffe5 MB	96	(setq encoded-passphrase-with-new-line
11e95b02 MB	97	(encode-coding-string
	98	passphrase-with-newline
	99	(coding-system-change-eol-conversion
	100	pgg-passphrase-coding-system 'unix)))
8fbdffe5 MB	101	(pgg-clear-string passphrase-with-newline))
	102	(setq encoded-passphrase-with-new-line passphrase-with-newline
	103	passphrase-with-newline nil))
	104	(process-send-string process encoded-passphrase-with-new-line))
d7093904 MB	105	(process-send-region process start end)
	106	(process-send-eof process)
	107	(while (eq 'run (process-status process))
	108	(accept-process-output process 5))
	109	(setq status (process-status process)
	110	exit-status (process-exit-status process))
	111	(delete-process process)
30ceaa68 RF	112	(with-current-buffer (get-buffer-create output-buffer)
	113	(buffer-disable-undo)
	114	(erase-buffer)
	115	(if (file-exists-p output-file-name)
bd707233 SJ	116	(let ((coding-system-for-read (if pgg-text-mode
	117	'raw-text
	118	'binary)))
30ceaa68 RF	119	(insert-file-contents output-file-name)))
30ceaa68 RF	120	(set-buffer errors-buffer)
d7093904 MB	121	(if (memq status '(stop signal))
	122	(error "%s exited abnormally: '%s'" program exit-status))
	123	(if (= 127 exit-status)
	124	(error "%s could not be found" program))))
8fbdffe5 MB	125	(if passphrase-with-newline
	126	(pgg-clear-string passphrase-with-newline))
	127	(if encoded-passphrase-with-new-line
	128	(pgg-clear-string encoded-passphrase-with-new-line))
d7093904 MB	129	(if (and process (eq 'run (process-status process)))
d7093904 MB	130	(interrupt-process process))
30ceaa68 RF	131	(if (file-exists-p output-file-name)
	132	(delete-file output-file-name))
	133	(set-default-file-modes orig-mode))))
	134
	135	(defun pgg-gpg-possibly-cache-passphrase (passphrase &optional key notruncate)
60c6189d RS	136	(if (and passphrase
60c6189d RS	137	pgg-cache-passphrase
30ceaa68 RF	138	(progn
	139	(goto-char (point-min))
	140	(re-search-forward "^\\[GNUPG:] \\(GOOD_PASSPHRASE\\>\\)\\\|\\(SIG_CREATED\\)" nil t)))
	141	(pgg-add-passphrase-to-cache
	142	(or key
	143	(progn
	144	(goto-char (point-min))
	145	(if (re-search-forward
	146	"^\\[GNUPG:] NEED_PASSPHRASE\\(_PIN\\)? \\w+ ?\\w*" nil t)
	147	(substring (match-string 0) -8))))
	148	passphrase
	149	notruncate)))
	150
	151	(defvar pgg-gpg-all-secret-keys 'unknown)
	152
	153	(defun pgg-gpg-lookup-all-secret-keys ()
	154	"Return all secret keys present in secret key ring."
	155	(when (eq pgg-gpg-all-secret-keys 'unknown)
	156	(setq pgg-gpg-all-secret-keys '())
	157	(let ((args (list "--with-colons" "--no-greeting" "--batch"
	158	"--list-secret-keys")))
	159	(with-temp-buffer
	160	(apply #'call-process pgg-gpg-program nil t nil args)
	161	(goto-char (point-min))
	162	(while (re-search-forward
	163	"^\\(sec\\\|pub\\):[^:]:[^:]:[^:]:\\([^:]\\)" nil t)
	164	(push (substring (match-string 2) 8)
	165	pgg-gpg-all-secret-keys)))))
	166	pgg-gpg-all-secret-keys)
23f87bed MB	167
	168	(defun pgg-gpg-lookup-key (string &optional type)
	169	"Search keys associated with STRING."
	170	(let ((args (list "--with-colons" "--no-greeting" "--batch"
	171	(if type "--list-secret-keys" "--list-keys")
	172	string)))
	173	(with-temp-buffer
	174	(apply #'call-process pgg-gpg-program nil t nil args)
	175	(goto-char (point-min))
	176	(if (re-search-forward "^\\(sec\\\|pub\\):[^:]:[^:]:[^:]:\\([^:]\\)"
	177	nil t)
	178	(substring (match-string 2) 8)))))
	179
30ceaa68 RF	180	(defun pgg-gpg-lookup-key-owner (string &optional all)
	181	"Search keys associated with STRING and return owner of identified key.
	182
	183	The value may be just the bare key id, or it may be a combination of the
	184	user name associated with the key and the key id, with the key id enclosed
	185	in \"<...>\" angle brackets.
	186
	187	Optional ALL non-nil means search all keys, including secret keys."
	188	(let ((args (list "--with-colons" "--no-greeting" "--batch"
	189	(if all "--list-secret-keys" "--list-keys")
	190	string))
	191	(key-regexp (concat "^\\(sec\\\|pub\\)"
	192	":[^:]:[^:]:[^:]:\\([^:]\\):[^:]*"
	193	":[^:]:[^:]:[^:]:\\([^:]\\):")))
	194	(with-temp-buffer
	195	(apply #'call-process pgg-gpg-program nil t nil args)
	196	(goto-char (point-min))
	197	(if (re-search-forward key-regexp
	198	nil t)
	199	(match-string 3)))))
	200
	201	(defun pgg-gpg-key-id-from-key-owner (key-owner)
	202	(cond ((not key-owner) nil)
	203	;; Extract bare key id from outermost paired angle brackets, if any:
	204	((string-match "[^<]<\\(.+\\)>[^>]" key-owner)
	205	(substring key-owner (match-beginning 1)(match-end 1)))
	206	(key-owner)))
	207
df570e6f	208	(defun pgg-gpg-encrypt-region (start end recipients &optional sign passphrase)
23f87bed	209	"Encrypt the current region between START and END.
df570e6f	210
30ceaa68 RF	211	If optional argument SIGN is non-nil, do a combined sign and encrypt.
	212
	213	If optional PASSPHRASE is not specified, it will be obtained from the
	214	passphrase cache or user."
23f87bed	215	(let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
30ceaa68	216	(passphrase (or passphrase
60c6189d	217	(when (and sign (not (pgg-gpg-use-agent-p)))
30ceaa68 RF	218	(pgg-read-passphrase
	219	(format "GnuPG passphrase for %s: "
	220	pgg-gpg-user-id)
	221	pgg-gpg-user-id))))
23f87bed MB	222	(args
23f87bed MB	223	(append
30ceaa68 RF	224	(list "--batch" "--armor" "--always-trust" "--encrypt")
30ceaa68 RF	225	(if pgg-text-mode (list "--textmode"))
23f87bed	226	(if sign (list "--sign" "--local-user" pgg-gpg-user-id))
bb4c0f16	227	(if (or recipients pgg-encrypt-for-me)
23f87bed MB	228	(apply #'nconc
	229	(mapcar (lambda (rcpt)
	230	(list pgg-gpg-recipient-argument rcpt))
	231	(append recipients
	232	(if pgg-encrypt-for-me
30ceaa68 RF	233	(list pgg-gpg-user-id)))))))))
	234	(pgg-gpg-process-region start end passphrase pgg-gpg-program args)
	235	(when sign
	236	(with-current-buffer pgg-errors-buffer
	237	;; Possibly cache passphrase under, e.g. "jas", for future sign.
	238	(pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)
	239	;; Possibly cache passphrase under, e.g. B565716F, for future decrypt.
	240	(pgg-gpg-possibly-cache-passphrase passphrase)))
	241	(pgg-process-when-success)))
23f87bed	242
df570e6f	243	(defun pgg-gpg-encrypt-symmetric-region (start end &optional passphrase)
30ceaa68 RF	244	"Encrypt the current region between START and END with symmetric cipher.
	245
	246	If optional PASSPHRASE is not specified, it will be obtained from the
	247	passphrase cache or user."
	248	(let* ((passphrase (or passphrase
60c6189d RS	249	(when (not (pgg-gpg-use-agent-p))
	250	(pgg-read-passphrase
	251	"GnuPG passphrase for symmetric encryption: "))))
30ceaa68 RF	252	(args
	253	(append (list "--batch" "--armor" "--symmetric" )
	254	(if pgg-text-mode (list "--textmode")))))
	255	(pgg-gpg-process-region start end passphrase pgg-gpg-program args)
	256	(pgg-process-when-success)))
df570e6f EZ	257
df570e6f EZ	258	(defun pgg-gpg-decrypt-region (start end &optional passphrase)
30ceaa68 RF	259	"Decrypt the current region between START and END.
	260
	261	If optional PASSPHRASE is not specified, it will be obtained from the
	262	passphrase cache or user."
	263	(let* ((current-buffer (current-buffer))
	264	(message-keys (with-temp-buffer
	265	(insert-buffer-substring current-buffer)
	266	(pgg-decode-armor-region (point-min) (point-max))))
	267	(secret-keys (pgg-gpg-lookup-all-secret-keys))
	268	;; XXX the user is stuck if they need to use the passphrase for
	269	;; any but the first secret key for which the message is
	270	;; encrypted. ideally, we would incrementally give them a
	271	;; chance with subsequent keys each time they fail with one.
	272	(key (pgg-gpg-select-matching-key message-keys secret-keys))
	273	(key-owner (and key (pgg-gpg-lookup-key-owner key t)))
	274	(key-id (pgg-gpg-key-id-from-key-owner key-owner))
	275	(pgg-gpg-user-id (or key-id key
	276	pgg-gpg-user-id pgg-default-user-id))
	277	(passphrase (or passphrase
60c6189d RS	278	(when (not (pgg-gpg-use-agent-p))
	279	(pgg-read-passphrase
	280	(format (if (pgg-gpg-symmetric-key-p message-keys)
	281	"Passphrase for symmetric decryption: "
	282	"GnuPG passphrase for %s: ")
	283	(or key-owner "??"))
	284	pgg-gpg-user-id))))
30ceaa68 RF	285	(args '("--batch" "--decrypt")))
	286	(pgg-gpg-process-region start end passphrase pgg-gpg-program args)
	287	(with-current-buffer pgg-errors-buffer
	288	(pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)
	289	(goto-char (point-min))
	290	(re-search-forward "^\\[GNUPG:] DECRYPTION_OKAY\\>" nil t))))
	291
	292	;;;###autoload
	293	(defun pgg-gpg-symmetric-key-p (message-keys)
	294	"True if decoded armor MESSAGE-KEYS has symmetric encryption indicator."
	295	(let (result)
	296	(dolist (key message-keys result)
	297	(when (and (eq (car key) 3)
	298	(member '(symmetric-key-algorithm) key))
	299	(setq result key)))))
	300
	301	(defun pgg-gpg-select-matching-key (message-keys secret-keys)
	302	"Choose a key from MESSAGE-KEYS that matches one of the keys in SECRET-KEYS."
	303	(loop for message-key in message-keys
	304	for message-key-id = (and (equal (car message-key) 1)
	305	(cdr (assq 'key-identifier
	306	(cdr message-key))))
	307	for key = (and message-key-id (pgg-lookup-key message-key-id 'encrypt))
	308	when (and key (member key secret-keys)) return key))
23f87bed	309
df570e6f	310	(defun pgg-gpg-sign-region (start end &optional cleartext passphrase)
23f87bed MB	311	"Make detached signature from text between START and END."
23f87bed MB	312	(let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
30ceaa68	313	(passphrase (or passphrase
60c6189d RS	314	(when (not (pgg-gpg-use-agent-p))
	315	(pgg-read-passphrase
	316	(format "GnuPG passphrase for %s: "
	317	pgg-gpg-user-id)
	318	pgg-gpg-user-id))))
23f87bed	319	(args
34128042	320	(append (list (if cleartext "--clearsign" "--detach-sign")
30ceaa68	321	"--armor" "--batch" "--verbose"
34128042	322	"--local-user" pgg-gpg-user-id)
30ceaa68 RF	323	(if pgg-text-mode (list "--textmode"))))
	324	(inhibit-read-only t)
	325	buffer-read-only)
	326	(pgg-gpg-process-region start end passphrase pgg-gpg-program args)
	327	(with-current-buffer pgg-errors-buffer
	328	;; Possibly cache passphrase under, e.g. "jas", for future sign.
	329	(pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)
	330	;; Possibly cache passphrase under, e.g. B565716F, for future decrypt.
	331	(pgg-gpg-possibly-cache-passphrase passphrase))
	332	(pgg-process-when-success)))
23f87bed MB	333
	334	(defun pgg-gpg-verify-region (start end &optional signature)
	335	"Verify region between START and END as the detached signature SIGNATURE."
30ceaa68	336	(let ((args '("--batch" "--verify")))
23f87bed MB	337	(when (stringp signature)
23f87bed MB	338	(setq args (append args (list signature))))
30ceaa68 RF	339	(setq args (append args '("-")))
	340	(pgg-gpg-process-region start end nil pgg-gpg-program args)
	341	(with-current-buffer pgg-errors-buffer
	342	(goto-char (point-min))
	343	(while (re-search-forward "^gpg: \\(.*\\)\n" nil t)
	344	(with-current-buffer pgg-output-buffer
	345	(insert-buffer-substring pgg-errors-buffer
	346	(match-beginning 1) (match-end 0)))
	347	(delete-region (match-beginning 0) (match-end 0)))
	348	(goto-char (point-min))
	349	(re-search-forward "^\\[GNUPG:] GOODSIG\\>" nil t))))
23f87bed MB	350
	351	(defun pgg-gpg-insert-key ()
	352	"Insert public key at point."
	353	(let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
30ceaa68 RF	354	(args (list "--batch" "--export" "--armor"
	355	pgg-gpg-user-id)))
	356	(pgg-gpg-process-region (point)(point) nil pgg-gpg-program args)
23f87bed MB	357	(insert-buffer-substring pgg-output-buffer)))
	358
	359	(defun pgg-gpg-snarf-keys-region (start end)
	360	"Add all public keys in region between START and END to the keyring."
30ceaa68 RF	361	(let ((args '("--import" "--batch" "-")) status)
	362	(pgg-gpg-process-region start end nil pgg-gpg-program args)
	363	(set-buffer pgg-errors-buffer)
	364	(goto-char (point-min))
	365	(when (re-search-forward "^\\[GNUPG:] IMPORT_RES\\>" nil t)
	366	(setq status (buffer-substring (match-end 0)
	367	(progn (end-of-line)(point)))
	368	status (vconcat (mapcar #'string-to-number (split-string status))))
	369	(erase-buffer)
	370	(insert (format "Imported %d key(s).
	371	\tArmor contains %d key(s) [%d bad, %d old].\n"
	372	(+ (aref status 2)
	373	(aref status 10))
	374	(aref status 0)
	375	(aref status 1)
	376	(+ (aref status 4)
	377	(aref status 11)))
	378	(if (zerop (aref status 9))
	379	""
	380	"\tSecret keys are imported.\n")))
	381	(append-to-buffer pgg-output-buffer (point-min)(point-max))
	382	(pgg-process-when-success)))
4803386d	383
60c6189d RS	384	(defun pgg-gpg-update-agent ()
	385	"Try to connet to gpg-agent and send UPDATESTARTUPTTY."
	386	(if (fboundp 'make-network-process)
	387	(let* ((agent-info (getenv "GPG_AGENT_INFO"))
	388	(socket (and agent-info
	389	(string-match "^\\([^:]*\\)" agent-info)
	390	(match-string 1 agent-info)))
	391	(conn (and socket
	392	(make-network-process :name "gpg-agent-process"
	393	:host 'local :family 'local
	394	:service socket))))
	395	(when (and conn (eq (process-status conn) 'open))
	396	(process-send-string conn "UPDATESTARTUPTTY\n")
	397	(delete-process conn)
	398	t))
	399	;; We can't check, so assume gpg-agent is up.
	400	t))
	401
	402	(defun pgg-gpg-use-agent-p ()
	403	"Return t if `pgg-gpg-use-agent' is t and gpg-agent is available."
	404	(and pgg-gpg-use-agent (pgg-gpg-update-agent)))
	405
23f87bed MB	406	(provide 'pgg-gpg)
23f87bed MB	407
cbee283d	408	;; arch-tag: 2aa5d5d8-93a0-4865-9312-33e29830e000
23f87bed	409	;;; pgg-gpg.el ends here