gpgme 2.0.24 → 2.0.26

data/lib/gpgme/constants.rb

@@ -1,36 +1,98 @@
 module GPGME
 
-  ATTR_ALGO = GPGME_ATTR_ALGO
-  ATTR_CAN_CERTIFY = GPGME_ATTR_CAN_CERTIFY
-  ATTR_CAN_ENCRYPT = GPGME_ATTR_CAN_ENCRYPT
-  ATTR_CAN_SIGN = GPGME_ATTR_CAN_SIGN
-  ATTR_CHAINID = GPGME_ATTR_CHAINID
-  ATTR_COMMENT = GPGME_ATTR_COMMENT
-  ATTR_CREATED = GPGME_ATTR_CREATED
-  ATTR_EMAIL = GPGME_ATTR_EMAIL
-  ATTR_ERRTOK = GPGME_ATTR_ERRTOK
-  ATTR_EXPIRE = GPGME_ATTR_EXPIRE
-  ATTR_FPR = GPGME_ATTR_FPR
-  ATTR_ISSUER = GPGME_ATTR_ISSUER
-  ATTR_IS_SECRET = GPGME_ATTR_IS_SECRET
-  ATTR_KEYID = GPGME_ATTR_KEYID
-  ATTR_KEY_CAPS = GPGME_ATTR_KEY_CAPS
-  ATTR_KEY_DISABLED = GPGME_ATTR_KEY_DISABLED
-  ATTR_KEY_EXPIRED = GPGME_ATTR_KEY_EXPIRED
-  ATTR_KEY_INVALID = GPGME_ATTR_KEY_INVALID
-  ATTR_KEY_REVOKED = GPGME_ATTR_KEY_REVOKED
-  ATTR_LEN = GPGME_ATTR_LEN
-  ATTR_LEVEL = GPGME_ATTR_LEVEL
-  ATTR_NAME = GPGME_ATTR_NAME
-  ATTR_OTRUST = GPGME_ATTR_OTRUST
-  ATTR_SERIAL = GPGME_ATTR_SERIAL
-  ATTR_SIG_STATUS = GPGME_ATTR_SIG_STATUS
-  ATTR_SIG_SUMMARY = GPGME_ATTR_SIG_SUMMARY
-  ATTR_TYPE = GPGME_ATTR_TYPE
-  ATTR_UID_INVALID = GPGME_ATTR_UID_INVALID
-  ATTR_UID_REVOKED = GPGME_ATTR_UID_REVOKED
-  ATTR_USERID = GPGME_ATTR_USERID
-  ATTR_VALIDITY = GPGME_ATTR_VALIDITY
+  if defined?(GPGME_ATTR_ALGO)
+    ATTR_ALGO = GPGME_ATTR_ALGO
+  end
+  if defined?(GPGME_ATTR_CAN_CERTIFY)
+    ATTR_CAN_CERTIFY = GPGME_ATTR_CAN_CERTIFY
+  end
+  if defined?(GPGME_ATTR_CAN_ENCRYPT)
+    ATTR_CAN_ENCRYPT = GPGME_ATTR_CAN_ENCRYPT
+  end
+  if defined?(GPGME_ATTR_CAN_SIGN)
+    ATTR_CAN_SIGN = GPGME_ATTR_CAN_SIGN
+  end
+  if defined?(GPGME_ATTR_CHAINID)
+    ATTR_CHAINID = GPGME_ATTR_CHAINID
+  end
+  if defined?(GPGME_ATTR_COMMENT)
+    ATTR_COMMENT = GPGME_ATTR_COMMENT
+  end
+  if defined?(GPGME_ATTR_CREATED)
+    ATTR_CREATED = GPGME_ATTR_CREATED
+  end
+  if defined?(GPGME_ATTR_EMAIL)
+    ATTR_EMAIL = GPGME_ATTR_EMAIL
+  end
+  if defined?(GPGME_ATTR_ERRTOK)
+    ATTR_ERRTOK = GPGME_ATTR_ERRTOK
+  end
+  if defined?(GPGME_ATTR_EXPIRE)
+    ATTR_EXPIRE = GPGME_ATTR_EXPIRE
+  end
+  if defined?(GPGME_ATTR_FPR)
+    ATTR_FPR = GPGME_ATTR_FPR
+  end
+  if defined?(GPGME_ATTR_ISSUER)
+    ATTR_ISSUER = GPGME_ATTR_ISSUER
+  end
+  if defined?(GPGME_ATTR_IS_SECRET)
+    ATTR_IS_SECRET = GPGME_ATTR_IS_SECRET
+  end
+  if defined?(GPGME_ATTR_KEYID)
+    ATTR_KEYID = GPGME_ATTR_KEYID
+  end
+  if defined?(GPGME_ATTR_KEY_CAPS)
+    ATTR_KEY_CAPS = GPGME_ATTR_KEY_CAPS
+  end
+  if defined?(GPGME_ATTR_KEY_DISABLED)
+    ATTR_KEY_DISABLED = GPGME_ATTR_KEY_DISABLED
+  end
+  if defined?(GPGME_ATTR_KEY_EXPIRED)
+    ATTR_KEY_EXPIRED = GPGME_ATTR_KEY_EXPIRED
+  end
+  if defined?(GPGME_ATTR_KEY_INVALID)
+    ATTR_KEY_INVALID = GPGME_ATTR_KEY_INVALID
+  end
+  if defined?(GPGME_ATTR_KEY_REVOKED)
+    ATTR_KEY_REVOKED = GPGME_ATTR_KEY_REVOKED
+  end
+  if defined?(GPGME_ATTR_LEN)
+    ATTR_LEN = GPGME_ATTR_LEN
+  end
+  if defined?(GPGME_ATTR_LEVEL)
+    ATTR_LEVEL = GPGME_ATTR_LEVEL
+  end
+  if defined?(GPGME_ATTR_NAME)
+    ATTR_NAME = GPGME_ATTR_NAME
+  end
+  if defined?(GPGME_ATTR_OTRUST)
+    ATTR_OTRUST = GPGME_ATTR_OTRUST
+  end
+  if defined?(GPGME_ATTR_SERIAL)
+    ATTR_SERIAL = GPGME_ATTR_SERIAL
+  end
+  if defined?(GPGME_ATTR_SIG_STATUS)
+    ATTR_SIG_STATUS = GPGME_ATTR_SIG_STATUS
+  end
+  if defined?(GPGME_ATTR_SIG_SUMMARY)
+    ATTR_SIG_SUMMARY = GPGME_ATTR_SIG_SUMMARY
+  end
+  if defined?(GPGME_ATTR_TYPE)
+    ATTR_TYPE = GPGME_ATTR_TYPE
+  end
+  if defined?(GPGME_ATTR_UID_INVALID)
+    ATTR_UID_INVALID = GPGME_ATTR_UID_INVALID
+  end
+  if defined?(GPGME_ATTR_UID_REVOKED)
+    ATTR_UID_REVOKED = GPGME_ATTR_UID_REVOKED
+  end
+  if defined?(GPGME_ATTR_USERID)
+    ATTR_USERID = GPGME_ATTR_USERID
+  end
+  if defined?(GPGME_ATTR_VALIDITY)
+    ATTR_VALIDITY = GPGME_ATTR_VALIDITY
+  end
   DATA_ENCODING_ARMOR = GPGME_DATA_ENCODING_ARMOR
   DATA_ENCODING_BASE64 = GPGME_DATA_ENCODING_BASE64
   DATA_ENCODING_BINARY = GPGME_DATA_ENCODING_BINARY
@@ -39,6 +101,24 @@ module GPGME
   if defined?(GPGME_ENCRYPT_NO_ENCRYPT_TO)
     ENCRYPT_NO_ENCRYPT_TO = GPGME_ENCRYPT_NO_ENCRYPT_TO
   end
+  if defined?(GPGME_ENCRYPT_PREPARE)
+    ENCRYPT_PREPARE = GPGME_ENCRYPT_PREPARE
+  end
+  if defined?(GPGME_ENCRYPT_EXPECT_SIGN)
+    ENCRYPT_EXPECT_SIGN = GPGME_ENCRYPT_EXPECT_SIGN
+  end
+  if defined?(GPGME_ENCRYPT_NO_COMPRESS)
+    ENCRYPT_NO_COMPRESS = GPGME_ENCRYPT_NO_COMPRESS
+  end
+  if defined?(GPGME_ENCRYPT_UNSIGNED_INTEGRITY_CHECK)
+    ENCRYPT_UNSIGNED_INTEGRITY_CHECK = GPGME_ENCRYPT_UNSIGNED_INTEGRITY_CHECK
+  end
+  if defined?(GPGME_ENCRYPT_SYMMETRIC)
+    ENCRYPT_SYMMETRIC = GPGME_ENCRYPT_SYMMETRIC
+  end
+  if defined?(GPGME_ENCRYPT_THROW_KEYIDS)
+    ENCRYPT_THROW_KEYIDS = GPGME_ENCRYPT_THROW_KEYIDS
+  end
   IMPORT_NEW = GPGME_IMPORT_NEW
   IMPORT_SECRET = GPGME_IMPORT_SECRET
   IMPORT_SIG = GPGME_IMPORT_SIG
@@ -265,4 +345,31 @@ module GPGME
     VALIDITY_FULL       => :full,
     VALIDITY_ULTIMATE   => :ultimate
   }
+
+  if defined?(GPGME_DELETE_ALLOW_SECRET)
+    DELETE_ALLOW_SECRET = GPGME_DELETE_ALLOW_SECRET
+  end
+
+  if defined?(GPGME_DELETE_FORCE)
+    DELETE_FORCE = GPGME_DELETE_FORCE
+  end
+
+  # Random number generation mode flags added in 2.0.0
+  if defined?(GPGME_RANDOM_MODE_NORMAL)
+    RANDOM_MODE_NORMAL = GPGME_RANDOM_MODE_NORMAL
+  end
+
+  if defined?(GPGME_RANDOM_MODE_ZBASE32)
+    RANDOM_MODE_ZBASE32 = GPGME_RANDOM_MODE_ZBASE32
+  end
+
+  # Decrypt flags added in 2.0.0
+  if defined?(GPGME_DECRYPT_LISTONLY)
+    DECRYPT_LISTONLY = GPGME_DECRYPT_LISTONLY
+  end
+
+  # Key generation flags added in 2.0.0
+  if defined?(GPGME_CREATE_GROUP)
+    CREATE_GROUP = GPGME_CREATE_GROUP
+  end
 end

data/lib/gpgme/crypto.rb

@@ -91,7 +91,9 @@ module GPGME
         begin
           if options[:sign]
             if options[:signers]
-              signers = Key.find(:public, options[:signers], :sign)
+              # Optimization: reuse recipient Key objects if signers match
+              # to avoid redundant key lookups
+              signers = resolve_keys_for_signing(options[:signers], keys)
               ctx.add_signer(*signers)
             end
             ctx.encrypt_sign(keys, plain_data, cipher_data, flags)
@@ -353,5 +355,58 @@ module GPGME
       end
     end
 
+    private
+
+    # Resolves keys for signing, reusing already-fetched recipient keys when possible
+    # to avoid redundant key lookups which can be slow.
+    #
+    # @param signers_input [Array, String, Key] The signer identifiers
+    # @param recipient_keys [Array<Key>, nil] Already-fetched recipient keys to check for reuse
+    # @return [Array<Key>] Keys suitable for signing
+    def resolve_keys_for_signing(signers_input, recipient_keys)
+      signers_input = [signers_input].flatten
+      recipient_keys ||= []
+
+      # Build a lookup hash of recipient keys by various identifiers
+      recipient_lookup = {}
+      recipient_keys.each do |key|
+        next unless key.is_a?(Key)
+        # Index by fingerprint, short key ID, and email
+        recipient_lookup[key.fingerprint] = key if key.fingerprint
+        recipient_lookup[key.fingerprint[-16..]] = key if key.fingerprint && key.fingerprint.length >= 16
+        recipient_lookup[key.fingerprint[-8..]] = key if key.fingerprint && key.fingerprint.length >= 8
+        if key.uids && !key.uids.empty?
+          key.uids.each do |uid|
+            recipient_lookup[uid.email] = key if uid.email && !uid.email.empty?
+          end
+        end
+      end
+
+      result = []
+      needs_lookup = []
+
+      signers_input.each do |signer|
+        case signer
+        when Key
+          # Already a key object, use directly if it can sign
+          result << signer if signer.usable_for?([:sign])
+        when String
+          # Check if we already have this key from recipients
+          if (existing = recipient_lookup[signer]) && existing.usable_for?([:sign])
+            result << existing
+          else
+            needs_lookup << signer
+          end
+        end
+      end
+
+      # Only do a Key.find for signers we couldn't resolve from recipients
+      unless needs_lookup.empty?
+        result += Key.find(:public, needs_lookup, :sign)
+      end
+
+      result
+    end
+
   end # module Crypto
 end # module GPGME

data/lib/gpgme/ctx.rb

@@ -76,10 +76,12 @@ module GPGME
       end
 
       if block_given?
-        begin
-          yield ctx
-        ensure
-          GPGME::gpgme_release(ctx)
+        GPGME.synchronize do
+          begin
+            yield ctx
+          ensure
+            GPGME::gpgme_release(ctx)
+          end
         end
       else
         ctx
@@ -447,14 +449,26 @@ module GPGME
     # Delete the key from the key ring.
     # If allow_secret is false, only public keys are deleted,
     # otherwise secret keys are deleted as well.
-    def delete_key(key, allow_secret = false)
-      err = GPGME::gpgme_op_delete(self, key, allow_secret ? 1 : 0)
+    # If force is true, the confirmation dialog will not be displayed.
+    def delete_key(key, allow_secret = false, force = false)
+      err = nil
+      if defined?(GPGME::gpgme_op_delete_ext)
+        flag = 0
+        flag ^= GPGME::DELETE_ALLOW_SECRET if allow_secret
+        flag ^= GPGME::DELETE_FORCE if force
+        err = GPGME::gpgme_op_delete_ext(self, key, flag)
+      else
+        err = GPGME::gpgme_op_delete(self, key, allow_secret ? 1 : 0)
+      end
       exc = GPGME::error_to_exception(err)
       raise exc if exc
     end
     alias delete delete_key
 
     # Edit attributes of the key in the local key ring.
+    #
+    # The callback receives (hook_value, status, args, fd) where status is
+    # a numeric status code (e.g., GPGME::GPGME_STATUS_GET_BOOL).
     def edit_key(key, editfunc, hook_value = nil, out = Data.new)
       err = GPGME::gpgme_op_edit(self, key, editfunc, hook_value, out)
       exc = GPGME::error_to_exception(err)
@@ -463,6 +477,9 @@ module GPGME
     alias edit edit_key
 
     # Edit attributes of the key on the card.
+    #
+    # The callback receives (hook_value, status, args, fd) where status is
+    # a numeric status code (e.g., GPGME::GPGME_STATUS_GET_BOOL).
     def edit_card_key(key, editfunc, hook_value = nil, out = Data.new)
       err = GPGME::gpgme_op_card_edit(self, key, editfunc, hook_value, out)
       exc = GPGME::error_to_exception(err)
@@ -561,6 +578,39 @@ module GPGME
       raise exc if exc
     end
 
+    # Generate cryptographically strong random bytes.
+    # Available since GPGME 2.0.0.
+    #
+    # @param [Integer] size Number of bytes to generate
+    # @param [Integer] mode Random generation mode (RANDOM_MODE_NORMAL or RANDOM_MODE_ZBASE32)
+    # @return [String] Random bytes as a binary string
+    def random_bytes(size, mode = GPGME::RANDOM_MODE_NORMAL)
+      result = GPGME::gpgme_op_random_bytes(self, size, mode)
+      if result.is_a?(String)
+        result
+      else
+        exc = GPGME::error_to_exception(result)
+        raise exc if exc
+        result
+      end
+    end
+
+    # Generate a cryptographically strong random unsigned integer value.
+    # Available since GPGME 2.0.0.
+    #
+    # @param [Integer] limit Upper limit for the random value (exclusive)
+    # @return [Integer] Random unsigned integer value in range [0, limit)
+    def random_value(limit)
+      result = GPGME::gpgme_op_random_value(self, limit)
+      if result.is_a?(Integer) && result >= 0
+        result
+      else
+        exc = GPGME::error_to_exception(result)
+        raise exc if exc
+        result
+      end
+    end
+
     def inspect
       "#<#{self.class} protocol=#{PROTOCOL_NAMES[protocol] || protocol}, \
 armor=#{armor}, textmode=#{textmode}, \
@@ -570,10 +620,21 @@ keylist_mode=#{KEYLIST_MODE_NAMES[keylist_mode]}>"
     private
 
     def self.pass_function(pass, uid_hint, passphrase_info, prev_was_bad, fd)
+      # Write the passphrase directly using IO.for_fd. We set autoclose=false
+      # to prevent Ruby from closing the fd (which belongs to GPGME/gpg-agent).
+      # The IO object is used only within this method scope and not stored,
+      # so we also ensure it isn't prematurely collected by keeping a strong
+      # reference until we're done.
       io = IO.for_fd(fd, 'w')
       io.autoclose = false
-      io.puts pass
-      io.flush
+      begin
+        io.write "#{pass}\n"
+        io.flush
+      rescue => e
+        # If the fd has become invalid (e.g. agent communication error),
+        # re-raise as a more descriptive error.
+        raise e
+      end
     end
 
   end

data/lib/gpgme/io_callbacks.rb

@@ -9,7 +9,12 @@ module GPGME
     end
 
     def write(hook, buffer, length)
-      @io.write(buffer[0 .. length])
+      data = buffer[0 .. length]
+      # Handle encoding conversion if the IO has a different encoding
+      if @io.respond_to?(:external_encoding) && @io.external_encoding
+        data = data.encode(@io.external_encoding, invalid: :replace, undef: :replace)
+      end
+      @io.write(data)
     end
 
     def seek(hook, offset, whence)

data/lib/gpgme/key.rb

@@ -156,10 +156,11 @@ module GPGME
 
     ##
     # Delete this key. If it's public, and has a secret one it will fail unless
-    # +allow_secret+ is specified as true.
-    def delete!(allow_secret = false)
+    # +allow_secret+ is specified as true. Suppress the confirmation dialog, if
+    # +force+ is specified as true.
+    def delete!(allow_secret = false, force = false)
       GPGME::Ctx.new do |ctx|
-        ctx.delete_key self, allow_secret
+        ctx.delete_key self, allow_secret, force
       end
     end
 

data/lib/gpgme/version.rb

@@ -1,4 +1,4 @@
 module GPGME
   # The version of GPGME ruby binding you are using
-  VERSION = "2.0.24"
+  VERSION = "2.0.26"
 end

data/lib/gpgme.rb

@@ -1,6 +1,8 @@
 require 'gpgme_n'
+require 'monitor'
 
-# TODO without this call one can't GPGME::Ctx.new, find out why
+# This call initializes the GPGME library and must happen before
+# any GPGME operations (e.g. Ctx.new) can succeed.
 GPGME::gpgme_check_version(nil)
 
 require 'gpgme/constants'
@@ -19,8 +21,61 @@ require 'gpgme/engine'
 require 'gpgme/crypto'
 
 module GPGME
+
+  # Mutex for serializing GPGME operations when thread safety is enabled.
+  # While the underlying GPGME C library supports separate contexts in
+  # separate threads, the communication with gpg-agent over Unix domain
+  # sockets can produce "Bad file descriptor" errors under heavy concurrent
+  # load. Thread-safe mode is enabled by default and can be disabled
+  # if not needed (e.g. single-threaded applications).
+  #
+  # A Monitor is used instead of a Mutex because GPGME operations are
+  # reentrant — e.g. Crypto#sign calls Ctx.new, and within that block,
+  # Key.find calls Ctx.new again.
+  #
+  # @example Disable thread-safe mode for single-threaded apps
+  #   GPGME.thread_safe = false
+  #
+  @thread_safe_mutex = Monitor.new
+  @thread_safe = true
+
   class << self
 
+    # Enable or disable thread-safe mode. Enabled by default. When
+    # enabled, all high-level GPGME operations (encrypt, decrypt, sign,
+    # verify, key listing, etc.) are serialized through a global monitor
+    # to prevent concurrent access to gpg-agent from causing "Bad file
+    # descriptor" errors. Disable for single-threaded apps if the
+    # synchronization overhead is undesirable.
+    #
+    # @param [Boolean] value false to disable thread-safe mode
+    attr_writer :thread_safe
+
+    # Returns true if thread-safe mode is enabled.
+    def thread_safe?
+      @thread_safe
+    end
+
+    # The mutex used for thread-safe serialization. Can be used directly
+    # if you need finer-grained control over locking.
+    #
+    # @example manual locking
+    #   GPGME.synchronize do
+    #     # multiple GPGME operations atomically
+    #   end
+    attr_reader :thread_safe_mutex
+
+    # Execute a block with the GPGME mutex held if thread-safe mode is
+    # enabled. If thread-safe mode is disabled, the block is executed
+    # directly without locking.
+    def synchronize(&block)
+      if @thread_safe
+        @thread_safe_mutex.synchronize(&block)
+      else
+        yield
+      end
+    end
+
     # From the c extension
     alias pubkey_algo_name gpgme_pubkey_algo_name
     alias hash_algo_name gpgme_hash_algo_name

data/test/crypto_test.rb

@@ -90,7 +90,7 @@ describe GPGME::Crypto do
       encrypted   = crypto.encrypt TEXT[:plain], :sign => true
       signatures  = 0
 
-      crypto.verify(encrypted) do |signature|
+      crypto.decrypt(encrypted) do |signature|
         assert_instance_of GPGME::Signature, signature
         signatures += 1
       end
@@ -103,7 +103,7 @@ describe GPGME::Crypto do
       encrypted   = crypto.encrypt TEXT[:plain], :sign => true, :signers => KEYS.map{|k| k[:sha]}
       signatures  = 0
 
-      crypto.verify(encrypted) do |signature|
+      crypto.decrypt(encrypted) do |signature|
         assert_instance_of GPGME::Signature, signature
         signatures += 1
       end

data/test/ctx_test.rb

@@ -70,9 +70,6 @@ describe GPGME::Ctx do
     end
 
     it "should not segfault" do
-      cipher = GPGME::Data.new(KEY_1_ENCRYPTED)
-      ouput = GPGME::Data.new
-      
       GPGME::Ctx.new do |ctx|
         assert_raises ArgumentError do
           ctx.decrypt_result
@@ -214,7 +211,7 @@ describe GPGME::Ctx do
 
     it "doesn't allow just any value" do
       assert_raises GPGME::Error::InvalidValue do
-        ctx = GPGME::Ctx.new(:protocol => -200)
+        GPGME::Ctx.new(:protocol => -200)
       end
     end
   end

data/test/data_test.rb

@@ -25,14 +25,14 @@ describe GPGME::Data do
     it "creates a data from a file" do
       # magic fromfile
       data = GPGME::Data.new(File.open(__FILE__))
-      assert_match /magic fromfile/, data.read
+      assert_match(/magic fromfile/, data.read)
     end
 
     it "creates a data from file descriptor" do
       # magic filedescriptor
       File.open(__FILE__) do |f|
         data = GPGME::Data.new(f.fileno)
-        assert_match /magic filedescriptor/, data.read
+        assert_match(/magic filedescriptor/, data.read)
       end
     end
   end

data/test/encryption_flags_test.rb

@@ -0,0 +1,65 @@
+# -*- encoding: utf-8 -*-
+require 'test_helper'
+
+describe 'GPGME Encryption Flags' do
+  it 'should expose ENCRYPT_ALWAYS_TRUST' do
+    assert_equal 1, GPGME::ENCRYPT_ALWAYS_TRUST
+  end
+
+  it 'should expose ENCRYPT_NO_ENCRYPT_TO if available' do
+    if defined?(GPGME::ENCRYPT_NO_ENCRYPT_TO)
+      assert GPGME::ENCRYPT_NO_ENCRYPT_TO.is_a?(Integer)
+    end
+  end
+
+  it 'should expose ENCRYPT_PREPARE if available' do
+    if defined?(GPGME::ENCRYPT_PREPARE)
+      assert GPGME::ENCRYPT_PREPARE.is_a?(Integer)
+    end
+  end
+
+  it 'should expose ENCRYPT_EXPECT_SIGN if available' do
+    if defined?(GPGME::ENCRYPT_EXPECT_SIGN)
+      assert GPGME::ENCRYPT_EXPECT_SIGN.is_a?(Integer)
+    end
+  end
+
+  it 'should expose ENCRYPT_NO_COMPRESS if available' do
+    if defined?(GPGME::ENCRYPT_NO_COMPRESS)
+      assert GPGME::ENCRYPT_NO_COMPRESS.is_a?(Integer)
+    end
+  end
+
+  it 'should expose ENCRYPT_UNSIGNED_INTEGRITY_CHECK if available' do
+    if defined?(GPGME::ENCRYPT_UNSIGNED_INTEGRITY_CHECK)
+      assert GPGME::ENCRYPT_UNSIGNED_INTEGRITY_CHECK.is_a?(Integer)
+    end
+  end
+
+  it 'should expose ENCRYPT_SYMMETRIC if available' do
+    if defined?(GPGME::ENCRYPT_SYMMETRIC)
+      assert GPGME::ENCRYPT_SYMMETRIC.is_a?(Integer)
+    end
+  end
+
+  it 'should expose ENCRYPT_THROW_KEYIDS if available' do
+    if defined?(GPGME::ENCRYPT_THROW_KEYIDS)
+      assert GPGME::ENCRYPT_THROW_KEYIDS.is_a?(Integer)
+    end
+  end
+
+  it 'should use different flag values for different flags' do
+    flags = []
+    flags << GPGME::ENCRYPT_ALWAYS_TRUST
+    flags << GPGME::ENCRYPT_NO_ENCRYPT_TO if defined?(GPGME::ENCRYPT_NO_ENCRYPT_TO)
+    flags << GPGME::ENCRYPT_PREPARE if defined?(GPGME::ENCRYPT_PREPARE)
+    flags << GPGME::ENCRYPT_EXPECT_SIGN if defined?(GPGME::ENCRYPT_EXPECT_SIGN)
+    flags << GPGME::ENCRYPT_NO_COMPRESS if defined?(GPGME::ENCRYPT_NO_COMPRESS)
+    flags << GPGME::ENCRYPT_UNSIGNED_INTEGRITY_CHECK if defined?(GPGME::ENCRYPT_UNSIGNED_INTEGRITY_CHECK)
+    flags << GPGME::ENCRYPT_SYMMETRIC if defined?(GPGME::ENCRYPT_SYMMETRIC)
+    flags << GPGME::ENCRYPT_THROW_KEYIDS if defined?(GPGME::ENCRYPT_THROW_KEYIDS)
+
+    # All flags should be unique
+    assert_equal flags.length, flags.uniq.length
+  end
+end