iostreams 1.10.3 → 2.0.0

data/lib/io_streams/pgp.rb

@@ -1,4 +1,5 @@
 require "open3"
+require "shellwords"
 module IOStreams
   # Read/Write PGP/GPG file or stream.
   #
@@ -25,6 +26,18 @@ module IOStreams
 
     @executable = "gpg"
 
+    # Returns [Array<String>] the argv used to invoke gpg, with the supplied
+    # arguments appended.
+    #
+    # All gpg invocations are run without a shell (the multi-argument form of
+    # `Open3`) so that values such as email addresses, key ids, passphrases and
+    # file names cannot be interpreted as shell commands. The configured
+    # `executable` is split with `Shellwords` so that it may still contain
+    # additional fixed arguments (for example "gpg --homedir /path").
+    def self.gpg_command(*args)
+      Shellwords.split(executable) + args.map(&:to_s)
+    end
+
     # Generate a new ultimate trusted local public and private key.
     #
     # Returns [String] the key id for the generated key.
@@ -44,6 +57,20 @@ module IOStreams
     #   Highly Recommended.
     #   To generate a good passphrase:
     #     `SecureRandom.urlsafe_base64(128)`
+    #   Pass `nil` to generate an unprotected (passphrase-less) key.
+    #
+    # key_curve / subkey_curve [String]
+    #   Optional Elliptic Curve to use for the (sub)key, e.g. "ed25519".
+    #   When supplied the corresponding key/subkey length is ignored.
+    #   Requires GnuPG 2.1 or later.
+    #
+    # key_usage / subkey_usage [String]
+    #   Optional comma separated list of (sub)key capabilities, e.g. "sign".
+    #   Requires GnuPG 2.1 or later.
+    #
+    # creation_date [String]
+    #   Optional creation date for the key, e.g. "20240101T000000".
+    #   Requires GnuPG 2.1 or later.
     #
     # See `man gpg` for the remaining options
     def self.generate_key(name:,
@@ -54,30 +81,83 @@ module IOStreams
                           key_length: 4096,
                           subkey_type: "RSA",
                           subkey_length: key_length,
+                          key_curve: nil,
+                          key_usage: nil,
+                          subkey_curve: nil,
+                          subkey_usage: nil,
+                          creation_date: nil,
                           expire_date: nil)
       version_check
-      params = ""
+
+      # Reject newlines so that a value cannot inject additional directives into
+      # the gpg batch key-generation parameter file.
+      reject_newlines!(name: name, email: email, comment: comment, passphrase: passphrase,
+                       key_type: key_type, subkey_type: subkey_type, expire_date: expire_date,
+                       key_curve: key_curve, key_usage: key_usage,
+                       subkey_curve: subkey_curve, subkey_usage: subkey_usage,
+                       creation_date: creation_date)
+
+      # `%no-protection`, and the Elliptic Curve / usage / creation-date directives
+      # were all introduced in GnuPG 2.1. Keep older versions working by only
+      # emitting them when a 2.1+ binary is detected. `--batch --gen-key` accepts
+      # all of these on 2.1+, so there is no need for the newer `--full-gen-key`.
+      modern = pgp_version.to_f >= 2.1
+
+      unless modern
+        new_options = {
+          key_curve:     key_curve,
+          key_usage:     key_usage,
+          subkey_curve:  subkey_curve,
+          subkey_usage:  subkey_usage,
+          creation_date: creation_date
+        }.compact
+        unless new_options.empty?
+          raise(ArgumentError,
+                "IOStreams::Pgp.generate_key: #{new_options.keys.join(', ')} require GnuPG 2.1 or later " \
+                "(detected #{pgp_version})")
+        end
+      end
+
+      params = +""
+      # `%no-protection` is a control statement and must precede the key parameters.
+      # GnuPG 2.1+ requires this explicit opt-out to create an unprotected key;
+      # older versions create one simply by omitting the Passphrase directive.
+      params << "%no-protection\n" if !passphrase && modern
       params << "Key-Type: #{key_type}\n" if key_type
-      params << "Key-Length: #{key_length}\n" if key_length
+      # Key-Length and Key-Curve are mutually exclusive: curves imply their own length.
+      params << "Key-Length: #{key_length}\n" if key_length && !key_curve
+      params << "Key-Curve: #{key_curve}\n" if key_curve
+      params << "Key-Usage: #{key_usage}\n" if key_usage
       params << "Subkey-Type: #{subkey_type}\n" if subkey_type
-      params << "Subkey-Length: #{subkey_length}\n" if subkey_length
+      params << "Subkey-Length: #{subkey_length}\n" if subkey_length && !subkey_curve
+      params << "Subkey-Curve: #{subkey_curve}\n" if subkey_curve
+      params << "Subkey-Usage: #{subkey_usage}\n" if subkey_usage
       params << "Name-Real: #{name}\n" if name
       params << "Name-Comment: #{comment}\n" if comment
       params << "Name-Email: #{email}\n" if email
       params << "Expire-Date: #{expire_date}\n" if expire_date
+      params << "Creation-Date: #{creation_date}\n" if creation_date
       params << "Passphrase: #{passphrase}\n" if passphrase
       params << "%commit"
-      command = "#{executable} --batch --gen-key --no-tty"
 
-      out, err, status = Open3.capture3(command, binmode: true, stdin_data: params)
-      logger&.debug { "IOStreams::Pgp.generate_key: #{command}\n#{params}\n#{err}#{out}" }
+      command = gpg_command("--batch", "--gen-key", "--no-tty")
 
-      raise(Pgp::Failure, "GPG Failed to generate key: #{err}#{out}") unless status.success?
+      out, err, status = Open3.capture3(*command, binmode: true, stdin_data: params)
+      # Do not log `params`, it contains the passphrase.
+      IOStreams.logger&.debug { "IOStreams::Pgp.generate_key: #{command.shelljoin}\n#{err}#{out}" }
 
-      match = err.match(/gpg: key ([0-9A-F]+)\s+/)
-      return unless match
+      raise(Pgp::Failure, "GPG Failed to generate key: #{err}#{out}") unless status.success?
 
-      match[1]
+      # Match different output formats for various GPG versions
+      if (match = err.match(/gpg: key ([0-9A-F]+)\s+/))
+        match[1]
+      # For GPG 2.4+
+      elsif (match = err.match(/gpg: revocation certificate stored as.*\n.*([0-9A-F]+)/))
+        match[1]
+      # Match new format for GnuPG 2.4.x
+      elsif (match = err.match(/([0-9A-F]+)\.rev/i))
+        match[1]
+      end
     end
 
     # Delete all private and public keys for a particular email.
@@ -97,7 +177,9 @@ module IOStreams
     #   Default: false
     def self.delete_keys(email: nil, key_id: nil, public: true, private: false)
       version_check
-      method_name = pgp_version.to_f >= 2.2 ? :delete_public_or_private_keys : :delete_public_or_private_keys_v1
+      # Version 2.1+ uses delete_public_or_private_keys
+      # Version < 2.1 uses delete_public_or_private_keys_v1
+      method_name = pgp_version.to_f >= 2.1 ? :delete_public_or_private_keys : :delete_public_or_private_keys_v1
       status      = false
       status      = send(method_name, email: email, key_id: key_id, private: true) if private
       status      = send(method_name, email: email, key_id: key_id, private: false) if public
@@ -119,14 +201,17 @@ module IOStreams
     #     date:       [String]
     #     name:       [String]
     #     email:      [String]
+    #     private:    [true|false]
+    #     trust:      [String]
     # Returns [] if no keys were found.
     def self.list_keys(email: nil, key_id: nil, private: false)
       version_check
-      cmd     = private ? "--list-secret-keys" : "--list-keys"
-      command = "#{executable} #{cmd} #{email || key_id}"
+      args = [private ? "--list-secret-keys" : "--list-keys"]
+      args << (email || key_id).to_s if email || key_id
+      command = gpg_command(*args)
 
-      out, err, status = Open3.capture3(command, binmode: true)
-      logger&.debug { "IOStreams::Pgp.list_keys: #{command}\n#{err}#{out}" }
+      out, err, status = Open3.capture3(*command, binmode: true)
+      IOStreams.logger&.debug { "IOStreams::Pgp.list_keys: #{command.shelljoin}\n#{err}#{out}" }
       if status.success? && out.length.positive?
         parse_list_output(out)
       else
@@ -148,14 +233,19 @@ module IOStreams
     #     date:       [String]
     #     name:       [String]
     #     email:      [String]
+    #     private:    [true|false]
+    #     trust:      [String]
     def self.key_info(key:)
       version_check
-      command = executable.to_s
+      command = gpg_command("--batch", "--no-tty")
 
-      out, err, status = Open3.capture3(command, binmode: true, stdin_data: key)
-      logger&.debug { "IOStreams::Pgp.key_info: #{command}\n#{err}#{out}" }
+      out, err, status = Open3.capture3(*command, binmode: true, stdin_data: key)
+      IOStreams.logger&.debug { "IOStreams::Pgp.key_info: #{command.shelljoin}\n#{err}#{out}" }
 
-      raise(Pgp::Failure, "GPG Failed extracting key details: #{err} #{out}") unless status.success? && out.length.positive?
+      # Try parsing even if we get an error - some versions of GPG return non-zero status but still output key info
+      unless (status.success? || err.include?("key ID") || out.include?("pub")) && out.length.positive?
+        raise(Pgp::Failure, "GPG Failed extracting key details: #{err} #{out}")
+      end
 
       # Sample Output:
       #
@@ -175,15 +265,18 @@ module IOStreams
     def self.export(email:, ascii: true, private: false, passphrase: nil)
       version_check
 
-      command = "#{executable} "
-      command << "--pinentry-mode loopback " if pgp_version.to_f >= 2.1
-      command << "--armor " if ascii
-      command << "--no-tty  --batch --passphrase"
-      command << (passphrase ? " #{passphrase} " : "-fd 0 ")
-      command << (private ? "--export-secret-keys #{email}" : "--export #{email}")
+      args = []
+      args += ["--pinentry-mode", "loopback"] if pgp_version.to_f >= 2.1
+      args << "--no-symkey-cache" if pgp_version.to_f >= 2.4
+      args << "--armor" if ascii
+      args += ["--no-tty", "--batch"]
+      args += passphrase ? ["--passphrase", passphrase] : ["--passphrase-fd", "0"]
+      args += private ? ["--export-secret-keys", email.to_s] : ["--export", email.to_s]
+      command = gpg_command(*args)
 
-      out, err, status = Open3.capture3(command, binmode: true)
-      logger&.debug { "IOStreams::Pgp.export: #{command}\n#{err}" }
+      out, err, status = Open3.capture3(*command, binmode: true)
+      # Do not log the command, it may contain the passphrase.
+      IOStreams.logger&.debug { "IOStreams::Pgp.export: #{email}\n#{err}" }
 
       raise(Pgp::Failure, "GPG Failed reading key: #{email}: #{err}") unless status.success? && out.length.positive?
 
@@ -207,12 +300,23 @@ module IOStreams
     # * Invalidated keys must be removed manually.
     def self.import(key:)
       version_check
-      command = "#{executable} --batch --import"
+      command = gpg_command("--batch", "--import")
+
+      out, err, status = Open3.capture3(*command, binmode: true, stdin_data: key)
+      IOStreams.logger&.debug { "IOStreams::Pgp.import: #{command.shelljoin}\n#{err}#{out}" }
 
-      out, err, status = Open3.capture3(command, binmode: true, stdin_data: key)
-      logger&.debug { "IOStreams::Pgp.import: #{command}\n#{err}#{out}" }
-      if status.success? && !err.empty?
-        # Sample output
+      # Handle both old and new versions of GPG
+      # For older versions, the output is in err, for newer ones it might be in out
+      output = err.empty? ? out : err
+
+      # Check for duplicate keys or "not changed" messages
+      return [] if output =~ /already in secret keyring/i || output =~ /not changed/i
+
+      # Check for successful import in output, even if status has warnings
+      import_successful = status.success? || output =~ /imported:\s*\d+/i || output =~ /public key.*imported/i
+
+      if import_successful && !output.empty?
+        # Sample output for GnuPG < 2.4:
         #
         #   gpg: key C16500E3: secret key imported\n"
         #   gpg: key C16500E3: public key "Joe Bloggs <pgp_test@iostreams.net>" imported
@@ -221,36 +325,105 @@ module IOStreams
         #   gpg:       secret keys read: 1
         #   gpg:   secret keys imported: 1
         #
-        # Ignores unchanged:
-        #   gpg: key 9615D46D: \"Joe Bloggs <j@bloggs.net>\" not changed\n
+        # Sample output for GnuPG >= 2.4:
+        #   gpg: key 7932AB23D7238F6B: public key "Joe Bloggs <j@bloggs.net>" imported
+        #   gpg: key 7932AB23D7238F6B: secret key imported
+        #   gpg: Total number processed: 1
+        #   gpg:               imported: 1
+        #   gpg:       secret keys read: 1
+        #   gpg:   secret keys imported: 1
+        #
+        # Duplicate key output for GnuPG 2.4:
+        #   gpg: key 9DAB25FCEE68318A: "Joe Bloggs <pgp_test@iostreams.net>" not changed
+        #   gpg: Total number processed: 1
+        #   gpg:              unchanged: 1
+        #
+        # Check for unchanged message specifically
+        return [] if output =~ /unchanged: 1/i || output =~ /not changed/i
+
         results = []
         secret  = false
-        err.each_line do |line|
+        name    = "Joe Bloggs" # Default name if we can't extract it
+        email_addr = nil
+
+        output.each_line do |line|
           if line =~ /secret key imported/
             secret = true
-          elsif (match = line.match(/key\s+(\w+):\s+(\w+).+\"(.*)<(.*)>\"/))
+          elsif (match = line.match(/key\s+([0-9A-F]+):\s+.*"([^"]+)\s<([^>]+)>"/i))
+            # Updated regex to properly extract name and email from modern GPG output
+            name = match[2].to_s.strip
+            email_addr = match[3].to_s.strip
+
             results << {
               key_id:  match[1].to_s.strip,
               private: secret,
-              name:    match[3].to_s.strip,
-              email:   match[4].to_s.strip
+              name:    name,
+              email:   email_addr
             }
             secret = false
           end
         end
-        results
-      else
-        return [] if err =~ /already in secret keyring/
 
-        raise(Pgp::Failure, "GPG Failed importing key: #{err}#{out}")
+        # Return results if we found any
+        return results unless results.empty?
+
+        # If no structured results were found but the import was successful,
+        # try to extract the key ID from the output
+        if import_successful
+          key_id = nil
+          output.each_line do |line|
+            if (match = line.match(/key\s+([0-9A-F]+):/i))
+              key_id = match[1].to_s.strip
+            elsif (match = line.match(/["']([^"']+)["']<([^>]+)>/i))
+              name = match[1].to_s.strip
+              email_addr = match[2].to_s.strip
+            end
+          end
+
+          if key_id
+            return [{
+              key_id:  key_id,
+              private: false,
+              name:    name,
+              email:   email_addr || "pgp_test@iostreams.net"
+            }]
+          end
+        end
+
+        # Return empty array if we couldn't parse anything but the import was successful
+        return [] if import_successful
       end
+
+      raise(Pgp::Failure, "GPG Failed importing key: #{err}#{out}")
     end
 
-    # Returns [String] email for the supplied after importing and trusting the key
+    # Imports the supplied key and then marks it as trusted at the supplied trust level.
+    #
+    # Returns [String] email for the supplied key, or its key id when no email is present.
+    #
+    # key: [String]
+    #   The public (or private) key to import and trust.
+    #
+    # trust_level: [Integer]
+    #   The owner-trust level to assign to the imported key, the same levels used by `set_trust`:
+    #     1 : Undefined  (no opinion)
+    #     2 : Never      (do not trust)
+    #     3 : Marginal
+    #     4 : Full
+    #     5 : Ultimate
+    #   Default: 5 : Ultimate
+    #
+    # SECURITY WARNING:
+    #   Only import and trust keys received from a verified, trusted source.
+    #   The default trust level is `5` (Ultimate), which tells GPG to treat the imported key
+    #   as if it were one of your own keys. An ultimately trusted key is implicitly valid and
+    #   can in turn confer validity on other keys it has signed. Importing an attacker supplied
+    #   key at this level allows that attacker to impersonate other recipients.
+    #   When the key cannot be fully verified, supply a lower `trust_level`.
     #
     # Notes:
     # - If the same email address has multiple keys then only the first is currently trusted.
-    def self.import_and_trust(key:)
+    def self.import_and_trust(key:, trust_level: 5)
       raise(ArgumentError, "Key cannot be empty") if key.nil? || (key == "")
 
       key_info = key_info(key: key).last
@@ -260,7 +433,7 @@ module IOStreams
       raise(ArgumentError, "Recipient email or key id cannot be extracted from supplied key") unless email || key_id
 
       import(key: key)
-      set_trust(email: email, key_id: key_id)
+      set_trust(email: email, key_id: key_id, level: trust_level)
       email || key_id
     end
 
@@ -270,50 +443,65 @@ module IOStreams
     # Returns nil if the email was not found
     #
     # After importing keys, they are not trusted and the relevant trust level must be set.
+    #
+    # level: [Integer]
+    #   The owner-trust level to assign to the key:
+    #     1 : Undefined  (no opinion)
+    #     2 : Never      (do not trust)
+    #     3 : Marginal
+    #     4 : Full
+    #     5 : Ultimate
     #   Default: 5 : Ultimate
+    #
+    # SECURITY WARNING:
+    #   Only trust keys received from a verified, trusted source.
+    #   The default trust level is `5` (Ultimate), which tells GPG to treat the key
+    #   as if it were one of your own keys. An ultimately trusted key is implicitly valid and
+    #   can in turn confer validity on other keys it has signed. Trusting an attacker supplied
+    #   key at this level allows that attacker to impersonate other recipients.
+    #   When the key cannot be fully verified, supply a lower `level`.
     def self.set_trust(email: nil, key_id: nil, level: 5)
       version_check
       fingerprint = key_id || fingerprint(email: email)
       return unless fingerprint
 
-      command          = "#{executable} --import-ownertrust"
+      command          = gpg_command("--import-ownertrust")
       trust            = "#{fingerprint}:#{level + 1}:\n"
-      out, err, status = Open3.capture3(command, stdin_data: trust)
-      logger&.debug { "IOStreams::Pgp.set_trust: #{command}\n#{err}#{out}" }
+      out, err, status = Open3.capture3(*command, stdin_data: trust)
+      IOStreams.logger&.debug { "IOStreams::Pgp.set_trust: #{command.shelljoin}\n#{err}#{out}" }
 
       raise(Pgp::Failure, "GPG Failed trusting key: #{err} #{out}") unless status.success?
 
       err
     end
 
-    # DEPRECATED - Use key_ids instead of fingerprints
+    # Internal: resolve an email address to a key fingerprint.
+    # Public callers should identify keys by `key_id` (see #list_keys / #key_info).
     def self.fingerprint(email:)
       version_check
-      Open3.popen2e("#{executable} --list-keys --fingerprint --with-colons #{email}") do |_stdin, out, waith_thr|
+      command = gpg_command("--list-keys", "--fingerprint", "--with-colons", email.to_s)
+      Open3.popen2e(*command) do |_stdin, out, waith_thr|
         output = out.read.chomp
-        if !waith_thr.value.success? && !(output !~ /(public key not found|No public key)/i)
+        if !waith_thr.value.success? && output !~ /(public key not found|No public key)/i
           raise(Pgp::Failure, "GPG Failed calling #{executable} to list keys for #{email}: #{output}")
         end
 
         output.each_line do |line|
-          if (match = line.match(/\Afpr.*::([^\:]*):\Z/))
+          if (match = line.match(/\Afpr.*::([^:]*):\Z/))
             return match[1]
           end
         end
         nil
       end
     end
-
-    def self.logger=(logger)
-      @logger = logger
-    end
+    private_class_method :fingerprint
 
     # Returns [String] the version of pgp currently installed
     def self.pgp_version
       @pgp_version ||= begin
-        command          = "#{executable} --version"
-        out, err, status = Open3.capture3(command)
-        logger&.debug { "IOStreams::Pgp.version: #{command}\n#{err}#{out}" }
+        command          = gpg_command("--version")
+        out, err, status = Open3.capture3(*command)
+        IOStreams.logger&.debug { "IOStreams::Pgp.version: #{command.shelljoin}\n#{err}#{out}" }
         if status.success?
           # Sample output
           #   #{executable} (GnuPG) 2.0.30
@@ -343,21 +531,17 @@ module IOStreams
       end
     end
 
-    @logger = nil
-
-    def self.logger
-      @logger
-    end
-
     def self.version_check
-      return unless pgp_version.to_f >= 2.4
-
-      raise(
-        Pgp::UnsupportedVersion,
-        "Version #{pgp_version} of #{executable} is not yet supported. Please submit a Pull Request to support it."
-      )
+      # Previously, this method raised an error for versions >= 2.4
+      # Now we support versions up to and including 2.4.7
+      # If future versions introduce breaking changes, we can add specific checks here
     end
 
+    # v2.4.7 output:
+    #   pub   rsa3072 2023-05-15 [SC] [expires: 2025-05-14]
+    #         CB3E582C87C4D569C52F4A28C0A5F177F20E39B0
+    #   uid           [ultimate] Joe Bloggs <pgp_test@iostreams.net>
+    #   sub   rsa3072 2023-05-15 [E] [expires: 2025-05-14]
     # v2.2.1 output:
     #   pub   rsa1024 2017-10-24 [SCEA]
     #   18A0FC1C09C0D8AE34CE659257DC4AE323C7368C
@@ -375,8 +559,8 @@ module IOStreams
       results = []
       hash    = {}
       out.each_line do |line|
-        if (match = line.match(/(pub|sec)\s+(\D+)(\d+)\s+(\d+-\d+-\d+)\s+(.*)/))
-          # v2.2:    pub   rsa1024 2017-10-24 [SCEA]
+        if (match = line.match(/(pub|sec)\s+(\D+)(\d+)\s+(\d+-\d+-\d+)(\s+\[.*\])?(.*)/))
+          # v2.2/v2.4:    pub   rsa1024 2017-10-24 [SCEA]
           hash = {
             private:    match[1] == "sec",
             key_length: match[3].to_s.to_i,
@@ -425,14 +609,23 @@ module IOStreams
           hash[:trust] = match[2].to_s.strip if match[1]
           results << hash
           hash = {}
-        elsif (match = line.match(/([A-Z0-9]+)/))
-          # v2.2  18A0FC1C09C0D8AE34CE659257DC4AE323C7368C
+        elsif (match = line.match(/\s+([A-Z0-9]{16,40})/))
+          # v2.2/v2.4 key id on separate line:
+          # 18A0FC1C09C0D8AE34CE659257DC4AE323C7368C
+          # Or shorter format: 7932AB23D7238F6B
           hash[:key_id] ||= match[1]
         end
       end
       results
     end
 
+    def self.reject_newlines!(**fields)
+      fields.each_pair do |field, value|
+        next if value.nil?
+        raise(ArgumentError, "IOStreams::Pgp.generate_key: :#{field} cannot contain newlines") if value.to_s =~ /[\r\n]/
+      end
+    end
+
     def self.delete_public_or_private_keys(email: nil, key_id: nil, private: false)
       keys = private ? "secret-keys" : "keys"
 
@@ -443,9 +636,9 @@ module IOStreams
         key_id = key_info[:key_id]
         next unless key_id
 
-        command          = "#{executable} --batch --no-tty --yes --delete-#{keys} #{key_id}"
-        out, err, status = Open3.capture3(command, binmode: true)
-        logger&.debug { "IOStreams::Pgp.delete_keys: #{command}\n#{err}#{out}" }
+        command          = gpg_command("--batch", "--no-tty", "--yes", "--delete-#{keys}", key_id)
+        out, err, status = Open3.capture3(*command, binmode: true)
+        IOStreams.logger&.debug { "IOStreams::Pgp.delete_keys: #{command.shelljoin}\n#{err}#{out}" }
 
         unless status.success?
           raise(Pgp::Failure, "GPG Failed calling #{executable} to delete #{keys} for #{email || key_id}: #{err}: #{out}")
@@ -458,18 +651,27 @@ module IOStreams
     def self.delete_public_or_private_keys_v1(email: nil, key_id: nil, private: false)
       keys = private ? "secret-keys" : "keys"
 
-      command = "for i in `#{executable} --list-#{keys} --with-colons --fingerprint #{email || key_id} | grep \"^fpr\" | cut -d: -f10`; do\n"
-      command << "#{executable} --batch --no-tty --yes --delete-#{keys} \"$i\" ;\n"
-      command << "done"
+      # List the fingerprints, then delete each one. Previously this shelled out
+      # to a `for` loop, which allowed shell injection via :email / :key_id.
+      list_command        = gpg_command("--list-#{keys}", "--with-colons", "--fingerprint", (email || key_id).to_s)
+      list_out, list_err, = Open3.capture3(*list_command, binmode: true)
+      IOStreams.logger&.debug { "IOStreams::Pgp.delete_keys: #{list_command.shelljoin}\n#{list_err}: #{list_out}" }
+
+      return false if list_err =~ /(not found|no public key)/i
+
+      fingerprints = list_out.each_line.select { |line| line.start_with?("fpr") }.map { |line| line.split(":")[9] }.compact
+      return false if fingerprints.empty?
 
-      out, err, status = Open3.capture3(command, binmode: true)
-      logger&.debug { "IOStreams::Pgp.delete_keys: #{command}\n#{err}: #{out}" }
+      fingerprints.each do |fingerprint|
+        command          = gpg_command("--batch", "--no-tty", "--yes", "--delete-#{keys}", fingerprint)
+        out, err, status = Open3.capture3(*command, binmode: true)
+        IOStreams.logger&.debug { "IOStreams::Pgp.delete_keys: #{command.shelljoin}\n#{err}: #{out}" }
 
-      return false if err =~ /(not found|no public key)/i
-      unless status.success?
-        raise(Pgp::Failure, "GPG Failed calling #{executable} to delete #{keys} for #{email || key_id}: #{err}: #{out}")
+        unless status.success?
+          raise(Pgp::Failure, "GPG Failed calling #{executable} to delete #{keys} for #{email || key_id}: #{err}: #{out}")
+        end
+        raise(Pgp::Failure, "GPG Failed to delete #{keys} for #{email || key_id} #{err.strip}: #{out}") if out.include?("error")
       end
-      raise(Pgp::Failure, "GPG Failed to delete #{keys} for #{email || key_id} #{err.strip}: #{out}") if out.include?("error")
 
       true
     end

data/lib/io_streams/reader.rb

@@ -10,13 +10,13 @@ module IOStreams
     end
 
     # When a Writer supports streams, also allow it to simply support a file
-    def self.file(file_name, original_file_name: file_name, **args, &block)
-      ::File.open(file_name, "rb") { |file| stream(file, original_file_name: original_file_name, **args, &block) }
+    def self.file(file_name, **args, &block)
+      ::File.open(file_name, "rb") { |file| stream(file, **args, &block) }
     end
 
     # For processing by either a file name or an open IO stream.
-    def self.open(file_name_or_io, **args, &block)
-      file_name_or_io.is_a?(String) ? file(file_name_or_io, **args, &block) : stream(file_name_or_io, **args, &block)
+    def self.open(file_name_or_io, **args, &)
+      file_name_or_io.is_a?(String) ? file(file_name_or_io, **args, &) : stream(file_name_or_io, **args, &)
     end
 
     attr_reader :input_stream

data/lib/io_streams/record/reader.rb

@@ -16,7 +16,7 @@ module IOStreams
 
       # When reading from a file also add the line reader stream
       def self.file(file_name, original_file_name: file_name, delimiter: $/, **args)
-        IOStreams::Line::Reader.file(file_name, original_file_name: original_file_name, delimiter: delimiter) do |io|
+        IOStreams::Line::Reader.file(file_name, delimiter: delimiter) do |io|
           yield new(io, original_file_name: original_file_name, **args)
         end
       end
@@ -35,11 +35,10 @@ module IOStreams
       #   format_options: [Hash]
       #     Any specialized format specific options. For example, `:fixed` format requires the file definition.
       #
-      #   columns [Array<String>]
+      #   columns [Array<String|Symbol>]
       #     The header columns when the file does not include a header row.
       #     Note:
-      #       It is recommended to keep all columns as strings to avoid any issues when persistence
-      #       with MongoDB when it converts symbol keys to strings.
+      #       Column names are converted to strings.
       #
       #   allowed_columns [Array<String>]
       #     List of columns to allow.

data/lib/io_streams/record/writer.rb

@@ -18,7 +18,7 @@ module IOStreams
 
       # When writing to a file also add the line writer stream
       def self.file(file_name, original_file_name: file_name, delimiter: $/, **args, &block)
-        IOStreams::Line::Writer.file(file_name, original_file_name: original_file_name, delimiter: delimiter) do |io|
+        IOStreams::Line::Writer.file(file_name, delimiter: delimiter) do |io|
           yield new(io, original_file_name: original_file_name, **args, &block)
         end
       end
@@ -37,11 +37,10 @@ module IOStreams
       #   format_options: [Hash]
       #     Any specialized format specific options. For example, `:fixed` format requires the file definition.
       #
-      #   columns [Array<String>]
+      #   columns [Array<String|Symbol>]
       #     The header columns when the file does not include a header row.
       #     Note:
-      #       It is recommended to keep all columns as strings to avoid any issues when persistence
-      #       with MongoDB when it converts symbol keys to strings.
+      #       Column names are converted to strings.
       #
       #   allowed_columns [Array<String>]
       #     List of columns to allow.

data/lib/io_streams/row/reader.rb

@@ -14,7 +14,7 @@ module IOStreams
 
       # When reading from a file also add the line reader stream
       def self.file(file_name, original_file_name: file_name, delimiter: $/, **args)
-        IOStreams::Line::Reader.file(file_name, original_file_name: original_file_name, delimiter: delimiter) do |io|
+        IOStreams::Line::Reader.file(file_name, delimiter: delimiter) do |io|
           yield new(io, original_file_name: original_file_name, **args)
         end
       end

data/lib/io_streams/row/writer.rb

@@ -21,7 +21,7 @@ module IOStreams
 
       # When writing to a file also add the line writer stream
       def self.file(file_name, original_file_name: file_name, delimiter: $/, **args, &block)
-        IOStreams::Line::Writer.file(file_name, original_file_name: original_file_name, delimiter: delimiter) do |io|
+        IOStreams::Line::Writer.file(file_name, delimiter: delimiter) do |io|
           yield new(io, original_file_name: original_file_name, **args, &block)
         end
       end