1 files changed, 183 insertions, 0 deletions
diff --git a/lang/python/examples/howto/local-sign-group.py b/lang/python/examples/howto/local-sign-group.py
new file mode 100755
index 0000000..0353646
--- /dev/null
+++ b/lang/python/examples/howto/local-sign-group.py
@@ -0,0 +1,183 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from __future__ import absolute_import, division, unicode_literals
+
+import gpg
+import os.path
+import subprocess
+import sys
+
+from groups import group_lists
+
+# Copyright (C) 2018 Ben McGinnes <ben@gnupg.org>
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 2 of the License, or (at your option) any later
+# version.
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU Lesser General Public License as published by the Free
+# Software Foundation; either version 2.1 of the License, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License and the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License and the GNU
+# Lesser General Public along with this program; if not, see
+# <http://www.gnu.org/licenses/>.
+
+print("""
+This script applies a local signature or certification to every key in a group.
+
+Usage: local-sign-group.py <group name> [signing keyid] [gnupg homedir]
+""")
+
+c = gpg.Context(armor=True)
+mkfpr = None
+defkey_fpr = None
+enckey_fpr = None
+to_certify = []
+
+if len(sys.argv) >= 4:
+    clique = sys.argv[1]
+    sigkey = sys.argv[2]
+    homedir = sys.argv[3]
+elif len(sys.argv) == 3:
+    clique = sys.argv[1]
+    sigkey = sys.argv[2]
+    homedir = input("Enter the GPG configuration directory path (optional): ")
+elif len(sys.argv) == 2:
+    clique = sys.argv[1]
+    sigkey = input("Enter the key ID to sign with (conditionally optional): ")
+    homedir = input("Enter the GPG configuration directory path (optional): ")
+else:
+    clique = input("Enter the group matching the key(s) to locally sign: ")
+    sigkey = input("Enter the key ID to sign with (conditionally optional): ")
+    homedir = input("Enter the GPG configuration directory path (optional): ")
+
+if len(homedir) == 0:
+    homedir = None
+elif homedir.startswith("~"):
+    userdir = os.path.expanduser(homedir)
+    if os.path.exists(userdir) is True:
+        homedir = os.path.realpath(userdir)
+    else:
+        homedir = None
+else:
+    homedir = os.path.realpath(homedir)
+
+if homedir is not None and os.path.exists(homedir) is False:
+    homedir = None
+elif homedir is not None and os.path.exists(homedir) is True:
+    if os.path.isdir(homedir) is False:
+        homedir = None
+    else:
+        pass
+
+if homedir is not None:
+    c.home_dir = homedir
+else:
+    pass
+
+if len(sigkey) == 0:
+    sigkey = None
+else:
+    pass
+
+if sys.platform == "win32":
+    gpgconfcmd = "gpgconf.exe --list-options gpg"
+else:
+    gpgconfcmd = "gpgconf --list-options gpg"
+
+try:
+    lines = subprocess.getoutput(gpgconfcmd).splitlines()
+except:
+    process = subprocess.Popen(gpgconfcmd.split(), stdout=subprocess.PIPE)
+    procom = process.communicate()
+    if sys.version_info[0] == 2:
+        lines = procom[0].splitlines()
+    else:
+        lines = procom[0].decode().splitlines()
+
+for i in range(len(lines)):
+    if lines[i].startswith("default-key") is True:
+        dline = lines[i]
+    elif lines[i].startswith("encrypt-to") is True:
+        eline = lines[i]
+    else:
+        pass
+
+defkey_fpr = dline.split(":")[-1].replace('"', '').split(',')[0].upper()
+enckey_fpr = eline.split(":")[-1].replace('"', '').split(',')[0].upper()
+
+try:
+    dkey = c.keylist(pattern=defkey_fpr, secret=True)
+    dk = list(dkey)
+except Exception as de:
+    print(de)
+    dk = None
+    print("No valid default key.")
+
+try:
+    ekey = c.keylist(pattern=defkey_fpr, secret=True)
+    ek = list(ekey)
+except Exception as ee:
+    print(ee)
+    ek = None
+    print("No valid always encrypt to key.")
+
+if sigkey is not None:
+    mykey = c.keylist(pattern=sigkey, secret=True)
+    mk = list(mykey)
+    mkfpr = mk[0].fpr.upper()
+    c.signers = mk
+else:
+    if dk is None and ek is not None:
+        c.signers = ek
+    else:
+        pass
+
+for group in group_lists:
+    if group[0] == clique:
+        for logrus in group[1]:
+            khole = c.keylist(pattern=logrus)
+            k = list(khole)
+            to_certify.append(k[0].fpr.upper())
+    else:
+        pass
+
+if mkfpr is not None:
+    if to_certify.count(mkfpr) > 0:
+        for n in range(to_certify.count(mkfpr)):
+            to_certify.remove(mkfpr)
+    else:
+        pass
+else:
+    pass
+
+if defkey_fpr is not None:
+    if to_certify.count(defkey_fpr) > 0:
+        for n in range(to_certify.count(defkey_fpr)):
+            to_certify.remove(defkey_fpr)
+    else:
+        pass
+else:
+    pass
+
+if enckey_fpr is not None:
+    if to_certify.count(enckey_fpr) > 0:
+        for n in range(to_certify.count(enckey_fpr)):
+            to_certify.remove(enckey_fpr)
+    else:
+        pass
+else:
+    pass
+
+for fpr in to_certify:
+    key = c.get_key(fpr)
+    c.key_sign(key, uids=None, expires_in=False, local=True)