1#!/usr/bin/env python3 2# -*- coding: utf-8 -*- 3 4from __future__ import absolute_import, division, unicode_literals 5 6import os 7import os.path 8import sys 9 10# Copyright (C) 2018 Ben McGinnes <ben@gnupg.org> 11# 12# This program is free software; you can redistribute it and/or modify it under 13# the terms of the GNU General Public License as published by the Free Software 14# Foundation; either version 2 of the License, or (at your option) any later 15# version. 16# 17# This program is free software; you can redistribute it and/or modify it under 18# the terms of the GNU Lesser General Public License as published by the Free 19# Software Foundation; either version 2.1 of the License, or (at your option) 20# any later version. 21# 22# This program is distributed in the hope that it will be useful, but WITHOUT 23# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 24# FOR A PARTICULAR PURPOSE. See the GNU General Public License and the GNU 25# Lesser General Public License for more details. 26# 27# You should have received a copy of the GNU General Public License and the GNU 28# Lesser General Public along with this program; if not, see 29# <https://www.gnu.org/licenses/>. 30 31intro = """ 32This script creates a temporary directory to use as a homedir for 33testing key generation tasks with the correct permissions, along 34with a gpg.conf file containing the same configuration options 35listed in the HOWTO. 36 37You may wish to change the order of the cipher preferences or 38remove those not relevant to your installation. These 39configuration parameters assume that all ciphers and digests are 40installed and available rather than limiting to the default 41ciphers and digests. 42 43The script prompts for a directory name to be installed as a hidden 44directory in the user's home directory on POSIX systems. So if you 45enter "gnupg-temp" on a Linux, BSD or OS X system, it will create 46"~/.gnupg-temp" (you do not need to enter the leading dot). 47 48This script has not been tested on Windows systems and may have 49unpredictable results. That said, it will not delete or copy over 50existing data. 51 52If the directory already exists, the script will terminate with a 53message telling you to specify a new directory name. There is no 54default directory name. 55""" 56 57ciphers256 = "TWOFISH CAMELLIA256 AES256" 58ciphers192 = "CAMELLIA192 AES192" 59ciphers128 = "CAMELLIA128 AES" 60ciphersBad = "BLOWFISH IDEA CAST5 3DES" 61digests = "SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1" 62compress = "ZLIB BZIP2 ZIP Uncompressed" 63 64gpgconf = """# gpg.conf settings for key generation: 65expert 66allow-freeform-uid 67allow-secret-key-import 68trust-model tofu+pgp 69tofu-default-policy unknown 70enable-large-rsa 71enable-dsa2 72cert-digest-algo SHA512 73default-preference-list {0} {1} {2} {3} {4} {5} 74personal-cipher-preferences {0} {1} {2} {3} 75personal-digest-preferences {4} 76personal-compress-preferences {5} 77""".format(ciphers256, ciphers192, ciphers128, ciphersBad, digests, compress) 78 79agentconf = """# gpg-agent.conf settings for key generation: 80default-cache-ttl 300 81""" 82 83if len(sys.argv) == 1: 84 print(intro) 85 new_homedir = input("Enter the temporary gnupg homedir name: ") 86elif len(sys.argv) == 2: 87 new_homedir = sys.argv[1] 88else: 89 new_homedir = " ".join(sys.argv[1:]) 90 91userdir = os.path.expanduser("~") 92 93if new_homedir.startswith("~"): 94 new_homedir.replace("~", "") 95else: 96 pass 97 98if new_homedir.startswith("/"): 99 new_homedir.replace("/", "") 100else: 101 pass 102 103if new_homedir.startswith("."): 104 new_homedir.replace(".", "_") 105else: 106 pass 107 108if new_homedir.count(" ") > 0: 109 new_homedir.replace(" ", "_") 110else: 111 pass 112 113nh = "{0}/.{1}".format(userdir, new_homedir) 114 115if os.path.exists(nh) is True: 116 print("The {0} directory already exists.".format(nh)) 117else: 118 print("Creating the {0} directory.".format(nh)) 119 os.mkdir(nh) 120 os.chmod(nh, 0o700) 121 with open("{0}/{1}".format(nh, "gpg.conf"), "w") as f1: 122 f1.write(gpgconf) 123 os.chmod("{0}/{1}".format(nh, "gpg.conf"), 0o600) 124 with open("{0}/{1}".format(nh, "gpg-agent.conf"), "w") as f2: 125 f2.write(gpgconf) 126 os.chmod("{0}/{1}".format(nh, "gpg-agent.conf"), 0o600) 127 print("""You may now use the {0} directory as an alternative GPG homedir: 128 129gpg --homedir {0} 130gpg --homedir --full-gen-key 131 132Or with GPGME scripts, including the GPGME Python bindings. 133""") 134