[bpt/emacs.git] / lisp / pgg-gpg.el

;;; pgg-gpg.el --- GnuPG support for PGG.

;; Copyright (C) 1999, 2000, 2002, 2003, 2004,
;;   2005, 2006 Free Software Foundation, Inc.

;; Author: Daiki Ueno <ueno@unixuser.org>
;; Symmetric encryption and gpg-agent support added by: 
;;   Sascha Wilde <wilde@sha-bang.de>
;; Created: 1999/10/28
;; Keywords: PGP, OpenPGP, GnuPG

;; This file is part of GNU Emacs.

;; GNU Emacs is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation; either version 2, or (at your option)
;; any later version.

;; GNU Emacs is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;; GNU General Public License for more details.

;; You should have received a copy of the GNU General Public License
;; along with GNU Emacs; see the file COPYING.  If not, write to the
;; Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
;; Boston, MA 02110-1301, USA.

;;; Code:

(eval-when-compile
  (require 'cl)				; for gpg macros
  (require 'pgg))

(defgroup pgg-gpg ()
  "GnuPG interface."
  :group 'pgg)

(defcustom pgg-gpg-program "gpg"
  "The GnuPG executable."
  :group 'pgg-gpg
  :type 'string)

(defcustom pgg-gpg-extra-args nil
  "Extra arguments for every GnuPG invocation."
  :group 'pgg-gpg
  :type '(repeat (string :tag "Argument")))

(defcustom pgg-gpg-recipient-argument "--recipient"
  "GnuPG option to specify recipient."
  :group 'pgg-gpg
  :type '(choice (const :tag "New `--recipient' option" "--recipient")
		 (const :tag "Old `--remote-user' option" "--remote-user")))

(defcustom pgg-gpg-use-agent nil
  "Whether to use gnupg agent for key caching."
  :group 'pgg-gpg
  :type 'boolean)

(defvar pgg-gpg-user-id nil
  "GnuPG ID of your default identity.")

(defun pgg-gpg-process-region (start end passphrase program args)
  (let* ((use-agent (pgg-gpg-use-agent-p)) 
	 (output-file-name (pgg-make-temp-file "pgg-output"))
	 (args
	  `("--status-fd" "2"
	    ,@(if use-agent '("--use-agent")
		(if passphrase '("--passphrase-fd" "0")))
	    "--yes" ; overwrite
	    "--output" ,output-file-name
	    ,@pgg-gpg-extra-args ,@args))
	 (output-buffer pgg-output-buffer)
	 (errors-buffer pgg-errors-buffer)
	 (orig-mode (default-file-modes))
	 (process-connection-type nil)
	 exit-status)
    (with-current-buffer (get-buffer-create errors-buffer)
      (buffer-disable-undo)
      (erase-buffer))
    (unwind-protect
	(progn
	  (set-default-file-modes 448)
	  (let ((coding-system-for-write 'binary)
		(input (buffer-substring-no-properties start end))
		(default-enable-multibyte-characters nil))
	    (with-temp-buffer
	      (when passphrase
		(insert passphrase "\n"))
	      (insert input)
	      (setq exit-status
		    (apply #'call-process-region (point-min) (point-max) program
			   nil errors-buffer nil args))))
	  (with-current-buffer (get-buffer-create output-buffer)
	    (buffer-disable-undo)
	    (erase-buffer)
	    (if (file-exists-p output-file-name)
		(let ((coding-system-for-read (if pgg-text-mode
						  'raw-text
						'binary)))
		  (insert-file-contents output-file-name)))
	    (set-buffer errors-buffer)
	    (if (not (equal exit-status 0))
		(insert (format "\n%s exited abnormally: '%s'\n"
				program exit-status)))))
      (if (file-exists-p output-file-name)
	  (delete-file output-file-name))
      (set-default-file-modes orig-mode))))

(defun pgg-gpg-possibly-cache-passphrase (passphrase &optional key notruncate)
  (if (and passphrase
	   pgg-cache-passphrase
	   (progn
	     (goto-char (point-min))
	     (re-search-forward "^\\[GNUPG:] \\(GOOD_PASSPHRASE\\>\\)\\|\\(SIG_CREATED\\)" nil t)))
      (pgg-add-passphrase-to-cache
       (or key
	   (progn
	     (goto-char (point-min))
	     (if (re-search-forward
		  "^\\[GNUPG:] NEED_PASSPHRASE\\(_PIN\\)? \\w+ ?\\w*" nil t)
		 (substring (match-string 0) -8))))
       passphrase
       notruncate)))

(defvar pgg-gpg-all-secret-keys 'unknown)

(defun pgg-gpg-lookup-all-secret-keys ()
  "Return all secret keys present in secret key ring."
  (when (eq pgg-gpg-all-secret-keys 'unknown)
    (setq pgg-gpg-all-secret-keys '())
    (let ((args (list "--with-colons" "--no-greeting" "--batch"
		      "--list-secret-keys")))
      (with-temp-buffer
	(apply #'call-process pgg-gpg-program nil t nil args)
	(goto-char (point-min))
	(while (re-search-forward
		"^\\(sec\\|pub\\):[^:]*:[^:]*:[^:]*:\\([^:]*\\)" nil t)
	  (push (substring (match-string 2) 8)
		pgg-gpg-all-secret-keys)))))
  pgg-gpg-all-secret-keys)

(defun pgg-gpg-lookup-key (string &optional type)
  "Search keys associated with STRING."
  (let ((args (list "--with-colons" "--no-greeting" "--batch"
		    (if type "--list-secret-keys" "--list-keys")
		    string)))
    (with-temp-buffer
      (apply #'call-process pgg-gpg-program nil t nil args)
      (goto-char (point-min))
      (if (re-search-forward "^\\(sec\\|pub\\):[^:]*:[^:]*:[^:]*:\\([^:]*\\)"
			     nil t)
	  (substring (match-string 2) 8)))))

(defun pgg-gpg-lookup-key-owner (string &optional all)
  "Search keys associated with STRING and return owner of identified key.

The value may be just the bare key id, or it may be a combination of the
user name associated with the key and the key id, with the key id enclosed
in \"<...>\" angle brackets.

Optional ALL non-nil means search all keys, including secret keys."
  (let ((args (list "--with-colons" "--no-greeting" "--batch"
		    (if all "--list-secret-keys" "--list-keys")
		    string))
	(key-regexp (concat "^\\(sec\\|pub\\)"
			    ":[^:]*:[^:]*:[^:]*:\\([^:]*\\):[^:]*"
			    ":[^:]*:[^:]*:[^:]*:\\([^:]*\\):")))
    (with-temp-buffer
      (apply #'call-process pgg-gpg-program nil t nil args)
      (goto-char (point-min))
      (if (re-search-forward key-regexp
			     nil t)
	  (match-string 3)))))

(defun pgg-gpg-key-id-from-key-owner (key-owner)
  (cond ((not key-owner) nil)
	;; Extract bare key id from outermost paired angle brackets, if any:
	((string-match "[^<]*<\\(.+\\)>[^>]*" key-owner)
	 (substring key-owner (match-beginning 1)(match-end 1)))
	(key-owner)))

(defun pgg-gpg-encrypt-region (start end recipients &optional sign passphrase)
  "Encrypt the current region between START and END.

If optional argument SIGN is non-nil, do a combined sign and encrypt.

If optional PASSPHRASE is not specified, it will be obtained from the
passphrase cache or user."
  (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
	 (passphrase (or passphrase
			 (when (and sign (not (pgg-gpg-use-agent-p)))
			   (pgg-read-passphrase
			    (format "GnuPG passphrase for %s: "
				    pgg-gpg-user-id)
			    pgg-gpg-user-id))))
	 (args
	  (append
	   (list "--batch" "--armor" "--always-trust" "--encrypt")
	   (if pgg-text-mode (list "--textmode"))
	   (if sign (list "--sign" "--local-user" pgg-gpg-user-id))
	   (if recipients
	       (apply #'nconc
		      (mapcar (lambda (rcpt)
				(list pgg-gpg-recipient-argument rcpt))
			      (append recipients
				      (if pgg-encrypt-for-me
					  (list pgg-gpg-user-id)))))))))
    (pgg-gpg-process-region start end passphrase pgg-gpg-program args)
    (when sign
      (with-current-buffer pgg-errors-buffer
	;; Possibly cache passphrase under, e.g. "jas", for future sign.
	(pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)
	;; Possibly cache passphrase under, e.g. B565716F, for future decrypt.
	(pgg-gpg-possibly-cache-passphrase passphrase)))
    (pgg-process-when-success)))

(defun pgg-gpg-encrypt-symmetric-region (start end &optional passphrase)
  "Encrypt the current region between START and END with symmetric cipher.

If optional PASSPHRASE is not specified, it will be obtained from the
passphrase cache or user."
  (let* ((passphrase (or passphrase
			 (when (not (pgg-gpg-use-agent-p))
			   (pgg-read-passphrase
			    "GnuPG passphrase for symmetric encryption: "))))
	 (args
	  (append (list "--batch" "--armor" "--symmetric" )
		  (if pgg-text-mode (list "--textmode")))))
    (pgg-gpg-process-region start end passphrase pgg-gpg-program args)
    (pgg-process-when-success)))

(defun pgg-gpg-decrypt-region (start end &optional passphrase)
  "Decrypt the current region between START and END.

If optional PASSPHRASE is not specified, it will be obtained from the
passphrase cache or user."
  (let* ((current-buffer (current-buffer))
	 (message-keys (with-temp-buffer
			 (insert-buffer-substring current-buffer)
			 (pgg-decode-armor-region (point-min) (point-max))))
	 (secret-keys (pgg-gpg-lookup-all-secret-keys))
	 ;; XXX the user is stuck if they need to use the passphrase for
	 ;;     any but the first secret key for which the message is
	 ;;     encrypted.  ideally, we would incrementally give them a
	 ;;     chance with subsequent keys each time they fail with one.
	 (key (pgg-gpg-select-matching-key message-keys secret-keys))
	 (key-owner (and key (pgg-gpg-lookup-key-owner key t)))
	 (key-id (pgg-gpg-key-id-from-key-owner key-owner))
	 (pgg-gpg-user-id (or key-id key
			      pgg-gpg-user-id pgg-default-user-id))
	 (passphrase (or passphrase
			 (when (not (pgg-gpg-use-agent-p))
			   (pgg-read-passphrase
			    (format (if (pgg-gpg-symmetric-key-p message-keys)
					"Passphrase for symmetric decryption: "
				      "GnuPG passphrase for %s: ")
				    (or key-owner "??"))
			    pgg-gpg-user-id))))
	 (args '("--batch" "--decrypt")))
    (pgg-gpg-process-region start end passphrase pgg-gpg-program args)
    (with-current-buffer pgg-errors-buffer
      (pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)
      (goto-char (point-min))
      (re-search-forward "^\\[GNUPG:] DECRYPTION_OKAY\\>" nil t))))

;;;###autoload
(defun pgg-gpg-symmetric-key-p (message-keys)
  "True if decoded armor MESSAGE-KEYS has symmetric encryption indicator."
  (let (result)
    (dolist (key message-keys result)
      (when (and (eq (car key) 3)
		 (member '(symmetric-key-algorithm) key))
	(setq result key)))))

(defun pgg-gpg-select-matching-key (message-keys secret-keys)
  "Choose a key from MESSAGE-KEYS that matches one of the keys in SECRET-KEYS."
  (loop for message-key in message-keys
	for message-key-id = (and (equal (car message-key) 1)
				  (cdr (assq 'key-identifier
					     (cdr message-key))))
	for key = (and message-key-id (pgg-lookup-key message-key-id 'encrypt))
	when (and key (member key secret-keys)) return key))

(defun pgg-gpg-sign-region (start end &optional cleartext passphrase)
  "Make detached signature from text between START and END."
  (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
	 (passphrase (or passphrase
			 (when (not (pgg-gpg-use-agent-p))
			   (pgg-read-passphrase
			    (format "GnuPG passphrase for %s: "
				    pgg-gpg-user-id)
			    pgg-gpg-user-id))))
	 (args
	  (append (list (if cleartext "--clearsign" "--detach-sign")
			"--armor" "--batch" "--verbose"
			"--local-user" pgg-gpg-user-id)
		  (if pgg-text-mode (list "--textmode"))))
	 (inhibit-read-only t)
	 buffer-read-only)
    (pgg-gpg-process-region start end passphrase pgg-gpg-program args)
    (with-current-buffer pgg-errors-buffer
      ;; Possibly cache passphrase under, e.g. "jas", for future sign.
      (pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)
      ;; Possibly cache passphrase under, e.g. B565716F, for future decrypt.
      (pgg-gpg-possibly-cache-passphrase passphrase))
    (pgg-process-when-success)))

(defun pgg-gpg-verify-region (start end &optional signature)
  "Verify region between START and END as the detached signature SIGNATURE."
  (let ((args '("--batch" "--verify")))
    (when (stringp signature)
      (setq args (append args (list signature))))
    (setq args (append args '("-")))
    (pgg-gpg-process-region start end nil pgg-gpg-program args)
    (with-current-buffer pgg-errors-buffer
      (goto-char (point-min))
      (while (re-search-forward "^gpg: \\(.*\\)\n" nil t)
	(with-current-buffer pgg-output-buffer
	  (insert-buffer-substring pgg-errors-buffer
				   (match-beginning 1) (match-end 0)))
	(delete-region (match-beginning 0) (match-end 0)))
      (goto-char (point-min))
      (re-search-forward "^\\[GNUPG:] GOODSIG\\>" nil t))))

(defun pgg-gpg-insert-key ()
  "Insert public key at point."
  (let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
	 (args (list "--batch" "--export" "--armor"
		     pgg-gpg-user-id)))
    (pgg-gpg-process-region (point)(point) nil pgg-gpg-program args)
    (insert-buffer-substring pgg-output-buffer)))

(defun pgg-gpg-snarf-keys-region (start end)
  "Add all public keys in region between START and END to the keyring."
  (let ((args '("--import" "--batch" "-")) status)
    (pgg-gpg-process-region start end nil pgg-gpg-program args)
    (set-buffer pgg-errors-buffer)
    (goto-char (point-min))
    (when (re-search-forward "^\\[GNUPG:] IMPORT_RES\\>" nil t)
      (setq status (buffer-substring (match-end 0)
				     (progn (end-of-line)(point)))
	    status (vconcat (mapcar #'string-to-number (split-string status))))
      (erase-buffer)
      (insert (format "Imported %d key(s).
\tArmor contains %d key(s) [%d bad, %d old].\n"
		      (+ (aref status 2)
			 (aref status 10))
		      (aref status 0)
		      (aref status 1)
		      (+ (aref status 4)
			 (aref status 11)))
	      (if (zerop (aref status 9))
		  ""
		"\tSecret keys are imported.\n")))
    (append-to-buffer pgg-output-buffer (point-min)(point-max))
    (pgg-process-when-success)))

(defun pgg-gpg-update-agent ()
  "Try to connet to gpg-agent and send UPDATESTARTUPTTY."
  (if (fboundp 'make-network-process)
      (let* ((agent-info (getenv "GPG_AGENT_INFO"))
	     (socket (and agent-info
			  (string-match "^\\([^:]*\\)" agent-info)
			  (match-string 1 agent-info)))
	     (conn (and socket
			(make-network-process :name "gpg-agent-process"
					      :host 'local :family 'local
					      :service socket))))
	(when (and conn (eq (process-status conn) 'open))
	  (process-send-string conn "UPDATESTARTUPTTY\n")
	  (delete-process conn)
	  t))
    ;; We can't check, so assume gpg-agent is up.
    t))

(defun pgg-gpg-use-agent-p ()
  "Return t if `pgg-gpg-use-agent' is t and gpg-agent is available."
  (and pgg-gpg-use-agent (pgg-gpg-update-agent)))

(provide 'pgg-gpg)

;;; arch-tag: 2aa5d5d8-93a0-4865-9312-33e29830e000
;;; pgg-gpg.el ends here
Commit	Line	Data
23f87bed MB	1	;;; pgg-gpg.el --- GnuPG support for PGG.
23f87bed MB	2
e84b4b86	3	;; Copyright (C) 1999, 2000, 2002, 2003, 2004,
aaef169d	4	;; 2005, 2006 Free Software Foundation, Inc.
23f87bed MB	5
23f87bed MB	6	;; Author: Daiki Ueno <ueno@unixuser.org>
60c6189d RS	7	;; Symmetric encryption and gpg-agent support added by:
60c6189d RS	8	;; Sascha Wilde <wilde@sha-bang.de>
23f87bed MB	9	;; Created: 1999/10/28
	10	;; Keywords: PGP, OpenPGP, GnuPG
	11
	12	;; This file is part of GNU Emacs.
	13
	14	;; GNU Emacs is free software; you can redistribute it and/or modify
	15	;; it under the terms of the GNU General Public License as published by
	16	;; the Free Software Foundation; either version 2, or (at your option)
	17	;; any later version.
	18
	19	;; GNU Emacs is distributed in the hope that it will be useful,
	20	;; but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	;; GNU General Public License for more details.
	23
	24	;; You should have received a copy of the GNU General Public License
	25	;; along with GNU Emacs; see the file COPYING. If not, write to the
3a35cf56 LK	26	;; Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
3a35cf56 LK	27	;; Boston, MA 02110-1301, USA.
23f87bed MB	28
	29	;;; Code:
	30
	31	(eval-when-compile
30ceaa68	32	(require 'cl) ; for gpg macros
23f87bed MB	33	(require 'pgg))
	34
	35	(defgroup pgg-gpg ()
4a836a63	36	"GnuPG interface."
23f87bed MB	37	:group 'pgg)
	38
	39	(defcustom pgg-gpg-program "gpg"
	40	"The GnuPG executable."
	41	:group 'pgg-gpg
	42	:type 'string)
	43
	44	(defcustom pgg-gpg-extra-args nil
	45	"Extra arguments for every GnuPG invocation."
	46	:group 'pgg-gpg
	47	:type '(repeat (string :tag "Argument")))
	48
	49	(defcustom pgg-gpg-recipient-argument "--recipient"
	50	"GnuPG option to specify recipient."
	51	:group 'pgg-gpg
	52	:type '(choice (const :tag "New `--recipient' option" "--recipient")
	53	(const :tag "Old `--remote-user' option" "--remote-user")))
	54
60c6189d RS	55	(defcustom pgg-gpg-use-agent nil
	56	"Whether to use gnupg agent for key caching."
	57	:group 'pgg-gpg
	58	:type 'boolean)
	59
23f87bed MB	60	(defvar pgg-gpg-user-id nil
	61	"GnuPG ID of your default identity.")
	62
30ceaa68	63	(defun pgg-gpg-process-region (start end passphrase program args)
60c6189d RS	64	(let* ((use-agent (pgg-gpg-use-agent-p))
60c6189d RS	65	(output-file-name (pgg-make-temp-file "pgg-output"))
23f87bed	66	(args
30ceaa68	67	`("--status-fd" "2"
60c6189d RS	68	,@(if use-agent '("--use-agent")
60c6189d RS	69	(if passphrase '("--passphrase-fd" "0")))
30ceaa68 RF	70	"--yes" ; overwrite
	71	"--output" ,output-file-name
	72	,@pgg-gpg-extra-args ,@args))
	73	(output-buffer pgg-output-buffer)
	74	(errors-buffer pgg-errors-buffer)
276e2740	75	(orig-mode (default-file-modes))
30ceaa68 RF	76	(process-connection-type nil)
	77	exit-status)
	78	(with-current-buffer (get-buffer-create errors-buffer)
	79	(buffer-disable-undo)
	80	(erase-buffer))
23f87bed MB	81	(unwind-protect
	82	(progn
	83	(set-default-file-modes 448)
30ceaa68 RF	84	(let ((coding-system-for-write 'binary)
	85	(input (buffer-substring-no-properties start end))
	86	(default-enable-multibyte-characters nil))
	87	(with-temp-buffer
	88	(when passphrase
	89	(insert passphrase "\n"))
	90	(insert input)
	91	(setq exit-status
	92	(apply #'call-process-region (point-min) (point-max) program
	93	nil errors-buffer nil args))))
	94	(with-current-buffer (get-buffer-create output-buffer)
	95	(buffer-disable-undo)
	96	(erase-buffer)
	97	(if (file-exists-p output-file-name)
bd707233 SJ	98	(let ((coding-system-for-read (if pgg-text-mode
	99	'raw-text
	100	'binary)))
30ceaa68 RF	101	(insert-file-contents output-file-name)))
	102	(set-buffer errors-buffer)
	103	(if (not (equal exit-status 0))
	104	(insert (format "\n%s exited abnormally: '%s'\n"
	105	program exit-status)))))
	106	(if (file-exists-p output-file-name)
	107	(delete-file output-file-name))
	108	(set-default-file-modes orig-mode))))
	109
	110	(defun pgg-gpg-possibly-cache-passphrase (passphrase &optional key notruncate)
60c6189d RS	111	(if (and passphrase
60c6189d RS	112	pgg-cache-passphrase
30ceaa68 RF	113	(progn
	114	(goto-char (point-min))
	115	(re-search-forward "^\\[GNUPG:] \\(GOOD_PASSPHRASE\\>\\)\\\|\\(SIG_CREATED\\)" nil t)))
	116	(pgg-add-passphrase-to-cache
	117	(or key
	118	(progn
	119	(goto-char (point-min))
	120	(if (re-search-forward
	121	"^\\[GNUPG:] NEED_PASSPHRASE\\(_PIN\\)? \\w+ ?\\w*" nil t)
	122	(substring (match-string 0) -8))))
	123	passphrase
	124	notruncate)))
	125
	126	(defvar pgg-gpg-all-secret-keys 'unknown)
	127
	128	(defun pgg-gpg-lookup-all-secret-keys ()
	129	"Return all secret keys present in secret key ring."
	130	(when (eq pgg-gpg-all-secret-keys 'unknown)
	131	(setq pgg-gpg-all-secret-keys '())
	132	(let ((args (list "--with-colons" "--no-greeting" "--batch"
	133	"--list-secret-keys")))
	134	(with-temp-buffer
	135	(apply #'call-process pgg-gpg-program nil t nil args)
	136	(goto-char (point-min))
	137	(while (re-search-forward
	138	"^\\(sec\\\|pub\\):[^:]:[^:]:[^:]:\\([^:]\\)" nil t)
	139	(push (substring (match-string 2) 8)
	140	pgg-gpg-all-secret-keys)))))
	141	pgg-gpg-all-secret-keys)
23f87bed MB	142
	143	(defun pgg-gpg-lookup-key (string &optional type)
	144	"Search keys associated with STRING."
	145	(let ((args (list "--with-colons" "--no-greeting" "--batch"
	146	(if type "--list-secret-keys" "--list-keys")
	147	string)))
	148	(with-temp-buffer
	149	(apply #'call-process pgg-gpg-program nil t nil args)
	150	(goto-char (point-min))
	151	(if (re-search-forward "^\\(sec\\\|pub\\):[^:]:[^:]:[^:]:\\([^:]\\)"
	152	nil t)
	153	(substring (match-string 2) 8)))))
	154
30ceaa68 RF	155	(defun pgg-gpg-lookup-key-owner (string &optional all)
	156	"Search keys associated with STRING and return owner of identified key.
	157
	158	The value may be just the bare key id, or it may be a combination of the
	159	user name associated with the key and the key id, with the key id enclosed
	160	in \"<...>\" angle brackets.
	161
	162	Optional ALL non-nil means search all keys, including secret keys."
	163	(let ((args (list "--with-colons" "--no-greeting" "--batch"
	164	(if all "--list-secret-keys" "--list-keys")
	165	string))
	166	(key-regexp (concat "^\\(sec\\\|pub\\)"
	167	":[^:]:[^:]:[^:]:\\([^:]\\):[^:]*"
	168	":[^:]:[^:]:[^:]:\\([^:]\\):")))
	169	(with-temp-buffer
	170	(apply #'call-process pgg-gpg-program nil t nil args)
	171	(goto-char (point-min))
	172	(if (re-search-forward key-regexp
	173	nil t)
	174	(match-string 3)))))
	175
	176	(defun pgg-gpg-key-id-from-key-owner (key-owner)
	177	(cond ((not key-owner) nil)
	178	;; Extract bare key id from outermost paired angle brackets, if any:
	179	((string-match "[^<]<\\(.+\\)>[^>]" key-owner)
	180	(substring key-owner (match-beginning 1)(match-end 1)))
	181	(key-owner)))
	182
df570e6f	183	(defun pgg-gpg-encrypt-region (start end recipients &optional sign passphrase)
23f87bed	184	"Encrypt the current region between START and END.
df570e6f	185
30ceaa68 RF	186	If optional argument SIGN is non-nil, do a combined sign and encrypt.
	187
	188	If optional PASSPHRASE is not specified, it will be obtained from the
	189	passphrase cache or user."
23f87bed	190	(let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
30ceaa68	191	(passphrase (or passphrase
60c6189d	192	(when (and sign (not (pgg-gpg-use-agent-p)))
30ceaa68 RF	193	(pgg-read-passphrase
	194	(format "GnuPG passphrase for %s: "
	195	pgg-gpg-user-id)
	196	pgg-gpg-user-id))))
23f87bed MB	197	(args
23f87bed MB	198	(append
30ceaa68 RF	199	(list "--batch" "--armor" "--always-trust" "--encrypt")
30ceaa68 RF	200	(if pgg-text-mode (list "--textmode"))
23f87bed MB	201	(if sign (list "--sign" "--local-user" pgg-gpg-user-id))
	202	(if recipients
	203	(apply #'nconc
	204	(mapcar (lambda (rcpt)
	205	(list pgg-gpg-recipient-argument rcpt))
	206	(append recipients
	207	(if pgg-encrypt-for-me
30ceaa68 RF	208	(list pgg-gpg-user-id)))))))))
	209	(pgg-gpg-process-region start end passphrase pgg-gpg-program args)
	210	(when sign
	211	(with-current-buffer pgg-errors-buffer
	212	;; Possibly cache passphrase under, e.g. "jas", for future sign.
	213	(pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)
	214	;; Possibly cache passphrase under, e.g. B565716F, for future decrypt.
	215	(pgg-gpg-possibly-cache-passphrase passphrase)))
	216	(pgg-process-when-success)))
23f87bed	217
df570e6f	218	(defun pgg-gpg-encrypt-symmetric-region (start end &optional passphrase)
30ceaa68 RF	219	"Encrypt the current region between START and END with symmetric cipher.
	220
	221	If optional PASSPHRASE is not specified, it will be obtained from the
	222	passphrase cache or user."
	223	(let* ((passphrase (or passphrase
60c6189d RS	224	(when (not (pgg-gpg-use-agent-p))
	225	(pgg-read-passphrase
	226	"GnuPG passphrase for symmetric encryption: "))))
30ceaa68 RF	227	(args
	228	(append (list "--batch" "--armor" "--symmetric" )
	229	(if pgg-text-mode (list "--textmode")))))
	230	(pgg-gpg-process-region start end passphrase pgg-gpg-program args)
	231	(pgg-process-when-success)))
df570e6f EZ	232
df570e6f EZ	233	(defun pgg-gpg-decrypt-region (start end &optional passphrase)
30ceaa68 RF	234	"Decrypt the current region between START and END.
	235
	236	If optional PASSPHRASE is not specified, it will be obtained from the
	237	passphrase cache or user."
	238	(let* ((current-buffer (current-buffer))
	239	(message-keys (with-temp-buffer
	240	(insert-buffer-substring current-buffer)
	241	(pgg-decode-armor-region (point-min) (point-max))))
	242	(secret-keys (pgg-gpg-lookup-all-secret-keys))
	243	;; XXX the user is stuck if they need to use the passphrase for
	244	;; any but the first secret key for which the message is
	245	;; encrypted. ideally, we would incrementally give them a
	246	;; chance with subsequent keys each time they fail with one.
	247	(key (pgg-gpg-select-matching-key message-keys secret-keys))
	248	(key-owner (and key (pgg-gpg-lookup-key-owner key t)))
	249	(key-id (pgg-gpg-key-id-from-key-owner key-owner))
	250	(pgg-gpg-user-id (or key-id key
	251	pgg-gpg-user-id pgg-default-user-id))
	252	(passphrase (or passphrase
60c6189d RS	253	(when (not (pgg-gpg-use-agent-p))
	254	(pgg-read-passphrase
	255	(format (if (pgg-gpg-symmetric-key-p message-keys)
	256	"Passphrase for symmetric decryption: "
	257	"GnuPG passphrase for %s: ")
	258	(or key-owner "??"))
	259	pgg-gpg-user-id))))
30ceaa68 RF	260	(args '("--batch" "--decrypt")))
	261	(pgg-gpg-process-region start end passphrase pgg-gpg-program args)
	262	(with-current-buffer pgg-errors-buffer
	263	(pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)
	264	(goto-char (point-min))
	265	(re-search-forward "^\\[GNUPG:] DECRYPTION_OKAY\\>" nil t))))
	266
	267	;;;###autoload
	268	(defun pgg-gpg-symmetric-key-p (message-keys)
	269	"True if decoded armor MESSAGE-KEYS has symmetric encryption indicator."
	270	(let (result)
	271	(dolist (key message-keys result)
	272	(when (and (eq (car key) 3)
	273	(member '(symmetric-key-algorithm) key))
	274	(setq result key)))))
	275
	276	(defun pgg-gpg-select-matching-key (message-keys secret-keys)
	277	"Choose a key from MESSAGE-KEYS that matches one of the keys in SECRET-KEYS."
	278	(loop for message-key in message-keys
	279	for message-key-id = (and (equal (car message-key) 1)
	280	(cdr (assq 'key-identifier
	281	(cdr message-key))))
	282	for key = (and message-key-id (pgg-lookup-key message-key-id 'encrypt))
	283	when (and key (member key secret-keys)) return key))
23f87bed	284
df570e6f	285	(defun pgg-gpg-sign-region (start end &optional cleartext passphrase)
23f87bed MB	286	"Make detached signature from text between START and END."
23f87bed MB	287	(let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
30ceaa68	288	(passphrase (or passphrase
60c6189d RS	289	(when (not (pgg-gpg-use-agent-p))
	290	(pgg-read-passphrase
	291	(format "GnuPG passphrase for %s: "
	292	pgg-gpg-user-id)
	293	pgg-gpg-user-id))))
23f87bed	294	(args
34128042	295	(append (list (if cleartext "--clearsign" "--detach-sign")
30ceaa68	296	"--armor" "--batch" "--verbose"
34128042	297	"--local-user" pgg-gpg-user-id)
30ceaa68 RF	298	(if pgg-text-mode (list "--textmode"))))
	299	(inhibit-read-only t)
	300	buffer-read-only)
	301	(pgg-gpg-process-region start end passphrase pgg-gpg-program args)
	302	(with-current-buffer pgg-errors-buffer
	303	;; Possibly cache passphrase under, e.g. "jas", for future sign.
	304	(pgg-gpg-possibly-cache-passphrase passphrase pgg-gpg-user-id)
	305	;; Possibly cache passphrase under, e.g. B565716F, for future decrypt.
	306	(pgg-gpg-possibly-cache-passphrase passphrase))
	307	(pgg-process-when-success)))
23f87bed MB	308
	309	(defun pgg-gpg-verify-region (start end &optional signature)
	310	"Verify region between START and END as the detached signature SIGNATURE."
30ceaa68	311	(let ((args '("--batch" "--verify")))
23f87bed MB	312	(when (stringp signature)
23f87bed MB	313	(setq args (append args (list signature))))
30ceaa68 RF	314	(setq args (append args '("-")))
	315	(pgg-gpg-process-region start end nil pgg-gpg-program args)
	316	(with-current-buffer pgg-errors-buffer
	317	(goto-char (point-min))
	318	(while (re-search-forward "^gpg: \\(.*\\)\n" nil t)
	319	(with-current-buffer pgg-output-buffer
	320	(insert-buffer-substring pgg-errors-buffer
	321	(match-beginning 1) (match-end 0)))
	322	(delete-region (match-beginning 0) (match-end 0)))
	323	(goto-char (point-min))
	324	(re-search-forward "^\\[GNUPG:] GOODSIG\\>" nil t))))
23f87bed MB	325
	326	(defun pgg-gpg-insert-key ()
	327	"Insert public key at point."
	328	(let* ((pgg-gpg-user-id (or pgg-gpg-user-id pgg-default-user-id))
30ceaa68 RF	329	(args (list "--batch" "--export" "--armor"
	330	pgg-gpg-user-id)))
	331	(pgg-gpg-process-region (point)(point) nil pgg-gpg-program args)
23f87bed MB	332	(insert-buffer-substring pgg-output-buffer)))
	333
	334	(defun pgg-gpg-snarf-keys-region (start end)
	335	"Add all public keys in region between START and END to the keyring."
30ceaa68 RF	336	(let ((args '("--import" "--batch" "-")) status)
	337	(pgg-gpg-process-region start end nil pgg-gpg-program args)
	338	(set-buffer pgg-errors-buffer)
	339	(goto-char (point-min))
	340	(when (re-search-forward "^\\[GNUPG:] IMPORT_RES\\>" nil t)
	341	(setq status (buffer-substring (match-end 0)
	342	(progn (end-of-line)(point)))
	343	status (vconcat (mapcar #'string-to-number (split-string status))))
	344	(erase-buffer)
	345	(insert (format "Imported %d key(s).
	346	\tArmor contains %d key(s) [%d bad, %d old].\n"
	347	(+ (aref status 2)
	348	(aref status 10))
	349	(aref status 0)
	350	(aref status 1)
	351	(+ (aref status 4)
	352	(aref status 11)))
	353	(if (zerop (aref status 9))
	354	""
	355	"\tSecret keys are imported.\n")))
	356	(append-to-buffer pgg-output-buffer (point-min)(point-max))
	357	(pgg-process-when-success)))
4803386d	358
60c6189d RS	359	(defun pgg-gpg-update-agent ()
	360	"Try to connet to gpg-agent and send UPDATESTARTUPTTY."
	361	(if (fboundp 'make-network-process)
	362	(let* ((agent-info (getenv "GPG_AGENT_INFO"))
	363	(socket (and agent-info
	364	(string-match "^\\([^:]*\\)" agent-info)
	365	(match-string 1 agent-info)))
	366	(conn (and socket
	367	(make-network-process :name "gpg-agent-process"
	368	:host 'local :family 'local
	369	:service socket))))
	370	(when (and conn (eq (process-status conn) 'open))
	371	(process-send-string conn "UPDATESTARTUPTTY\n")
	372	(delete-process conn)
	373	t))
	374	;; We can't check, so assume gpg-agent is up.
	375	t))
	376
	377	(defun pgg-gpg-use-agent-p ()
	378	"Return t if `pgg-gpg-use-agent' is t and gpg-agent is available."
	379	(and pgg-gpg-use-agent (pgg-gpg-update-agent)))
	380
23f87bed MB	381	(provide 'pgg-gpg)
	382
	383	;;; arch-tag: 2aa5d5d8-93a0-4865-9312-33e29830e000
	384	;;; pgg-gpg.el ends here