gpgme 1.0.8 → 2.0.0

data/lib/gpgme/compat.rb

@@ -1,5 +1,7 @@
 require 'gpgme'
 
+# TODO: Find why is this needed. I guess the name compat means it's just
+# backwards compatibility. Consider removing?
 module GPGME
   GpgmeError = Error
   GpgmeData = Data

data/lib/gpgme/constants.rb

@@ -1,4 +1,5 @@
 module GPGME
+
   ATTR_ALGO = GPGME_ATTR_ALGO
   ATTR_CAN_CERTIFY = GPGME_ATTR_CAN_CERTIFY
   ATTR_CAN_ENCRYPT = GPGME_ATTR_CAN_ENCRYPT
@@ -161,4 +162,26 @@ module GPGME
   VALIDITY_ULTIMATE = GPGME_VALIDITY_ULTIMATE
   VALIDITY_UNDEFINED = GPGME_VALIDITY_UNDEFINED
   VALIDITY_UNKNOWN = GPGME_VALIDITY_UNKNOWN
+
+  PROTOCOL_NAMES = {
+    PROTOCOL_OpenPGP  => :OpenPGP,
+    PROTOCOL_CMS      => :CMS
+  }
+
+  KEYLIST_MODE_NAMES = {
+    KEYLIST_MODE_LOCAL    => :local,
+    KEYLIST_MODE_EXTERN   => :extern,
+    KEYLIST_MODE_SIGS     => :sigs,
+    KEYLIST_MODE_VALIDATE => :validate
+  }
+
+  VALIDITY_NAMES = {
+    VALIDITY_UNKNOWN    => :unknown,
+    VALIDITY_UNDEFINED  => :undefined,
+    VALIDITY_NEVER      => :never,
+    VALIDITY_MARGINAL   => :marginal,
+    VALIDITY_FULL       => :full,
+    VALIDITY_ULTIMATE   => :ultimate
+  }
+
 end

data/lib/gpgme/crypto.rb

@@ -0,0 +1,357 @@
+module GPGME
+
+  ##
+  # Different, independent methods providing the simplest possible API to
+  # execute crypto operations via GPG. All methods accept as options the same
+  # common options as {GPGME::Ctx.new}. Read the documentation for that class to
+  # know how to customize things further (like output stuff in ASCII armored
+  # format, for example).
+  #
+  # @example
+  #   crypto = GPGME::Crypto.new :armor => true
+  #   encrypted = crypto.encrypt 'Plain text'
+  #
+  class Crypto
+
+    attr_reader :default_options
+
+    def initialize(options = {})
+      @default_options = options
+    end
+
+    ##
+    # Encrypts an element
+    #
+    #  crypto.encrypt something, options
+    #
+    # Will return a {GPGME::Data} element which can then be read.
+    #
+    # Must have some key imported, look for {GPGME::Key.import} to know how
+    # to import one, or the gpg documentation to know how to create one
+    #
+    # @param plain
+    #  Must be something that can be converted into a {GPGME::Data} object, or
+    #  a {GPGME::Data} object itself.
+    #
+    # @param [Hash] options
+    #  The optional parameters are as follows:
+    #   * +:recipients+ for which recipient do you want to encrypt this file. It
+    #     will pick the first one available if none specified. Can be an array of
+    #     identifiers or just one (a string).
+    #   * +:symmetric+ if set to true, will ignore +:recipients+, and will perform
+    #     a symmetric encryption. Must provide a password via the +:password+
+    #     option.
+    #   * +:always_trust+ if set to true specifies all the recipients to be
+    #     trusted, thus not requiring confirmation.
+    #   * +:sign+ if set to true, performs a combined sign and encrypt operation.
+    #   * +:signers+ if +:sign+ specified to true, a list of additional possible
+    #     signers. Must be an array of sign identifiers.
+    #   * +:output+ if specified, it will write the output into it. It will be
+    #     converted to a {GPGME::Data} object, so it could be a file for example.
+    #   * Any other option accepted by {GPGME::Ctx.new}
+    #
+    # @return [GPGME::Data] a {GPGME::Data} object that can be read.
+    #
+    # @example returns a {GPGME::Data} that can be later encrypted
+    #  encrypted = crypto.encrypt "Hello world!"
+    #  encrypted.read # => Encrypted stuff
+    #
+    # @example to be decrypted by someone@example.com.
+    #  crypto.encrypt "Hello", :recipients => "someone@example.com"
+    #
+    # @example If I didn't trust any of my keys by default
+    #  crypto.encrypt "Hello" # => GPGME::Error::General
+    #  crypto.encrypt "Hello", :always_trust => true # => Will work fine
+    #
+    # @example encrypted string that can be decrypted and/or *verified*
+    #  crypto.encrypt "Hello", :sign => true
+    #
+    # @example multiple signers
+    #  crypto.encrypt "Hello", :sign => true, :signers => "extra@example.com"
+    #
+    # @example writing to a file instead
+    #  file = File.open("signed.sec","w+")
+    #  crypto.encrypt "Hello", :output => file # output written to signed.sec
+    #
+    # @raise [GPGME::Error::General] when trying to encrypt with a key that is
+    #   not trusted, and +:always_trust+ wasn't specified
+    #
+    def encrypt(plain, options = {})
+      options = @default_options.merge options
+
+      plain_data  = Data.new(plain)
+      cipher_data = Data.new(options[:output])
+      keys        = Key.find(:public, options[:recipients])
+      keys        = nil if options[:symmetric]
+
+      flags = 0
+      flags |= GPGME::ENCRYPT_ALWAYS_TRUST if options[:always_trust]
+
+      GPGME::Ctx.new(options) do |ctx|
+        begin
+          if options[:sign]
+            if options[:signers]
+              signers = Key.find(:public, options[:signers], :sign)
+              ctx.add_signer(*signers)
+            end
+            ctx.encrypt_sign(keys, plain_data, cipher_data, flags)
+          else
+            ctx.encrypt(keys, plain_data, cipher_data, flags)
+          end
+        rescue GPGME::Error::UnusablePublicKey => exc
+          exc.keys = ctx.encrypt_result.invalid_recipients
+          raise exc
+        rescue GPGME::Error::UnusableSecretKey => exc
+          exc.keys = ctx.sign_result.invalid_signers
+          raise exc
+        end
+      end
+
+      cipher_data.seek(0)
+      cipher_data
+    end
+
+    ##
+    # Decrypts a previously encrypted element
+    #
+    #   crypto.decrypt cipher, options, &block
+    #
+    # Must have the appropiate key to be able to decrypt, of course. Returns
+    # a {GPGME::Data} object which can then be read.
+    #
+    # @param cipher
+    #   Must be something that can be converted into a {GPGME::Data} object,
+    #   or a {GPGME::Data} object itself. It is the element that will be
+    #   decrypted.
+    #
+    # @param [Hash] options
+    #   The optional parameters:
+    #   * +:output+ if specified, it will write the output into it. It will
+    #     me converted to a {GPGME::Data} object, so it can also be a file,
+    #     for example.
+    #   * If the file was encrypted with symmentric encryption, must provide
+    #     a :password option.
+    #   * Any other option accepted by {GPGME::Ctx.new}
+    #
+    # @param &block
+    #   In the block all the signatures are yielded, so one could verify them.
+    #   See examples.
+    #
+    # @return [GPGME::Data] a {GPGME::Data} that can be read.
+    #
+    # @example Simple decrypt
+    #   crypto.decrypt encrypted_data
+    #
+    # @example symmetric encryption, or passwored key
+    #   crypto.decrypt encrypted_data, :password => "gpgme"
+    #
+    # @example Output to file
+    #   file = File.open("decrypted.txt", "w+")
+    #   crypto.decrypt encrypted_data, :output => file
+    #
+    # @example Verifying signatures
+    #   crypto.decrypt encrypted_data do |signature|
+    #     raise "Signature could not be verified" unless signature.valid?
+    #   end
+    #
+    # @raise [GPGME::Error::UnsupportedAlgorithm] when the cipher was encrypted
+    #   using an algorithm that's not supported currently.
+    #
+    # @raise [GPGME::Error::WrongKeyUsage] TODO Don't know when
+    #
+    # @raise [GPGME::Error::DecryptFailed] when the cipher was encrypted
+    #   for a key that's not available currently.
+    def decrypt(cipher, options = {})
+      options = @default_options.merge options
+
+      plain_data   = Data.new(options[:output])
+      cipher_data  = Data.new(cipher)
+
+      GPGME::Ctx.new(options) do |ctx|
+        begin
+          ctx.decrypt_verify(cipher_data, plain_data)
+        rescue GPGME::Error::UnsupportedAlgorithm => exc
+          exc.algorithm = ctx.decrypt_result.unsupported_algorithm
+          raise exc
+        rescue GPGME::Error::WrongKeyUsage => exc
+          exc.key_usage = ctx.decrypt_result.wrong_key_usage
+          raise exc
+        end
+
+        verify_result = ctx.verify_result
+        if verify_result && block_given?
+          verify_result.signatures.each do |signature|
+            yield signature
+          end
+        end
+
+      end
+
+      plain_data.seek(0)
+      plain_data
+    end
+
+    ##
+    # Creates a signature of a text
+    #
+    #   crypto.sign text, options
+    #
+    # Must have the appropiate key to be able to decrypt, of course. Returns
+    # a {GPGME::Data} object which can then be read.
+    #
+    # @param text
+    #   The object that will be signed. Must be something that can be converted
+    #   to {GPGME::Data}.
+    #
+    # @param [Hash] options
+    #  Optional parameters.
+    #   * +:signer+ sign identifier to sign the text with. Will use the first
+    #    key it finds if none specified.
+    #   * +:output+ if specified, it will write the output into it. It will be
+    #     converted to a {GPGME::Data} object, so it could be a file for example.
+    #   * +:mode+ Desired type of signature. Options are:
+    #    - +GPGME::SIG_MODE_NORMAL+ for a normal signature. The default one if
+    #      not specified.
+    #    - +GPGME::SIG_MODE_DETACH+ for a detached signature
+    #    - +GPGME::SIG_MODE_CLEAR+ for a cleartext signature
+    #   * Any other option accepted by {GPGME::Ctx.new}
+    #
+    # @return [GPGME::Data] a {GPGME::Data} that can be read.
+    #
+    # @example normal sign
+    #   crypto.sign "Hi there"
+    #
+    # @example outputing to a file
+    #   file = File.open("text.sign", "w+")
+    #   crypto.sign "Hi there", :options => file
+    #
+    # @example doing a detached signature
+    #   crypto.sign "Hi there", :mode => GPGME::SIG_MODE_DETACH
+    #
+    # @example specifying the signer
+    #   crypto.sign "Hi there", :signer => "mrsimo@example.com"
+    #
+    # @raise [GPGME::Error::UnusableSecretKey] TODO don't know when
+    def sign(text, options = {})
+      options = @default_options.merge options
+
+      plain  = Data.new(text)
+      output = Data.new(options[:output])
+      mode   = options[:mode] || GPGME::SIG_MODE_NORMAL
+
+      GPGME::Ctx.new(options) do |ctx|
+        if options[:signer]
+          signers = Key.find(:secret, options[:signer], :sign)
+          ctx.add_signer(*signers)
+        end
+
+        begin
+          ctx.sign(plain, output, mode)
+        rescue GPGME::Error::UnusableSecretKey => exc
+          exc.keys = ctx.sign_result.invalid_signers
+          raise exc
+        end
+      end
+
+      output.seek(0)
+      output
+    end
+
+    # Verifies a previously signed element
+    #
+    #   crypto.verify sig, options, &block
+    #
+    # Must have the proper keys available.
+    #
+    # @param sig
+    #   The signature itself. Must be possible to convert into a {GPGME::Data}
+    #   object, so can be a file.
+    #
+    # @param [Hash] options
+    #   * +:signed_text+ if the sign is detached, then must be the plain text
+    #     for which the signature was created.
+    #   * +:output+ where to store the result of the signature. Will be
+    #     converted to a {GPGME::Data} object.
+    #   * Any other option accepted by {GPGME::Ctx.new}
+    #
+    # @param &block
+    #   In the block all the signatures are yielded, so one could verify them.
+    #   See examples.
+    #
+    # @return [GPGME::Data] unless the sign is detached, the {GPGME::Data}
+    #   object with the plain text. If the sign is detached, will return nil.
+    #
+    # @example simple verification
+    #   sign = crypto.sign("Hi there")
+    #   data = crypto.verify(sign) { |signature| signature.valid? }
+    #   data.read # => "Hi there"
+    #
+    # @example saving output to file
+    #   sign = crypto.sign("Hi there")
+    #   out  = File.open("test.asc", "w+")
+    #   crypto.verify(sign, :output => out) {|signature| signature.valid?}
+    #   out.read # => "Hi there"
+    #
+    # @example verifying a detached signature
+    #   sign = crypto.detach_sign("Hi there")
+    #   # Will fail
+    #   crypto.verify(sign) { |signature| signature.valid? }
+    #   # Will succeed
+    #   crypto.verify(sign, :signed_text => "hi there") do |signature|
+    #     signature.valid?
+    #   end
+    #
+    def verify(sig, options = {})
+      options = @default_options.merge options
+
+      sig         = Data.new(sig)
+      signed_text = Data.new(options[:signed_text])
+      output      = Data.new(options[:output]) unless options[:signed_text]
+
+      GPGME::Ctx.new(options) do |ctx|
+        ctx.verify(sig, signed_text, output)
+        ctx.verify_result.signatures.each do |signature|
+          yield signature
+        end
+      end
+
+      if output
+        output.seek(0)
+        output
+      end
+    end
+
+    # Clearsigns an element
+    #
+    #   crypto.clearsign text, options
+    #
+    # Same functionality of {.sign} only doing clearsigns by default.
+    #
+    def clearsign(text, options = {})
+      sign text, options.merge(:mode => GPGME::SIG_MODE_CLEAR)
+    end
+
+    # Creates a detached signature of an element
+    #
+    #   crypto.detach_sign text, options
+    #
+    # Same functionality of {.sign} only doing detached signs by default.
+    #
+    def detach_sign(text, options = {})
+      sign text, options.merge(:mode => GPGME::SIG_MODE_DETACH)
+    end
+
+    ##
+    # Allows calling of methods directly in the module without the need to
+    # create a new instance.
+    def self.method_missing(method, *args, &block)
+      if GPGME::Crypto.instance_methods(false).include?(method)
+        crypto = GPGME::Crypto.new
+        crypto.send method, *args, &block
+      else
+        super
+      end
+    end
+
+  end # module Crypto
+end # module GPGME

data/lib/gpgme/ctx.rb

@@ -0,0 +1,462 @@
+module GPGME
+
+  ##
+  # A context within which all cryptographic operations are performed.
+  #
+  # More operations can be done which are not available in the higher level
+  # API. Note how to create a new instance of this class in {GPGME::Ctx.new}.
+  #
+  class Ctx
+
+    ##
+    # Create a new instance from the given +options+. Must be released either
+    # executing the operations inside a block, or executing {GPGME::Ctx#release}
+    # afterwards.
+    #
+    # @param [Hash] options
+    #  The optional parameters are as follows:
+    #  * +:protocol+ Either +PROTOCOL_OpenPGP+ or +PROTOCOL_CMS+.
+    #  * +:armor+ will return ASCII armored outputs if specified true.
+    #  * +:textmode+ if +true+, inform the recipient that the input is text.
+    #  * +:keylist_mode+ One of: +KEYLIST_MODE_LOCAL+, +KEYLIST_MODE_EXTERN+,
+    #    +KEYLIST_MODE_SIGS+ or +KEYLIST_MODE_VALIDATE+.
+    #  * +:password+ password of the passphrased password being used.
+    #  * +:passphrase_callback+ A callback function. See {#set_passphrase_callback}.
+    #  * +:passphrase_callback_value+ An object passed to passphrase_callback.
+    #  * +:progress_callback+  A callback function. See {#set_progress_callback}.
+    #  * +:progress_callback_value+ An object passed to progress_callback.
+    #
+    # @example
+    #   ctx = GPGME::Ctx.new
+    #   # operate on ctx
+    #   ctx.release
+    #
+    # @example
+    #   GPGME::Ctx.new do |ctx|
+    #     # operate on ctx
+    #   end
+    #
+    def self.new(options = {})
+      rctx = []
+      err = GPGME::gpgme_new(rctx)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+      ctx = rctx[0]
+
+      ctx.protocol     = options[:protocol]     if options[:protocol]
+      ctx.armor        = options[:armor]        if options[:armor]
+      ctx.textmode     = options[:textmode]     if options[:textmode]
+      ctx.keylist_mode = options[:keylist_mode] if options[:keylist_mode]
+
+      if options[:password]
+        ctx.set_passphrase_callback GPGME::Ctx.method(:pass_function),
+          options[:password]
+      else
+        if options[:passphrase_callback]
+          ctx.set_passphrase_callback options[:passphrase_callback],
+            options[:passphrase_callback_value]
+        end
+      end
+      if options[:progress_callback]
+        ctx.set_progress_callback options[:progress_callback],
+          options[:progress_callback_value]
+      end
+
+      if block_given?
+        begin
+          yield ctx
+        ensure
+          GPGME::gpgme_release(ctx)
+        end
+      else
+        ctx
+      end
+    end
+
+
+    ##
+    # Releases the Ctx instance. Must be called if it was initialized without
+    # a block.
+    #
+    # @example
+    #   ctx = GPGME::Ctx.new
+    #   # operate on ctx
+    #   ctx.release
+    #
+    def release
+      GPGME::gpgme_release(self)
+    end
+
+    ##
+    # Getters and setters
+    ##
+
+    # Set the +protocol+ used within this context. See {GPGME::Ctx.new} for
+    # possible values.
+    def protocol=(proto)
+      err = GPGME::gpgme_set_protocol(self, proto)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+      proto
+    end
+
+    # Return the +protocol+ used within this context.
+    def protocol
+      GPGME::gpgme_get_protocol(self)
+    end
+
+    # Tell whether the output should be ASCII armored.
+    def armor=(yes)
+      GPGME::gpgme_set_armor(self, yes ? 1 : 0)
+      yes
+    end
+
+    # Return true if the output is ASCII armored.
+    def armor
+      GPGME::gpgme_get_armor(self) == 1 ? true : false
+    end
+
+    # Tell whether canonical text mode should be used.
+    def textmode=(yes)
+      GPGME::gpgme_set_textmode(self, yes ? 1 : 0)
+      yes
+    end
+
+    # Return true if canonical text mode is enabled.
+    def textmode
+      GPGME::gpgme_get_textmode(self) == 1 ? true : false
+    end
+
+    # Change the default behaviour of the key listing functions.
+    def keylist_mode=(mode)
+      GPGME::gpgme_set_keylist_mode(self, mode)
+      mode
+    end
+
+    # Return the current key listing mode.
+    def keylist_mode
+      GPGME::gpgme_get_keylist_mode(self)
+    end
+
+    ##
+    # Passphrase and progress callbacks
+    ##
+
+    # Set the passphrase callback with given hook value.
+    # +passfunc+ should respond to +call+ with 5 arguments.
+    #
+    # * +obj+ the parameter +:passphrase_callback_value+ passed when creating
+    #   the {GPGME::Ctx} object.
+    # * +uid_hint+ hint as to what key are we asking the password for. Ex:
+    #
+    #   +CFB3294A50C2CFD7 Albert Llop <mrsimo@example.com>+
+    #
+    # * +passphrase_info+
+    # * +prev_was_bad+ 0 if it's the first time the password is being asked,
+    #   1 otherwise.
+    # * +fd+ file descriptor where the password must be written too.
+    #
+    # Expects a Method object which can be obtained by the +method+ method
+    # (really..).
+    #
+    #  ctx.set_passphrase_callback(MyModule.method(:passfunc))
+    #
+    # @example this method will simply return +maria+ as password.
+    #  def pass_function(obj, uid_hint, passphrase_info, prev_was_bad, fd)
+    #    io = IO.for_fd(fd, 'w')
+    #    io.puts "maria"
+    #    io.flush
+    #  end
+    #
+    # @example this will interactively ask for the password
+    #  def passfunc(obj, uid_hint, passphrase_info, prev_was_bad, fd)
+    #    $stderr.write("Passphrase for #{uid_hint}: ")
+    #    $stderr.flush
+    #    begin
+    #      system('stty -echo')
+    #      io = IO.for_fd(fd, 'w')
+    #      io.puts(gets)
+    #      io.flush
+    #    ensure
+    #      (0 ... $_.length).each do |i| $_[i] = ?0 end if $_
+    #      system('stty echo')
+    #    end
+    #    $stderr.puts
+    #  end
+    #
+    def set_passphrase_callback(passfunc, hook_value = nil)
+      GPGME::gpgme_set_passphrase_cb(self, passfunc, hook_value)
+    end
+    alias set_passphrase_cb set_passphrase_callback
+
+    # Set the progress callback with given hook value.
+    # <i>progfunc</i> should respond to <code>call</code> with 5 arguments.
+    #
+    #  def progfunc(hook, what, type, current, total)
+    #    $stderr.write("#{what}: #{current}/#{total}\r")
+    #    $stderr.flush
+    #  end
+    #
+    #  ctx.set_progress_callback(method(:progfunc))
+    #
+    def set_progress_callback(progfunc, hook_value = nil)
+      GPGME::gpgme_set_progress_cb(self, progfunc, hook_value)
+    end
+    alias set_progress_cb set_progress_callback
+
+    ##
+    # Searching and iterating through keys. Used by {GPGME::Key.find}
+    ##
+
+    # Initiate a key listing operation for given pattern. If +pattern+ is
+    # +nil+, all available keys are returned. If +secret_only<+ is +true+,
+    # only secret keys are returned.
+    #
+    # Used by {GPGME::Ctx#each_key}
+    def keylist_start(pattern = nil, secret_only = false)
+      err = GPGME::gpgme_op_keylist_start(self, pattern, secret_only ? 1 : 0)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+    end
+
+    # Advance to the next key in the key listing operation.
+    #
+    # Used by {GPGME::Ctx#each_key}
+    def keylist_next
+      rkey = []
+      err = GPGME::gpgme_op_keylist_next(self, rkey)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+      rkey[0]
+    end
+
+    # End a pending key list operation.
+    #
+    # Used by {GPGME::Ctx#each_key}
+    def keylist_end
+      err = GPGME::gpgme_op_keylist_end(self)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+    end
+
+    # Convenient method to iterate over keys.
+    #
+    # If +pattern+ is +nil+, all available keys are returned. If +secret_only+
+    # is +true+, only secret keys are returned.
+    #
+    # See {GPGME::Key.find} for an example of how to use, or for an easier way
+    # to use.
+    def each_key(pattern = nil, secret_only = false, &block)
+      keylist_start(pattern, secret_only)
+      begin
+        loop { yield keylist_next }
+      rescue EOFError
+        # The last key in the list has already been returned.
+      ensure
+        keylist_end
+      end
+    end
+    alias each_keys each_key
+
+    # Returns the keys that match the +pattern+, or all if +pattern+ is nil.
+    # Returns only secret keys if +secret_only+ is true.
+    def keys(pattern = nil, secret_only = nil)
+      keys = []
+      each_key(pattern, secret_only) do |key|
+        keys << key
+      end
+      keys
+    end
+
+    # Get the key with the +fingerprint+.
+    # If +secret+ is +true+, secret key is returned.
+    def get_key(fingerprint, secret = false)
+      rkey = []
+      err = GPGME::gpgme_get_key(self, fingerprint, rkey, secret ? 1 : 0)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+      rkey[0]
+    end
+
+    ##
+    # Import/export and generation/deletion of keys
+    ##
+
+    # Generate a new key pair.
+    # +parms+ is a string which looks like
+    #
+    #  <GnupgKeyParms format="internal">
+    #  Key-Type: DSA
+    #  Key-Length: 1024
+    #  Subkey-Type: ELG-E
+    #  Subkey-Length: 1024
+    #  Name-Real: Joe Tester
+    #  Name-Comment: with stupid passphrase
+    #  Name-Email: joe@foo.bar
+    #  Expire-Date: 0
+    #  Passphrase: abc
+    #  </GnupgKeyParms>
+    #
+    # If +pubkey+ and +seckey+ are both set to +nil+, it stores the generated
+    # key pair into your key ring.
+    def generate_key(parms, pubkey = nil, seckey = nil)
+      err = GPGME::gpgme_op_genkey(self, parms, pubkey, seckey)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+    end
+    alias genkey generate_key
+
+    # Extract the public keys that match the +recipients+. Returns a
+    # {GPGME::Data} object which is not rewinded (should do +seek(0)+
+    # before reading).
+    #
+    # Private keys cannot be exported due to GPGME restrictions.
+    #
+    # If passed, the key will be exported to +keydata+, which must be
+    # a {GPGME::Data} object.
+    def export_keys(recipients, keydata = Data.new)
+      err = GPGME::gpgme_op_export(self, recipients, 0, keydata)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+      keydata
+    end
+    alias export export_keys
+
+    # Add the keys in the data buffer to the key ring.
+    def import_keys(keydata)
+      err = GPGME::gpgme_op_import(self, keydata)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+    end
+    alias import import_keys
+
+    def import_result
+      GPGME::gpgme_op_import_result(self)
+    end
+
+    # Delete the key from the key ring.
+    # If allow_secret is false, only public keys are deleted,
+    # otherwise secret keys are deleted as well.
+    def delete_key(key, allow_secret = false)
+      err = GPGME::gpgme_op_delete(self, key, allow_secret ? 1 : 0)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+    end
+    alias delete delete_key
+
+    # Edit attributes of the key in the local key ring.
+    def edit_key(key, editfunc, hook_value = nil, out = Data.new)
+      err = GPGME::gpgme_op_edit(self, key, editfunc, hook_value, out)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+    end
+    alias edit edit_key
+
+    # Edit attributes of the key on the card.
+    def edit_card_key(key, editfunc, hook_value = nil, out = Data.new)
+      err = GPGME::gpgme_op_card_edit(self, key, editfunc, hook_value, out)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+    end
+    alias edit_card edit_card_key
+    alias card_edit edit_card_key
+
+    ##
+    # Crypto operations
+    ##
+
+    # Decrypt the ciphertext and return the plaintext.
+    def decrypt(cipher, plain = Data.new)
+      err = GPGME::gpgme_op_decrypt(self, cipher, plain)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+      plain
+    end
+
+    def decrypt_verify(cipher, plain = Data.new)
+      err = GPGME::gpgme_op_decrypt_verify(self, cipher, plain)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+      plain
+    end
+
+    def decrypt_result
+      GPGME::gpgme_op_decrypt_result(self)
+    end
+
+    # Verify that the signature in the data object is a valid signature.
+    def verify(sig, signed_text = nil, plain = Data.new)
+      err = GPGME::gpgme_op_verify(self, sig, signed_text, plain)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+      plain
+    end
+
+    def verify_result
+      GPGME::gpgme_op_verify_result(self)
+    end
+
+    # Remove the list of signers from this object.
+    def clear_signers
+      GPGME::gpgme_signers_clear(self)
+    end
+
+    # Add _keys_ to the list of signers.
+    def add_signer(*keys)
+      keys.each do |key|
+        err = GPGME::gpgme_signers_add(self, key)
+        exc = GPGME::error_to_exception(err)
+        raise exc if exc
+      end
+    end
+
+    # Create a signature for the text.
+    # +plain+ is a data object which contains the text.
+    # +sig+ is a data object where the generated signature is stored.
+    def sign(plain, sig = Data.new, mode = GPGME::SIG_MODE_NORMAL)
+      err = GPGME::gpgme_op_sign(self, plain, sig, mode)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+      sig
+    end
+
+    def sign_result
+      GPGME::gpgme_op_sign_result(self)
+    end
+
+    # Encrypt the plaintext in the data object for the recipients and
+    # return the ciphertext.
+    def encrypt(recp, plain, cipher = Data.new, flags = 0)
+      err = GPGME::gpgme_op_encrypt(self, recp, flags, plain, cipher)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+      cipher
+    end
+
+    def encrypt_result
+      GPGME::gpgme_op_encrypt_result(self)
+    end
+
+    def encrypt_sign(recp, plain, cipher = Data.new, flags = 0)
+      err = GPGME::gpgme_op_encrypt_sign(self, recp, flags, plain, cipher)
+      exc = GPGME::error_to_exception(err)
+      raise exc if exc
+      cipher
+    end
+
+    def inspect
+      "#<#{self.class} protocol=#{PROTOCOL_NAMES[protocol] || protocol}, \
+armor=#{armor}, textmode=#{textmode}, \
+keylist_mode=#{KEYLIST_MODE_NAMES[keylist_mode]}>"
+    end
+
+    private
+
+    def self.pass_function(pass, uid_hint, passphrase_info, prev_was_bad, fd)
+      io = IO.for_fd(fd, 'w')
+      io.puts pass
+      io.flush
+    end
+
+  end
+end