From cc4f6c8b4c7b1a02ed11bfe48f03eefedde2ecaa Mon Sep 17 00:00:00 2001 From: Florent Le Coz Date: Sat, 12 Nov 2011 22:24:05 +0100 Subject: Try to verify signatures with different hashes, and use always_trust. --- plugins/gpg/__init__.py | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/plugins/gpg/__init__.py b/plugins/gpg/__init__.py index f1b97575..5662bd4f 100644 --- a/plugins/gpg/__init__.py +++ b/plugins/gpg/__init__.py @@ -14,7 +14,7 @@ NS_ENCRYPTED = "jabber:x:encrypted" SIGNED_ATTACHED_MESSAGE = """-----BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 +Hash: %(hash)s %(clear)s -----BEGIN PGP SIGNATURE----- @@ -98,13 +98,15 @@ class Plugin(BasePlugin): del self.contacts[bare] return if self.config.has_section('keys') and bare in self.config.options('keys'): - to_verify = SIGNED_ATTACHED_MESSAGE % {'clear': presence['status'], - 'data': signed.text} - verify = self.gpg.verify(to_verify) - if verify: - self.contacts[full] = 'valid' - else: - self.contacts[full] = 'invalid' + self.contacts[full] = 'invalid' + for hash_ in ('SHA1', 'SHA256'): + to_verify = SIGNED_ATTACHED_MESSAGE % {'clear': presence['status'], + 'data': signed.text, + 'hash': hash_} + verify = self.gpg.verify(to_verify) + if verify: + self.contacts[full] = 'valid' + break else: self.contacts[full] = 'signed' @@ -127,7 +129,7 @@ class Plugin(BasePlugin): # cannot be encrypted. del message['xhtml_im'] encrypted_element = ET.Element('{%s}x' % (NS_ENCRYPTED,)) - encrypted_element.text = self.remove_gpg_headers(xml.sax.saxutils.escape(str(self.gpg.encrypt(message['body'], self.config.get(to.bare, '', section='keys'))))) + encrypted_element.text = self.remove_gpg_headers(xml.sax.saxutils.escape(str(self.gpg.encrypt(message['body'], self.config.get(to.bare, '', section='keys'), always_trust=True)))) message.append(encrypted_element) message['body'] = 'This message has been encrypted.' -- cgit v1.2.3