gpgme 2.0.24 → 2.0.26

data/ext/gpgme/gpgme_n.c

@@ -88,29 +88,106 @@
 #define RSTRING_LEN(a) RSTRING(a)->len
 #endif
 
+/* TypedData type definitions for Ruby 3.x compatibility */
+static void
+gpgme_data_free(void *ptr)
+{
+  if (ptr)
+    gpgme_data_release((gpgme_data_t)ptr);
+}
+
+static const rb_data_type_t gpgme_data_type = {
+  .wrap_struct_name = "GPGME::Data",
+  .function = {
+    .dmark = NULL,
+    .dfree = gpgme_data_free,
+    .dsize = NULL,
+  },
+  .data = NULL,
+  .flags = 0,
+};
+
+static void
+gpgme_ctx_free(void *ptr)
+{
+  if (ptr)
+    gpgme_release((gpgme_ctx_t)ptr);
+}
+
+static const rb_data_type_t gpgme_ctx_type = {
+  .wrap_struct_name = "GPGME::Ctx",
+  .function = {
+    .dmark = NULL,
+    .dfree = gpgme_ctx_free,
+    .dsize = NULL,
+  },
+  .data = NULL,
+  .flags = 0,
+};
+
+static void
+gpgme_key_free(void *ptr)
+{
+  if (ptr)
+    gpgme_key_unref((gpgme_key_t)ptr);
+}
+
+static const rb_data_type_t gpgme_key_type = {
+  .wrap_struct_name = "GPGME::Key",
+  .function = {
+    .dmark = NULL,
+    .dfree = gpgme_key_free,
+    .dsize = NULL,
+  },
+  .data = NULL,
+  .flags = 0,
+};
+
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER < 0x020000
+static void
+gpgme_trust_item_free(void *ptr)
+{
+  if (ptr)
+    gpgme_trust_item_unref((gpgme_trust_item_t)ptr);
+}
+
+static const rb_data_type_t gpgme_trust_item_type = {
+  .wrap_struct_name = "GPGME::TrustItem",
+  .function = {
+    .dmark = NULL,
+    .dfree = gpgme_trust_item_free,
+    .dsize = NULL,
+  },
+  .data = NULL,
+  .flags = 0,
+};
+#endif
+
 #define WRAP_GPGME_DATA(dh)                                        \
-  Data_Wrap_Struct(cData, 0, gpgme_data_release, dh)
+  TypedData_Wrap_Struct(cData, &gpgme_data_type, dh)
 /* `gpgme_data_t' is typedef'ed as `struct gpgme_data *'. */
 #define UNWRAP_GPGME_DATA(vdh, dh)                                \
-  Data_Get_Struct(vdh, struct gpgme_data, dh);
+  TypedData_Get_Struct(vdh, struct gpgme_data, &gpgme_data_type, dh)
 
 #define WRAP_GPGME_CTX(ctx)                                        \
-  Data_Wrap_Struct(cCtx, 0, gpgme_release, ctx)
+  TypedData_Wrap_Struct(cCtx, &gpgme_ctx_type, ctx)
 /* `gpgme_ctx_t' is typedef'ed as `struct gpgme_context *'. */
 #define UNWRAP_GPGME_CTX(vctx, ctx)                                \
-  Data_Get_Struct(vctx, struct gpgme_context, ctx)
+  TypedData_Get_Struct(vctx, struct gpgme_context, &gpgme_ctx_type, ctx)
 
 #define WRAP_GPGME_KEY(key)                                        \
-  Data_Wrap_Struct(cKey, 0, gpgme_key_unref, key)
+  TypedData_Wrap_Struct(cKey, &gpgme_key_type, key)
 /* `gpgme_key_t' is typedef'ed as `struct _gpgme_key *'. */
 #define UNWRAP_GPGME_KEY(vkey, key)                                \
-  Data_Get_Struct(vkey, struct _gpgme_key, key)
+  TypedData_Get_Struct(vkey, struct _gpgme_key, &gpgme_key_type, key)
 
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER < 0x020000
 #define WRAP_GPGME_TRUST_ITEM(item)                                          \
-  Data_Wrap_Struct(cTrustItem, 0, gpgme_trust_item_unref, item)
+  TypedData_Wrap_Struct(cTrustItem, &gpgme_trust_item_type, item)
 /* `gpgme_trust_item_t' is typedef'ed as `struct _gpgme_trust_item *'. */
 #define UNWRAP_GPGME_TRUST_ITEM(vitem, item)                        \
-  Data_Get_Struct(vitem, struct _gpgme_trust_item, item)
+  TypedData_Get_Struct(vitem, struct _gpgme_trust_item, &gpgme_trust_item_type, item)
+#endif
 
 static VALUE cEngineInfo,
   cCtx,
@@ -123,7 +200,9 @@ static VALUE cEngineInfo,
   cNewSignature,
   cSignature,
   cSigNotation,
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER < 0x020000
   cTrustItem,
+#endif
   cRecipient,
   cDecryptResult,
   cVerifyResult,
@@ -264,19 +343,19 @@ rb_s_gpgme_hash_algo_name (VALUE dummy, VALUE valgo)
 static VALUE
 rb_s_gpgme_err_code (VALUE dummy, VALUE verr)
 {
-  return INT2FIX(gpgme_err_code (NUM2LONG(verr)));
+  return INT2FIX(gpgme_err_code (NUM2UINT(verr)));
 }
 
 static VALUE
 rb_s_gpgme_err_source (VALUE dummy, VALUE verr)
 {
-  return INT2FIX(gpgme_err_source (NUM2LONG(verr)));
+  return INT2FIX(gpgme_err_source (NUM2UINT(verr)));
 }
 
 static VALUE
 rb_s_gpgme_strerror (VALUE dummy, VALUE verr)
 {
-  return rb_str_new2 (gpgme_strerror (NUM2LONG(verr)));
+  return rb_str_new2 (gpgme_strerror (NUM2UINT(verr)));
 }
 
 static VALUE
@@ -299,7 +378,7 @@ rb_s_gpgme_data_new_from_mem (VALUE dummy, VALUE rdh, VALUE vbuffer,
   size_t size = NUM2UINT(vsize);
   gpgme_error_t err;
 
-  if (RSTRING_LEN(vbuffer) < size)
+  if ((size_t)RSTRING_LEN(vbuffer) < size)
     rb_raise (rb_eArgError, "argument out of range");
 
   err = gpgme_data_new_from_mem (&dh, StringValuePtr(vbuffer), size, 1);
@@ -341,11 +420,21 @@ static ssize_t
 write_cb (void *handle, const void *buffer, size_t size)
 {
   VALUE vcb = (VALUE)handle, vcbs, vhook_value, vbuffer, vnwrite;
+  rb_encoding *enc;
 
   vcbs = RARRAY_PTR(vcb)[0];
   vhook_value = RARRAY_PTR(vcb)[1];
   vbuffer = rb_str_new (buffer, size);
 
+  /* Associate encoding with the buffer string.
+   * Use default internal encoding if set, otherwise use binary encoding.
+   * This allows the app author to control the encoding via
+   * Encoding.default_internal while maintaining backward compatibility. */
+  enc = rb_default_internal_encoding ();
+  if (!enc)
+    enc = rb_ascii8bit_encoding ();
+  rb_enc_associate (vbuffer, enc);
+
   vnwrite = rb_funcall (vcbs, rb_intern ("write"), 3,
                         vhook_value, vbuffer, LONG2NUM(size));
   return NUM2LONG(vnwrite);
@@ -510,7 +599,7 @@ rb_s_gpgme_release (VALUE dummy, VALUE vctx)
   if (!ctx)
     rb_raise (rb_eArgError, "released ctx");
   gpgme_release (ctx);
-  DATA_PTR(vctx) = NULL;
+  RTYPEDDATA_DATA(vctx) = NULL;
   return Qnil;
 }
 
@@ -538,7 +627,6 @@ rb_s_gpgme_get_ctx_flag (VALUE dummy, VALUE vctx, VALUE vname)
 {
   gpgme_ctx_t ctx;
   const char* name;
-  int yes;
 
   name = StringValueCStr(vname);
 
@@ -1045,11 +1133,19 @@ save_gpgme_key_attrs (VALUE vkey, gpgme_key_t key)
       rb_iv_set (vsubkey, "@keyid", rb_str_new2 (subkey->keyid));
       if (subkey->fpr)
         rb_iv_set (vsubkey, "@fpr", rb_str_new2 (subkey->fpr));
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER >= 0x020000
+      rb_iv_set (vsubkey, "@timestamp", ULONG2NUM(subkey->timestamp));
+      rb_iv_set (vsubkey, "@expires", ULONG2NUM(subkey->expires));
+#else
       rb_iv_set (vsubkey, "@timestamp", LONG2NUM(subkey->timestamp));
       rb_iv_set (vsubkey, "@expires", LONG2NUM(subkey->expires));
+#endif
 #if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER >= 0x010500
       if (subkey->curve)
         rb_iv_set (vsubkey, "@curve", rb_str_new2 (subkey->curve));
+#endif
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER >= 0x020000
+      rb_iv_set (vsubkey, "@subkey_match", INT2FIX(subkey->subkey_match));
 #endif
       rb_ary_push (vsubkeys, vsubkey);
     }
@@ -1080,8 +1176,13 @@ save_gpgme_key_attrs (VALUE vkey, gpgme_key_t key)
           rb_iv_set (vkey_sig, "@exportable", INT2FIX(key_sig->exportable));
           rb_iv_set (vkey_sig, "@pubkey_algo", INT2FIX(key_sig->pubkey_algo));
           rb_iv_set (vkey_sig, "@keyid", rb_str_new2 (key_sig->keyid));
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER >= 0x020000
+          rb_iv_set (vkey_sig, "@timestamp", ULONG2NUM(key_sig->timestamp));
+          rb_iv_set (vkey_sig, "@expires", ULONG2NUM(key_sig->expires));
+#else
           rb_iv_set (vkey_sig, "@timestamp", LONG2NUM(key_sig->timestamp));
           rb_iv_set (vkey_sig, "@expires", LONG2NUM(key_sig->expires));
+#endif
           rb_ary_push (vsignatures, vkey_sig);
         }
       rb_ary_push (vuids, vuser_id);
@@ -1109,6 +1210,9 @@ rb_s_gpgme_op_keylist_next (VALUE dummy, VALUE vctx, VALUE rkey)
       save_gpgme_key_attrs (vkey, key);
       rb_ary_store (rkey, 0, vkey);
     }
+
+  RB_GC_GUARD(vctx);
+
   return LONG2NUM(err);
 }
 
@@ -1484,6 +1588,27 @@ rb_s_gpgme_op_delete (VALUE dummy, VALUE vctx, VALUE vkey, VALUE vallow_secret)
   return LONG2NUM(err);
 }
 
+/* This method was added in 1.9.1. */
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER >= 0x010901
+static VALUE
+rb_s_gpgme_op_delete_ext (VALUE dummy, VALUE vctx, VALUE vkey, VALUE vflags)
+{
+  gpgme_ctx_t ctx;
+  gpgme_key_t key;
+  gpgme_error_t err;
+
+  CHECK_KEYLIST_NOT_IN_PROGRESS(vctx);
+
+  UNWRAP_GPGME_CTX(vctx, ctx);
+  if (!ctx)
+    rb_raise (rb_eArgError, "released ctx");
+  UNWRAP_GPGME_KEY(vkey, key);
+
+  err = gpgme_op_delete_ext (ctx, key, NUM2INT(vflags));
+  return LONG2NUM(err);
+}
+#endif
+
 static VALUE
 rb_s_gpgme_op_delete_start (VALUE dummy, VALUE vctx, VALUE vkey,
                             VALUE vallow_secret)
@@ -1503,6 +1628,305 @@ rb_s_gpgme_op_delete_start (VALUE dummy, VALUE vctx, VALUE vkey,
   return LONG2NUM(err);
 }
 
+/*
+ * Key Edit Interface
+ *
+ * GPGME 2.0.0 deprecated gpgme_op_edit, gpgme_op_edit_start, gpgme_op_card_edit,
+ * and gpgme_op_card_edit_start in favor of gpgme_op_interact and gpgme_op_interact_start.
+ *
+ * The new interact callback has a different signature:
+ *   Old: gpgme_error_t (*)(void *opaque, gpgme_status_code_t status, const char *args, int fd)
+ *   New: gpgme_error_t (*)(void *opaque, const char *keyword, const char *args, int fd)
+ *
+ * For backward compatibility, we keep the same Ruby interface (gpgme_op_edit, etc.)
+ * but internally use gpgme_op_interact for GPGME 2.0.0+, converting keyword strings
+ * to status codes in the callback shim.
+ */
+
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER >= 0x020000
+/*
+ * GPGME 2.0.0+: Use gpgme_op_interact internally, but expose the same
+ * gpgme_op_edit interface to Ruby for backward compatibility.
+ *
+ * The shim callback converts keyword strings to status codes.
+ */
+
+/* Macro to define keyword-to-status mapping entries */
+#define STATUS_ENTRY(x) { #x, GPGME_STATUS_##x }
+
+/* Mapping table from keyword strings to status codes */
+static struct {
+  const char *keyword;
+  gpgme_status_code_t status;
+} keyword_to_status[] = {
+  STATUS_ENTRY(EOF),
+  STATUS_ENTRY(ENTER),
+  STATUS_ENTRY(LEAVE),
+  STATUS_ENTRY(ABORT),
+  STATUS_ENTRY(GOODSIG),
+  STATUS_ENTRY(BADSIG),
+  STATUS_ENTRY(ERRSIG),
+  STATUS_ENTRY(BADARMOR),
+  STATUS_ENTRY(RSA_OR_IDEA),
+  STATUS_ENTRY(KEYEXPIRED),
+  STATUS_ENTRY(KEYREVOKED),
+  STATUS_ENTRY(TRUST_UNDEFINED),
+  STATUS_ENTRY(TRUST_NEVER),
+  STATUS_ENTRY(TRUST_MARGINAL),
+  STATUS_ENTRY(TRUST_FULLY),
+  STATUS_ENTRY(TRUST_ULTIMATE),
+  STATUS_ENTRY(SHM_INFO),
+  STATUS_ENTRY(SHM_GET),
+  STATUS_ENTRY(SHM_GET_BOOL),
+  STATUS_ENTRY(SHM_GET_HIDDEN),
+  STATUS_ENTRY(NEED_PASSPHRASE),
+  STATUS_ENTRY(VALIDSIG),
+  STATUS_ENTRY(SIG_ID),
+  STATUS_ENTRY(ENC_TO),
+  STATUS_ENTRY(NODATA),
+  STATUS_ENTRY(BAD_PASSPHRASE),
+  STATUS_ENTRY(NO_PUBKEY),
+  STATUS_ENTRY(NO_SECKEY),
+  STATUS_ENTRY(NEED_PASSPHRASE_SYM),
+  STATUS_ENTRY(DECRYPTION_FAILED),
+  STATUS_ENTRY(DECRYPTION_OKAY),
+  STATUS_ENTRY(MISSING_PASSPHRASE),
+  STATUS_ENTRY(GOOD_PASSPHRASE),
+  STATUS_ENTRY(GOODMDC),
+  STATUS_ENTRY(BADMDC),
+  STATUS_ENTRY(ERRMDC),
+  STATUS_ENTRY(IMPORTED),
+  STATUS_ENTRY(IMPORT_OK),
+  STATUS_ENTRY(IMPORT_PROBLEM),
+  STATUS_ENTRY(IMPORT_RES),
+  STATUS_ENTRY(FILE_START),
+  STATUS_ENTRY(FILE_DONE),
+  STATUS_ENTRY(FILE_ERROR),
+  STATUS_ENTRY(BEGIN_DECRYPTION),
+  STATUS_ENTRY(END_DECRYPTION),
+  STATUS_ENTRY(BEGIN_ENCRYPTION),
+  STATUS_ENTRY(END_ENCRYPTION),
+  STATUS_ENTRY(DELETE_PROBLEM),
+  STATUS_ENTRY(GET_BOOL),
+  STATUS_ENTRY(GET_LINE),
+  STATUS_ENTRY(GET_HIDDEN),
+  STATUS_ENTRY(GOT_IT),
+  STATUS_ENTRY(PROGRESS),
+  STATUS_ENTRY(SIG_CREATED),
+  STATUS_ENTRY(SESSION_KEY),
+  STATUS_ENTRY(NOTATION_NAME),
+  STATUS_ENTRY(NOTATION_DATA),
+  STATUS_ENTRY(POLICY_URL),
+  STATUS_ENTRY(BEGIN_STREAM),
+  STATUS_ENTRY(END_STREAM),
+  STATUS_ENTRY(KEY_CREATED),
+  STATUS_ENTRY(USERID_HINT),
+  STATUS_ENTRY(UNEXPECTED),
+  STATUS_ENTRY(INV_RECP),
+  STATUS_ENTRY(NO_RECP),
+  STATUS_ENTRY(ALREADY_SIGNED),
+  STATUS_ENTRY(SIGEXPIRED),
+  STATUS_ENTRY(EXPSIG),
+  STATUS_ENTRY(EXPKEYSIG),
+  STATUS_ENTRY(TRUNCATED),
+  STATUS_ENTRY(ERROR),
+  STATUS_ENTRY(NEWSIG),
+  STATUS_ENTRY(REVKEYSIG),
+  STATUS_ENTRY(SIG_SUBPACKET),
+  STATUS_ENTRY(NEED_PASSPHRASE_PIN),
+  STATUS_ENTRY(SC_OP_FAILURE),
+  STATUS_ENTRY(SC_OP_SUCCESS),
+  STATUS_ENTRY(CARDCTRL),
+  STATUS_ENTRY(BACKUP_KEY_CREATED),
+  STATUS_ENTRY(PKA_TRUST_BAD),
+  STATUS_ENTRY(PKA_TRUST_GOOD),
+  STATUS_ENTRY(PLAINTEXT),
+  STATUS_ENTRY(INV_SGNR),
+  STATUS_ENTRY(NO_SGNR),
+  STATUS_ENTRY(SUCCESS),
+  STATUS_ENTRY(DECRYPTION_INFO),
+  STATUS_ENTRY(PLAINTEXT_LENGTH),
+  STATUS_ENTRY(MOUNTPOINT),
+  STATUS_ENTRY(PINENTRY_LAUNCHED),
+  STATUS_ENTRY(ATTRIBUTE),
+  STATUS_ENTRY(BEGIN_SIGNING),
+  STATUS_ENTRY(KEY_NOT_CREATED),
+  STATUS_ENTRY(INQUIRE_MAXLEN),
+  STATUS_ENTRY(FAILURE),
+  STATUS_ENTRY(KEY_CONSIDERED),
+  STATUS_ENTRY(TOFU_USER),
+  STATUS_ENTRY(TOFU_STATS),
+  STATUS_ENTRY(TOFU_STATS_LONG),
+  STATUS_ENTRY(NOTATION_FLAGS),
+  STATUS_ENTRY(DECRYPTION_COMPLIANCE_MODE),
+  STATUS_ENTRY(VERIFICATION_COMPLIANCE_MODE),
+  STATUS_ENTRY(CANCELED_BY_USER),
+  { NULL, GPGME_STATUS_EOF }
+};
+
+#undef STATUS_ENTRY
+
+static gpgme_status_code_t
+keyword_to_status_code (const char *keyword)
+{
+  size_t i;
+
+  if (!keyword)
+    return GPGME_STATUS_EOF;
+
+  for (i = 0; keyword_to_status[i].keyword != NULL; i++)
+    {
+      if (strcmp (keyword, keyword_to_status[i].keyword) == 0)
+        return keyword_to_status[i].status;
+    }
+
+  /* Unknown keyword - return EOF as fallback */
+  return GPGME_STATUS_EOF;
+}
+
+/*
+ * Shim callback that converts keyword strings to status codes
+ * for backward compatibility with existing Ruby callbacks.
+ */
+static gpgme_error_t
+edit_cb_shim (void *hook, const char *keyword, const char *args, int fd)
+{
+  VALUE vcb = (VALUE) hook, veditfunc, vhook_value;
+  gpgme_status_code_t status;
+
+  veditfunc = RARRAY_PTR (vcb)[0];
+  vhook_value = RARRAY_PTR (vcb)[1];
+
+  status = keyword_to_status_code (keyword);
+
+  rb_funcall (veditfunc, rb_intern ("call"), 4, vhook_value, INT2FIX (status),
+              args ? rb_str_new2 (args) : rb_str_new2 (""), INT2NUM (fd));
+  return gpgme_err_make (GPG_ERR_SOURCE_USER_1, GPG_ERR_NO_ERROR);
+}
+
+static VALUE
+rb_s_gpgme_op_edit (VALUE dummy, VALUE vctx, VALUE vkey,
+                    VALUE veditfunc, VALUE vhook_value, VALUE vout)
+{
+  gpgme_ctx_t ctx;
+  gpgme_key_t key;
+  gpgme_data_t out = NULL;
+  VALUE vcb;
+  gpgme_error_t err;
+
+  CHECK_KEYLIST_NOT_IN_PROGRESS (vctx);
+
+  UNWRAP_GPGME_CTX(vctx, ctx);
+  if (!ctx)
+    rb_raise (rb_eArgError, "released ctx");
+  UNWRAP_GPGME_KEY(vkey, key);
+  if (!NIL_P(vout))
+    UNWRAP_GPGME_DATA(vout, out);
+
+  vcb = rb_ary_new ();
+  rb_ary_push (vcb, veditfunc);
+  rb_ary_push (vcb, vhook_value);
+  /* Keep a reference to avoid GC. */
+  rb_iv_set (vctx, "@edit_cb", vcb);
+
+  /* Use gpgme_op_interact with flags=0, shim converts keywords to status codes */
+  err = gpgme_op_interact (ctx, key, 0, edit_cb_shim, (void *)vcb, out);
+  return LONG2NUM(err);
+}
+
+static VALUE
+rb_s_gpgme_op_edit_start (VALUE dummy, VALUE vctx, VALUE vkey,
+                          VALUE veditfunc, VALUE vhook_value, VALUE vout)
+{
+  gpgme_ctx_t ctx;
+  gpgme_key_t key;
+  gpgme_data_t out = NULL;
+  VALUE vcb;
+  gpgme_error_t err;
+
+  CHECK_KEYLIST_NOT_IN_PROGRESS(vctx);
+
+  UNWRAP_GPGME_CTX(vctx, ctx);
+  if (!ctx)
+    rb_raise (rb_eArgError, "released ctx");
+  UNWRAP_GPGME_KEY(vkey, key);
+  if (!NIL_P(vout))
+    UNWRAP_GPGME_DATA(vout, out);
+
+  vcb = rb_ary_new ();
+  rb_ary_push (vcb, veditfunc);
+  rb_ary_push (vcb, vhook_value);
+  /* Keep a reference to avoid GC. */
+  rb_iv_set (vctx, "@edit_cb", vcb);
+
+  /* Use gpgme_op_interact_start with flags=0, shim converts keywords to status codes */
+  err = gpgme_op_interact_start (ctx, key, 0, edit_cb_shim, (void *)vcb, out);
+  return LONG2NUM(err);
+}
+
+static VALUE
+rb_s_gpgme_op_card_edit (VALUE dummy, VALUE vctx, VALUE vkey,
+                    VALUE veditfunc, VALUE vhook_value, VALUE vout)
+{
+  gpgme_ctx_t ctx;
+  gpgme_key_t key;
+  gpgme_data_t out = NULL;
+  VALUE vcb;
+  gpgme_error_t err;
+
+  CHECK_KEYLIST_NOT_IN_PROGRESS(vctx);
+
+  UNWRAP_GPGME_CTX(vctx, ctx);
+  if (!ctx)
+    rb_raise (rb_eArgError, "released ctx");
+  UNWRAP_GPGME_KEY(vkey, key);
+  if (!NIL_P(vout))
+    UNWRAP_GPGME_DATA(vout, out);
+
+  vcb = rb_ary_new ();
+  rb_ary_push (vcb, veditfunc);
+  rb_ary_push (vcb, vhook_value);
+  /* Keep a reference to avoid GC. */
+  rb_iv_set (vctx, "@card_edit_cb", vcb);
+
+  /* Use gpgme_op_interact with GPGME_INTERACT_CARD flag */
+  err = gpgme_op_interact (ctx, key, GPGME_INTERACT_CARD, edit_cb_shim, (void *)vcb, out);
+  return LONG2NUM(err);
+}
+
+static VALUE
+rb_s_gpgme_op_card_edit_start (VALUE dummy, VALUE vctx, VALUE vkey,
+                               VALUE veditfunc, VALUE vhook_value, VALUE vout)
+{
+  gpgme_ctx_t ctx;
+  gpgme_key_t key;
+  gpgme_data_t out = NULL;
+  VALUE vcb;
+  gpgme_error_t err;
+
+  CHECK_KEYLIST_NOT_IN_PROGRESS(vctx);
+
+  UNWRAP_GPGME_CTX(vctx, ctx);
+  if (!ctx)
+    rb_raise (rb_eArgError, "released ctx");
+  UNWRAP_GPGME_KEY(vkey, key);
+  if (!NIL_P(vout))
+    UNWRAP_GPGME_DATA(vout, out);
+
+  vcb = rb_ary_new ();
+  rb_ary_push (vcb, veditfunc);
+  rb_ary_push (vcb, vhook_value);
+  /* Keep a reference to avoid GC. */
+  rb_iv_set (vctx, "@card_edit_cb", vcb);
+
+  /* Use gpgme_op_interact_start with GPGME_INTERACT_CARD flag */
+  err = gpgme_op_interact_start (ctx, key, GPGME_INTERACT_CARD, edit_cb_shim, (void *)vcb, out);
+  return LONG2NUM(err);
+}
+
+#else
+/* GPGME < 2.0.0: Use the original gpgme_op_edit functions directly */
+
 static gpgme_error_t
 edit_cb (void *hook, gpgme_status_code_t status, const char *args, int fd)
 {
@@ -1632,7 +2056,9 @@ rb_s_gpgme_op_card_edit_start (VALUE dummy, VALUE vctx, VALUE vkey,
   err = gpgme_op_card_edit_start (ctx, key, edit_cb, (void *)vcb, out);
   return LONG2NUM(err);
 }
+#endif /* GPGME_VERSION_NUMBER >= 0x020000 */
 
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER < 0x020000
 static VALUE
 rb_s_gpgme_op_trustlist_start (VALUE dummy, VALUE vctx, VALUE vpattern,
                                VALUE vmax_level)
@@ -1696,6 +2122,7 @@ rb_s_gpgme_op_trustlist_end (VALUE dummy, VALUE vctx)
   err = gpgme_op_trustlist_end (ctx);
   return LONG2NUM(err);
 }
+#endif
 
 static VALUE
 rb_s_gpgme_op_decrypt (VALUE dummy, VALUE vctx, VALUE vcipher, VALUE vplain)
@@ -1713,6 +2140,11 @@ rb_s_gpgme_op_decrypt (VALUE dummy, VALUE vctx, VALUE vcipher, VALUE vplain)
   UNWRAP_GPGME_DATA(vplain, plain);
 
   err = gpgme_op_decrypt (ctx, cipher, plain);
+
+  RB_GC_GUARD(vctx);
+  RB_GC_GUARD(vcipher);
+  RB_GC_GUARD(vplain);
+
   return LONG2NUM(err);
 }
 
@@ -1792,6 +2224,12 @@ rb_s_gpgme_op_verify (VALUE dummy, VALUE vctx, VALUE vsig, VALUE vsigned_text,
     UNWRAP_GPGME_DATA(vplain, plain);
 
   err = gpgme_op_verify (ctx, sig, signed_text, plain);
+
+  RB_GC_GUARD(vctx);
+  RB_GC_GUARD(vsig);
+  RB_GC_GUARD(vsigned_text);
+  RB_GC_GUARD(vplain);
+
   return LONG2NUM(err);
 }
 
@@ -1896,6 +2334,11 @@ rb_s_gpgme_op_decrypt_verify (VALUE dummy, VALUE vctx, VALUE vcipher,
   UNWRAP_GPGME_DATA(vplain, plain);
 
   err = gpgme_op_decrypt_verify (ctx, cipher, plain);
+
+  RB_GC_GUARD(vctx);
+  RB_GC_GUARD(vcipher);
+  RB_GC_GUARD(vplain);
+
   return LONG2NUM(err);
 }
 
@@ -1980,6 +2423,11 @@ rb_s_gpgme_op_sign (VALUE dummy, VALUE vctx, VALUE vplain, VALUE vsig,
   UNWRAP_GPGME_DATA(vsig, sig);
 
   err = gpgme_op_sign (ctx, plain, sig, NUM2INT(vmode));
+
+  RB_GC_GUARD(vctx);
+  RB_GC_GUARD(vplain);
+  RB_GC_GUARD(vsig);
+
   return LONG2NUM(err);
 }
 
@@ -2046,8 +2494,13 @@ rb_s_gpgme_op_sign_result (VALUE dummy, VALUE vctx)
                  INT2FIX(new_signature->hash_algo));
       rb_iv_set (vnew_signature, "@sig_class",
                  UINT2NUM(new_signature->sig_class));
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER >= 0x020000
+      rb_iv_set (vnew_signature, "@timestamp",
+                 ULONG2NUM(new_signature->timestamp));
+#else
       rb_iv_set (vnew_signature, "@timestamp",
                  LONG2NUM(new_signature->timestamp));
+#endif
       rb_iv_set (vnew_signature, "@fpr", rb_str_new2 (new_signature->fpr));
       rb_ary_push (vsignatures, vnew_signature);
     }
@@ -2084,6 +2537,12 @@ rb_s_gpgme_op_encrypt (VALUE dummy, VALUE vctx, VALUE vrecp, VALUE vflags,
   err = gpgme_op_encrypt (ctx, recp, NUM2INT(vflags), plain, cipher);
   if (recp)
     xfree (recp);
+
+  RB_GC_GUARD(vctx);
+  RB_GC_GUARD(vrecp);
+  RB_GC_GUARD(vplain);
+  RB_GC_GUARD(vcipher);
+
   return LONG2NUM(err);
 }
 
@@ -2183,6 +2642,12 @@ rb_s_gpgme_op_encrypt_sign (VALUE dummy, VALUE vctx, VALUE vrecp, VALUE vflags,
   err = gpgme_op_encrypt_sign (ctx, recp, NUM2INT(vflags), plain, cipher);
   if (recp)
     xfree (recp);
+
+  RB_GC_GUARD(vctx);
+  RB_GC_GUARD(vrecp);
+  RB_GC_GUARD(vplain);
+  RB_GC_GUARD(vcipher);
+
   return LONG2NUM(err);
 }
 
@@ -2336,6 +2801,57 @@ rb_s_gpgme_op_spawn (VALUE dummy, VALUE vctx, VALUE vfile,
 }
 #endif
 
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER >= 0x020000
+static VALUE
+rb_s_gpgme_op_random_bytes (VALUE dummy, VALUE vctx, VALUE vsize, VALUE vmode)
+{
+  gpgme_ctx_t ctx;
+  gpgme_error_t err;
+  size_t size;
+  char *buffer;
+  VALUE result;
+
+  CHECK_KEYLIST_NOT_IN_PROGRESS(vctx);
+
+  UNWRAP_GPGME_CTX(vctx, ctx);
+  if (!ctx)
+    rb_raise (rb_eArgError, "released ctx");
+
+  size = NUM2SIZET(vsize);
+  buffer = ALLOC_N(char, size);
+
+  err = gpgme_op_random_bytes (ctx, NUM2INT(vmode), buffer, size);
+  if (err) {
+    xfree(buffer);
+    return LONG2NUM(err);
+  }
+
+  result = rb_str_new(buffer, size);
+  xfree(buffer);
+  return result;
+}
+
+static VALUE
+rb_s_gpgme_op_random_value (VALUE dummy, VALUE vctx, VALUE vlimit)
+{
+  gpgme_ctx_t ctx;
+  size_t limit, result;
+  gpgme_error_t err;
+
+  CHECK_KEYLIST_NOT_IN_PROGRESS(vctx);
+
+  UNWRAP_GPGME_CTX(vctx, ctx);
+  if (!ctx)
+    rb_raise (rb_eArgError, "released ctx");
+
+  limit = NUM2SIZET(vlimit);
+  err = gpgme_op_random_value (ctx, limit, &result);
+  if (gpgme_err_code(err) == GPG_ERR_NO_ERROR)
+    return SIZET2NUM(result);
+  return LONG2NUM(err);
+}
+#endif
+
 void
 Init_gpgme_n (void)
 {
@@ -2402,8 +2918,10 @@ Init_gpgme_n (void)
     rb_define_class_under (mGPGME, "Signature", rb_cObject);
   cSigNotation =
     rb_define_class_under (mGPGME, "SigNotation", rb_cObject);
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER < 0x020000
   cTrustItem =
     rb_define_class_under (mGPGME, "TrustItem", rb_cObject);
+#endif
   cInvalidKey =
     rb_define_class_under (mGPGME, "InvalidKey", rb_cObject);
   cNewSignature =
@@ -2547,8 +3065,15 @@ Init_gpgme_n (void)
                              rb_s_gpgme_op_import_result, 1);
   rb_define_module_function (mGPGME, "gpgme_op_delete",
                              rb_s_gpgme_op_delete, 3);
+  rb_define_module_function (mGPGME, "gpgme_op_delete_ext",
+                             rb_s_gpgme_op_delete_ext, 3);
   rb_define_module_function (mGPGME, "gpgme_op_delete_start",
                              rb_s_gpgme_op_delete_start, 3);
+
+  /* Key Edit Interface
+   * For GPGME 2.0.0+, these functions use gpgme_op_interact internally
+   * with a shim to maintain backward compatibility with existing callbacks.
+   */
   rb_define_module_function (mGPGME, "gpgme_op_edit",
                              rb_s_gpgme_op_edit, 5);
   rb_define_module_function (mGPGME, "gpgme_op_edit_start",
@@ -2559,12 +3084,14 @@ Init_gpgme_n (void)
                              rb_s_gpgme_op_card_edit_start, 5);
 
   /* Trust Item Management */
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER < 0x020000
   rb_define_module_function (mGPGME, "gpgme_op_trustlist_start",
                              rb_s_gpgme_op_trustlist_start, 3);
   rb_define_module_function (mGPGME, "gpgme_op_trustlist_next",
                              rb_s_gpgme_op_trustlist_next, 2);
   rb_define_module_function (mGPGME, "gpgme_op_trustlist_end",
                              rb_s_gpgme_op_trustlist_end, 1);
+#endif
 
   /* Decrypt */
   rb_define_module_function (mGPGME, "gpgme_op_decrypt",
@@ -2626,6 +3153,14 @@ Init_gpgme_n (void)
                              rb_s_gpgme_op_spawn_start, 7);
 #endif
 
+  /* Random Number Generation */
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER >= 0x020000
+  rb_define_module_function (mGPGME, "gpgme_op_random_bytes",
+                             rb_s_gpgme_op_random_bytes, 3);
+  rb_define_module_function (mGPGME, "gpgme_op_random_value",
+                             rb_s_gpgme_op_random_value, 2);
+#endif
+
   /* gpgme_pubkey_algo_t */
   rb_define_const (mGPGME, "GPGME_PK_RSA", INT2FIX(GPGME_PK_RSA));
   rb_define_const (mGPGME, "GPGME_PK_DSA", INT2FIX(GPGME_PK_DSA));
@@ -2806,6 +3341,7 @@ Init_gpgme_n (void)
                    INT2FIX(GPGME_SIG_MODE_CLEAR));
 
   /* gpgme_attr_t */
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER < 0x020000
   rb_define_const (mGPGME, "GPGME_ATTR_KEYID",
                    INT2FIX(GPGME_ATTR_KEYID));
   rb_define_const (mGPGME, "GPGME_ATTR_FPR",
@@ -2868,6 +3404,7 @@ Init_gpgme_n (void)
                    INT2FIX(GPGME_ATTR_ERRTOK));
   rb_define_const (mGPGME, "GPGME_ATTR_SIG_SUMMARY",
                    INT2FIX(GPGME_ATTR_SIG_SUMMARY));
+#endif
 
   /* gpgme_validity_t */
   rb_define_const (mGPGME, "GPGME_VALIDITY_UNKNOWN",
@@ -3107,11 +3644,78 @@ Init_gpgme_n (void)
   /* The available flags for gpgme_op_encrypt.  */
   rb_define_const (mGPGME, "GPGME_ENCRYPT_ALWAYS_TRUST",
                    INT2FIX(GPGME_ENCRYPT_ALWAYS_TRUST));
-  /* This flag was added in 1.2.0. */
-#ifdef GPGME_ENCRYPT_NO_ENCRYPT_TO
+#ifdef HAVE_CONST_GPGME_ENCRYPT_NO_ENCRYPT_TO
   rb_define_const (mGPGME, "GPGME_ENCRYPT_NO_ENCRYPT_TO",
                    INT2FIX(GPGME_ENCRYPT_NO_ENCRYPT_TO));
 #endif
+#ifdef HAVE_CONST_GPGME_ENCRYPT_PREPARE
+  rb_define_const (mGPGME, "GPGME_ENCRYPT_PREPARE",
+                   INT2FIX(GPGME_ENCRYPT_PREPARE));
+#endif
+#ifdef HAVE_CONST_GPGME_ENCRYPT_EXPECT_SIGN
+  rb_define_const (mGPGME, "GPGME_ENCRYPT_EXPECT_SIGN",
+                   INT2FIX(GPGME_ENCRYPT_EXPECT_SIGN));
+#endif
+#ifdef HAVE_CONST_GPGME_ENCRYPT_NO_COMPRESS
+  rb_define_const (mGPGME, "GPGME_ENCRYPT_NO_COMPRESS",
+                   INT2FIX(GPGME_ENCRYPT_NO_COMPRESS));
+#endif
+#ifdef HAVE_CONST_GPGME_ENCRYPT_UNSIGNED_INTEGRITY_CHECK
+  rb_define_const (mGPGME, "GPGME_ENCRYPT_UNSIGNED_INTEGRITY_CHECK",
+                   INT2FIX(GPGME_ENCRYPT_UNSIGNED_INTEGRITY_CHECK));
+#endif
+#ifdef HAVE_CONST_GPGME_ENCRYPT_SYMMETRIC
+  rb_define_const (mGPGME, "GPGME_ENCRYPT_SYMMETRIC",
+                   INT2FIX(GPGME_ENCRYPT_SYMMETRIC));
+#endif
+#ifdef HAVE_CONST_GPGME_ENCRYPT_THROW_KEYIDS
+  rb_define_const (mGPGME, "GPGME_ENCRYPT_THROW_KEYIDS",
+                   INT2FIX(GPGME_ENCRYPT_THROW_KEYIDS));
+#endif
+#ifdef HAVE_CONST_GPGME_ENCRYPT_WRAP
+  rb_define_const (mGPGME, "GPGME_ENCRYPT_WRAP",
+                   INT2FIX(GPGME_ENCRYPT_WRAP));
+#endif
+#ifdef HAVE_CONST_GPGME_ENCRYPT_WANT_ADDRESS
+  rb_define_const (mGPGME, "GPGME_ENCRYPT_WANT_ADDRESS",
+                   INT2FIX(GPGME_ENCRYPT_WANT_ADDRESS));
+#endif
+#ifdef HAVE_CONST_GPGME_ENCRYPT_ARCHIVE
+  rb_define_const (mGPGME, "GPGME_ENCRYPT_ARCHIVE",
+                   INT2FIX(GPGME_ENCRYPT_ARCHIVE));
+#endif
+#ifdef HAVE_CONST_GPGME_ENCRYPT_FILE
+  rb_define_const (mGPGME, "GPGME_ENCRYPT_FILE",
+                   INT2FIX(GPGME_ENCRYPT_FILE));
+#endif
+#ifdef HAVE_CONST_GPGME_ENCRYPT_ADD_RECP
+  rb_define_const (mGPGME, "GPGME_ENCRYPT_ADD_RECP",
+                   INT2FIX(GPGME_ENCRYPT_ADD_RECP));
+#endif
+#ifdef HAVE_CONST_GPGME_ENCRYPT_CHG_RECP
+  rb_define_const (mGPGME, "GPGME_ENCRYPT_CHG_RECP",
+                   INT2FIX(GPGME_ENCRYPT_CHG_RECP));
+#endif
+
+  /* Random number generation mode flags added in 2.0.0 */
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER >= 0x020000
+  rb_define_const (mGPGME, "GPGME_RANDOM_MODE_NORMAL",
+                   INT2FIX(GPGME_RANDOM_MODE_NORMAL));
+  rb_define_const (mGPGME, "GPGME_RANDOM_MODE_ZBASE32",
+                   INT2FIX(GPGME_RANDOM_MODE_ZBASE32));
+#endif
+
+  /* Decrypt flags added in 2.0.0 */
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER >= 0x020000
+  rb_define_const (mGPGME, "GPGME_DECRYPT_LISTONLY",
+                   INT2FIX(GPGME_DECRYPT_LISTONLY));
+#endif
+
+  /* Key generation flags added in 2.0.0 */
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER >= 0x020000
+  rb_define_const (mGPGME, "GPGME_CREATE_GROUP",
+                   INT2FIX(GPGME_CREATE_GROUP));
+#endif
 
   /* These flags were added in 1.4.0. */
 #if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER >= 0x010400
@@ -3156,4 +3760,13 @@ Init_gpgme_n (void)
   rb_define_const (mGPGME, "GPGME_EXPORT_MODE_PKCS12",
                    INT2FIX(GPGME_EXPORT_MODE_PKCS12));
 #endif
+
+/* These flags were added in 1.9.1. */
+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER >= 0x010901
+  rb_define_const (mGPGME, "GPGME_DELETE_ALLOW_SECRET",
+                   INT2FIX(GPGME_DELETE_ALLOW_SECRET));
+  rb_define_const (mGPGME, "GPGME_DELETE_FORCE",
+                   INT2FIX(GPGME_DELETE_FORCE));
+#endif
 }
+