X-Git-Url: https://git.sthu.org/?a=blobdiff_plain;f=gpgsigs%2Fgpgsigs;h=5ba8c126792afc10486632b237f86bacf5d05b75;hb=c5e550b90a628f8fd9a4540cc3c41d653799eff2;hp=5e97c2bc09b976b7c3f81356b0e2afc3ba852120;hpb=855a696b9f9c1d14bae8fb6cd305545d2583cab3;p=pgp-tools.git diff --git a/gpgsigs/gpgsigs b/gpgsigs/gpgsigs old mode 100644 new mode 100755 index 5e97c2b..5ba8c12 --- a/gpgsigs/gpgsigs +++ b/gpgsigs/gpgsigs @@ -1,5 +1,7 @@ #!/usr/bin/perl +# $Id$ + # See the pod documentation at the end of this file for author, # copyright, and licence information. # @@ -15,8 +17,10 @@ # * support for multiple user keys # * better charset conversion # * pod documentation +# see the Debian changelog for further changes. -my $VERSION = "0.2"; +my $VERSION = qq$Rev$; +$ENV{PATH} .= ":/usr/share/signing-party"; use strict; use warnings; @@ -25,20 +29,24 @@ use IPC::Open3; use Getopt::Long; -sub version +sub version($) { - print STDERR < - (c) 2004 Peter Palfrader - (c) 2004, 2005 Christoph Berg + (c) 2004, 2005 Peter Palfrader + (c) 2004, 2005, 2006, 2007 Christoph Berg EOF } -sub usage +sub usage($$) { - version(); - print STDERR <] [] @@ -47,19 +55,24 @@ separate multiple keyids with ',' -r call gpg --recv-keys before proceeding -f convert from charset -t convert UIDs to charset in output +--refresh regenerate UID lists on keys +--latex generate LaTeX output including photo IDs EOF - exit shift; + exit $error; } -my ($fromcharset, $charset, $recv_keys); +my ($fromcharset, $charset, $recv_keys, $refresh, $latex); +Getopt::Long::config('bundling'); GetOptions( - f => \$fromcharset, - t => \$charset, + '-f=s' => \$fromcharset, + '-t=s' => \$charset, r => \$recv_keys, - help => sub { usage(0); }, - version => sub { version(); exit 0;}, -) or usage(1); + refresh => \$refresh, + latex => \$latex, + help => sub { usage(*STDOUT, 0); }, + version => sub { version(*STDOUT); exit 0;}, +) or usage(*STDERR, 1); # charset conversion @@ -69,45 +82,22 @@ $charset = "ISO-8859-1" unless $charset =~ /[\.-]/; $charset =~ s/.*\.//; $charset =~ s/@.*//; -my ($rf, $rt, $if, $it); -if (eval "require Locale::Recode") { - $rf = Locale::Recode->new (from => $fromcharset, to => $charset) if $fromcharset; - $rt = Locale::Recode->new (from => 'UTF-8', to => $charset); -} elsif (eval "require Text::Iconv") { - $if = Text::Iconv->new($fromcharset, $charset) if $fromcharset; - $it = Text::Iconv->new("UTF-8", $charset); -} -sub myfromrecode($) { - my ($text) = @_; - if (defined $rf) { - my $orig = $text; - $rf->recode($text); - return $text; - } elsif (defined $if) { - return $if->convert($text); - } else { - my $pid = open3(\*WTRFH, \*RDRFH, \*ERRFH, 'recode', "$fromcharset..$charset"); - print WTRFH $text; - close WTRFH; - local $/ = undef; - my $result = ; - close RDRFH; - close ERRFH; - waitpid $pid, 0; - die ("'recode' failed, is it installed?\n") unless defined $result; - return $result; - } -} +sub myrecode($$$) { + my ($text, $from, $to) = @_; + + if (eval "require Locale::Recode") { + my $rt = Locale::Recode->new (from => $from, to => $to); -sub myrecode($) { - my ($text) = @_; - if (defined $rt) { my $orig = $text; $rt->recode($text); return $text; - } elsif (defined $it) { - return $it->convert($text); + } elsif (eval "require Text::Iconv") { + my $it = Text::Iconv->new($from, $to); + + my $result = $it->convert($text); + warn ("Could not convert '$text'\n") unless defined $result; + return (defined $result) ? $result : $text } else { my $pid = open3(\*WTRFH, \*RDRFH, \*ERRFH, 'recode', "utf8..$charset"); print WTRFH $text; @@ -117,26 +107,26 @@ sub myrecode($) { close RDRFH; close ERRFH; waitpid $pid, 0; - die ("'recode' failed, is it installed?\n") unless defined $result; - return $result; + warn ("'recode' failed, is it installed?\n") unless defined $result; + return (defined $result) ? $result : $text } } # parse options -my $mykey = uc(shift @ARGV); -my $keytxt = (shift @ARGV) || usage(1); +my @mykeys = split /,/, uc(shift @ARGV); +my $keytxt = (shift @ARGV) || usage(*STDERR, 1); my $outfile = (shift @ARGV) || '-'; -my @mykeys = split /,/, $mykey; map { s/^0x//i; } @mykeys; +my %uids = map { $_ => [] } @mykeys; if (!@mykeys || scalar @ARGV) { - usage(1); + usage(*STDERR, 1); } -if (!grep { /^([0-9A-F]{16,16}|[0-9A-F]{8,8})$/ } @mykeys) { - print STDERR "Invalid keyid given\n"; - usage(1); +foreach my $falsekey (grep { $_ !~ /^([0-9A-F]{16,16}|[0-9A-F]{8,8})$/ } @mykeys) { + print STDERR "Invalid keyid $falsekey given\n"; + usage(*STDERR, 1); } -r $keytxt or die ("$keytxt does not exist\n"); @@ -160,32 +150,78 @@ if ($recv_keys) { } print STDERR "Running --list-sigs, this will take a while "; -open SIGS, "gpg --fixed-list-mode --with-colons --list-sigs @keys 2>/dev/null |" +open SIGS, "gpg --fixed-list-mode --with-colons --list-sigs @mykeys @keys 2>/dev/null |" or die "can't get gpg listing"; -my ($key, $uid, $sigs); +my ($key, $uid, $sigs, $photocount); while () { if ( m/^pub:(?:.*?:){3,3}([0-9A-F]{16,16}):/ ) { $key = $1; print STDERR "."; + undef $photocount; next; } - if ( m/^uid:(?:.*?:){8,8}(.*):/s ) { - $uid = myrecode($1); + if ( m/^uid:(.):(?:.*?:){7,7}(.*):/s ) { + my $uidstatus = $1; + $uid = $2; + $uid =~ s/\\x([0-9a-f][0-9a-f])/ chr(hex($1)) /gie; + $uid = myrecode($uid, "UTF-8", $charset); + + my ($shortkey) = substr $key, -8; + # Remember non-revoked uids + next if $uidstatus eq "r"; + push @{$uids{$shortkey}}, $uid; next; } - if ( m/^sig:(?:.*?:){3,3}([0-9A-F]{8})([0-9A-F]{8}):(?:.*?:){3,3}(.*):.*?:/ ) { - $sigs->{$key}->{$uid}->{$1.$2} = $3; - $sigs->{$key}->{$uid}->{$2} = $3; + if ( m/^uat:(.)::::[^:]+::([0-9A-F]+)::\d+ (\d+)/ ) { # uat:-::::2006-08-03::27BAEAF742BD253C2F3F03B043DC1536880193C4::1 7993: + my $uidstatus = $1; + # $2 is hash of attribute data + my $size = $3 - 19; # FIXME: find a nicer way to find out picture size + $uid = "[jpeg image of size $size]"; + next if $uidstatus eq "r"; + if ($latex and not $photocount) { # call once per key + my ($shortkey) = substr $key, -8; + system "rm $shortkey.[1-9]*.eps"; + system "gpg --photo-viewer 'gpgsigs-eps-helper $shortkey' --list-options show-photos --list-key $key > /dev/null"; + $photocount = 1; + } + my ($shortkey) = substr $key, -8; + push @{$uids{$shortkey}}, $uid; next; } - if ( m/^uat:/ ) { - $uid = "Photo ID"; + if ( m/^sig:(?:.*?:){3,3}([0-9A-F]{8})([0-9A-F]{8}):(?:.*?:){5,5}(.*?):/ ) { + my $class = $3; + if ($class eq '10x') { + $class = 'S'; + } elsif ($class eq '11x') { + $class = '1'; + } elsif ($class eq '12x') { + $class = '2'; + } elsif ($class eq '13x') { + $class = '3'; + } else { + $class = 's'; + }; + # Handle the case where one UID was signed multiple times + # with different signature classes. + my $before = $sigs->{$key}->{$uid}->{$1.$2}; + if (defined $before) { + if ($before eq 'S' || $before eq 's') { + $sigs->{$key}->{$uid}->{$1.$2} = $class; + } elsif ($class eq 'S' || $class eq 's') { + # intentionally left blank + } elsif ($before < $class) { + $sigs->{$key}->{$uid}->{$1.$2} = $class; + }; + } else { + $sigs->{$key}->{$uid}->{$1.$2} .= $class; + }; + $sigs->{$key}->{$uid}->{$2} = $sigs->{$key}->{$uid}->{$1.$2}; next; } - next if ( m/^(rev|sub|tru):/ ); + next if ( m/^(rev|rvk|sub|tru):/ ); # revoke/revoker/subkey/trust warn "unknown value: '$_', key: ".(defined $key ? $key :'none')."\n"; -} +} close SIGS; print STDERR "\n"; @@ -197,18 +233,46 @@ for my $k ( keys %{$sigs} ) { # read checksums -open MD, "gpg --print-md md5 $keytxt|" or warn "can't get gpg md5"; +open MD, "gpg --with-colons --print-md md5 $keytxt|" or warn "can't get gpg md5\n"; my $MD5 = ; close MD; -open MD, "gpg --print-md sha1 $keytxt|" or warn "can't get gpg sha1"; +open MD, "gpg --with-colons --print-md sha1 $keytxt|" or warn "can't get gpg sha1\n"; my $SHA1 = ; close MD; +open MD, "gpg --with-colons --print-md sha256 $keytxt|" or warn "can't get gpg sha256\n"; +my $SHA256 = ; +close MD; +open MD, "gpg --with-colons --print-md ripemd160 $keytxt|" or warn "can't get gpg ripemd160\n"; +my $RIPEMD160 = ; +close MD; + +my @MD5 = split /:/, $MD5; +my @SHA1 = split /:/, $SHA1; +my @SHA256 = split /:/, $SHA256; +my @RIPEMD160 = split /:/, $RIPEMD160; +$MD5 = $MD5[2]; +$SHA1 = $SHA1[2]; +$SHA256 = $SHA256[2]; +$RIPEMD160 = $RIPEMD160[2]; + +$MD5 =~ s/(.{16})/$1 /; +$SHA1 =~ s/(.{20})/$1 /; +$SHA256 =~ s/(.{32})/$1 /; +$RIPEMD160 =~ s/(.{20})/$1 /; +$MD5 =~ s/([0-9A-Z]{2})/$1 /ig; +$SHA1 =~ s/([0-9A-Z]{4})/$1 /ig; +$SHA256 =~ s/([0-9A-Z]{4})/$1 /ig; +$RIPEMD160 =~ s/([0-9A-Z]{4})/$1 /ig; chomp $MD5; chomp $SHA1; +chomp $SHA256; +chomp $RIPEMD160; my $metatxt = quotemeta($keytxt); $MD5 =~ s/^$metatxt:\s*//; $SHA1 =~ s/^$metatxt:\s*//; +$SHA256 =~ s/^$metatxt:\s*//; +$RIPEMD160 =~ s/^$metatxt:\s*//; # write out result @@ -216,38 +280,96 @@ sub print_tag { my ($key, $uid) = @_; if (! defined $sigs->{$key}->{$uid}) { - warn "uid '$uid' not found on key $key"; - return; + warn "uid '$uid' not found on key $key\n"; + #for (keys %{ $sigs->{$key} }) { + # print STDERR "only have $_\n"; + #}; + return '(' . (' ' x @mykeys) . ')'; } my $r = '('; foreach my $mykey (@mykeys) { - $r .= defined $sigs->{$key}->{$uid}->{$mykey} ? "S" : " "; + $r .= defined $sigs->{$key}->{$uid}->{$mykey} ? $sigs->{$key}->{$uid}->{$mykey} : ' '; } $r .= ')'; return $r; } +$key = undef; +$uid = undef; +my $line = 0; print STDERR "Annotating $keytxt, writing into $outfile\n"; open (TXT, $keytxt) or die ("Cannot open $keytxt\n"); open (WRITE, '>'.$outfile) or die ("Cannot open $outfile for writing\n"); + +if ($latex) { + print WRITE <<'EOF'; +\documentclass{article} +\usepackage[margin=2cm]{geometry} +\usepackage{alltt} +\usepackage{graphicx} +\begin{document} +\begin{alltt} +EOF +} + while () { - $_ = myfromrecode($_); + $line++; + $_ = myrecode($_, $fromcharset, $charset); if (/^MD5 Checksum:/ && defined $MD5) { - s/_[_ ]+_/$MD5/; + s/[_[:xdigit:]][_ [:xdigit:]]+_/$MD5/; } if (/^SHA1 Checksum:/ && defined $SHA1) { - s/_[_ ]+_/$SHA1/; + s/[_[:xdigit:]][_ [:xdigit:]]+_/$SHA1/; + } + if (/^SHA256 Checksum:/ && defined $SHA256) { + s/[_[:xdigit:]][_ [:xdigit:]]+_/$SHA256/; + } + if (/^RIPEMD160 Checksum:/ && defined $RIPEMD160) { + s/[_[:xdigit:]][_ [:xdigit:]]+_/$RIPEMD160/; } if ( m/^pub +(?:\d+)[DR]\/([0-9A-F]{8}) [0-9]{4}-[0-9]{2}-[0-9]{2} *(.*)/ ) { $key = $1; $uid = $2; - if ($uid) { # in gpg 1.2, the first uid is here - print WRITE print_tag($key, $uid) . " $_"; - next; + #if ($uid) { # in gpg 1.2, the first uid is here + # print WRITE print_tag($key, $uid) . " $_"; + # next; + #} + print WRITE; + undef $photocount; + next; + } + + if ( m/^ *Key fingerprint/ ) { + print WRITE; + my $inc = ""; + foreach my $mykey (@mykeys) { + foreach my $myuid (@{$uids{$mykey}}) { + $inc .= defined $sigs->{$mykey}->{$myuid}->{$key} ? $sigs->{$mykey}->{$myuid}->{$key} : ' '; + } + } + print WRITE "[$inc] incoming signatures\n" if $inc =~ /\S/; + if ($refresh or $latex) { + foreach $uid (@{$uids{$key}}) { + print WRITE print_tag($key, $uid) . " $uid\n"; + if ($latex and ($uid =~ /^\[jpeg image/)) { + $photocount++; + print WRITE "\\begin{flushright}\n"; + print WRITE "\\includegraphics[height=3cm]{$key.$photocount.eps}\n"; + print WRITE "\\end{flushright}\n"; + } + } } + next; + } if ( m/^uid +(.*)$/ ) { $uid = $1; + next if $refresh or $latex; + unless (defined $key) { + warn "key is undefined - input text is possibly malformed near line $line\n"; + next; + }; + die "bad tag from $key | $uid" unless defined (print_tag($key, $uid)); print WRITE print_tag($key, $uid) . " $_"; next; } @@ -255,11 +377,30 @@ while () { } print WRITE "Legend:\n"; +my $num_myuids = 0; foreach my $i (0 .. @mykeys - 1) { - print WRITE '('. ' 'x$i . 'S' . ' 'x(@mykeys-$i-1) . ") signed with $mykeys[$i]\n"; + print WRITE '(' . ' 'x$i . 'S' . ' 'x(@mykeys-$i-1) . ") signed with $mykeys[$i] $uids{$mykeys[$i]}->[0]\n"; + $num_myuids += @{$uids{$mykeys[$i]}}; +} +my $i = 0; +foreach my $mykey (@mykeys) { + foreach my $myuid (@{$uids{$mykey}}) { + my $inc = defined $sigs->{$mykey}->{$myuid}->{$key} ? $sigs->{$mykey}->{$myuid}->{$key} : ' '; + print WRITE "[" . ' 'x$i . 'S' . ' 'x($num_myuids-$i-1) . "] has signed $mykey $myuid\n"; + $i++; + } } close TXT; +if ($latex) { + print WRITE <<'EOF'; +\end{alltt} +\end{document} +EOF +} + +close WRITE; + __END__ =head1 NAME @@ -268,37 +409,48 @@ B - annotate list of GnuPG keys with already done signatures =head1 SYNOPSIS -B [-r] [-f I] [-t I] I F [F] +B [I] II<[>B<,>IB<,>I<...>I<]>>I<]> F [F] =head1 DESCRIPTION B was written to assist the user in signing keys during a keysigning party. It takes as input a file containing keys in C format and prepends every line with a tag indicating if the user has already signed -that uid. When the file contains C or C lines -and placeholders (C<__ __>), the checksum is inserted. +that uid. When the file contains C lines and placeholders +(C<__ __>), the checksum is inserted. ALGO can be set to the following algorithms: +MD5 SHA1 SHA256 or RIPEMD160. =head1 OPTIONS =over -=item -r +=item B<-r> Call I before creating the output. -=item -f I +=item B<-f> I Convert F from I. The default is ISO-8859-1. -=item -t I +=item B<-t> I Convert UIDs to I. The default is derived from LC_ALL, LC_CTYPE, and LANG, and if all these are unset, the default is ISO-8859-1. +=item B<--refresh> + +Refresh the UID lists per key from gpg. Useful when UIDs were added or revoked +since the input text was generated. + +=item B<--latex> + +Generate LaTeX output, including photo IDs. Implies B<--refresh>. +B This writes eps files to the current directory. + =item I Use this keyid (8 or 16 byte) for annotation. Multiple keyids can be separated -by I<,>. +by a comma (B<,>). =item F @@ -333,9 +485,9 @@ http://pgp-tools.alioth.debian.org/ (c) 2004 Uli Martens -(c) 2004 Peter Palfrader +(c) 2004, 2005 Peter Palfrader -(c) 2004, 2005 Christoph Berg +(c) 2004, 2005, 2006, 2007 Christoph Berg =head1 LICENSE