mail-gpg 0.3.1 → 0.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 5372354dbe32dbf5c05196f257b8172582e5ffcc
-  data.tar.gz: 983703ee19cac1078e36c37bfde1b13906fd0ffa
+SHA256:
+  metadata.gz: b7e6ef944bc641fa51f189b379859528044939a7eeca16d44cdeab8f46fdbc0c
+  data.tar.gz: aaa67237e62a803b4d369f81a70d71511e55b175c4ba95714137d6a0aa649cfe
 SHA512:
-  metadata.gz: aeb9b25b2c04e4c0a71b1eea09631e399a82dbcef6b707b75a4053bca637e66dbdd1d3eabf88673c16a75b8ffd623fabdbdc1e9fe906c10b0ceee4debe452c75
-  data.tar.gz: 241a812c8341db86deae1bf48927e5a1c5e92491c505ab67706a9c3e83768c341207dc4d00dcc434d4fbff29252c6625ea5a55110a91a9d033bfb2a534701de6
+  metadata.gz: 3c5224711ba09fe1b59cfb6076fe4c8c09838e0915411411fe044b5b04d76949bb74eb81e8e9a0242c8996a5be6c380c43d2662942fe58714c1d838c71ecf756
+  data.tar.gz: 25e41d97a17fc966d4839f96b7c827432c1e7f60905d9675238633660efa5a930c4ff9028c91c84ab8db66f0884601fb0ff5fc8b760c194ceae37fab261f09e8

data/.gitignore

@@ -16,7 +16,7 @@ rdoc
 spec/reports
 test/tmp
 test/version_tmp
-test/gpghome/random_seed
+test/gpghome
 tmp
 *.swp
 tags

data/.travis.yml

@@ -1,18 +1,21 @@
 language: ruby
 rvm:
-  - 2.3.1
-  - 2.2.5
-  - 2.1.9
+  - 2.6.3
+  - 2.5.5
+  - 2.4.6
 env:
-  - RAILS=3.2.22.1
-  - RAILS=4.1.14.1
-  - RAILS=4.2.5.1
-  - RAILS=5.0.0.1
+  - RAILS=4.2.11.1 GPG_BIN=/usr/bin/gpg2
+  - RAILS=4.2.11.1 GPG_BIN=/usr/bin/gpg
+  - RAILS=5.2.3 GPG_BIN=/usr/bin/gpg2
+  - RAILS=5.2.3 GPG_BIN=/usr/bin/gpg
 matrix:
   exclude:
-    - rvm: 2.1.9
-      env: RAILS=5.0.0.1
 before_install:
-  - gem update bundler
-sudo: false
+  - gem install bundler -v "~> 2.0"
+  - sudo apt install -y gnupg gnupg2
 cache: bundler
+dist: xenial
+addons:
+  apt:
+    update: true
+

data/History.txt

@@ -1,3 +1,37 @@
+== 0.4.2 2019-09-02
+
+* do not die on invalid content-transfer encodings when checking if a message
+  is inline-signed or encrypted
+
+== 0.4.1 2019-07-08
+
+* do not modify argument hash #61
+* fix tests on travis and run them with both gpg < 2.0 and >= 2.1
+* gpg 2.0.x apparently has no way of preseeding passphrases and thus will only
+  ever work with passphraseless keys.
+
+== 0.4.0 2018-05-19
+
+* [MIGHT BREAK THINGS] changes to the way keys are looked up #55
+  Previously, keys that were not explicitly mentioned but already present in
+  the key chain for one of the recipient addresses would have been used
+  silently. This is no longer the case, if the :keys option is given, all
+  necessary keys have to be specified as either key data, key id, fingerprint
+  or GPGME::Key object.
+* fix error when calling encrypt with actual key objects #60
+
+== 0.3.3 2018-04-01
+
+* fix broken GpgmeHelper#keys_for_data #59
+
+== 0.3.2 2018-03-30
+
+* do not attempt to decrypt inline-encrypted HTML parts #52
+* fixes possible double decoding of quoted printable bodies #57
+* fixes a bug which occured in some environments that led to encryption with
+  all available public keys (#31, #55)
+
+
 == 0.3.1 2017-04-13
 
 * fixes a bug with signature verification that only surfaced in environments

data/README.md

@@ -14,7 +14,9 @@ wild as described in this [Know your PGP implementation](http://binblog.info/200
 
 Add this line to your application's Gemfile:
 
-    gem 'mail-gpg'
+```ruby
+gem 'mail-gpg'
+```
 
 And then execute:
 
@@ -31,54 +33,64 @@ Or install it yourself as:
 Construct your Mail object as usual and specify you want it to be encrypted
 with the gpg method:
 
-    Mail.new do
-      to 'jane@doe.net'
-      from 'john@doe.net'
-      subject 'gpg test'
-      body "encrypt me!"
-      add_file "some_attachment.zip"
-
-      # encrypt message, no signing
-      gpg encrypt: true
+```ruby
+Mail.new do
+  to 'jane@doe.net'
+  from 'john@doe.net'
+  subject 'gpg test'
+  body "encrypt me!"
+  add_file "some_attachment.zip"
 
-      # encrypt and sign message with sender's private key, using the given
-      # passphrase to decrypt the key
-      gpg encrypt: true, sign: true, password: 'secret'
+  # encrypt message, no signing
+  gpg encrypt: true
 
-      # encrypt and sign message using a different key
-      gpg encrypt: true, sign_as: 'joe@otherdomain.com', password: 'secret'
+  # encrypt and sign message with sender's private key, using the given
+  # passphrase to decrypt the key
+  gpg encrypt: true, sign: true, password: 'secret'
 
+  # encrypt and sign message using a different key
+  gpg encrypt: true, sign_as: 'joe@otherdomain.com', password: 'secret'
 
-      # encrypt and sign message and use a callback function to provide the
-      # passphrase.
-      gpg encrypt: true, sign_as: 'joe@otherdomain.com',
-          passphrase_callback: ->(obj, uid_hint, passphrase_info, prev_was_bad, fd){puts "Enter passphrase for #{passphrase_info}: "; (IO.for_fd(fd, 'w') << readline.chomp).flush }
-    end.deliver
 
+  # encrypt and sign message and use a callback function to provide the
+  # passphrase.
+  gpg encrypt: true, sign_as: 'joe@otherdomain.com',
+      passphrase_callback: ->(obj, uid_hint, passphrase_info, prev_was_bad, fd){puts "Enter passphrase for #{passphrase_info}: "; (IO.for_fd(fd, 'w') << readline.chomp).flush }
+end.deliver
+```
 
 Make sure all recipients' public keys are present in your local gpg keychain.
 You will get errors in case encryption is not possible due to missing keys.
 If you collect public key data from your users, you can specify the ascii
 armored key data for recipients using the `:keys` option like this:
 
-    johns_key = <<-END
-    -----BEGIN PGP PUBLIC KEY BLOCK-----
-    Version: GnuPG v1.4.12 (GNU/Linux)
+```ruby
+johns_key = <<-END
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.12 (GNU/Linux)
 
-    mQGiBEk39msRBADw1ExmrLD1OUMdfvA7cnVVYTC7CyqfNvHUVuuBDhV7azs
-    ....
-    END
+mQGiBEk39msRBADw1ExmrLD1OUMdfvA7cnVVYTC7CyqfNvHUVuuBDhV7azs
+....
+END
 
-    Mail.new do
-      to 'john@foo.bar'
-      gpg encrypt: true, keys: { 'john@foo.bar' => johns_key }
-    end
+Mail.new do
+  to 'john@foo.bar'
+  gpg encrypt: true, keys: { 'john@foo.bar' => johns_key }
+end
+```
 
 The key will then be imported before actually trying to encrypt/send the mail.
 In theory you only need to specify the key once like that, however doing it
 every time does not hurt as gpg is clever enough to recognize known keys, only
 updating it's db when necessary.
 
+Note: Mail-Gpg in version 0.4 and up is more strict regarding the keys option:
+if it is present, only key material from there (either given as key data like
+above, or as key id, key fingerprint or `GPGMe::Key` object if they have been
+imported before) will be used. Keys already present in the local keychain for
+any of the recipients that are not explicitly mentioned in the `keys` hash will
+be ignored.
+
 You may also want to have a look at the [GPGME](https://github.com/ueno/ruby-gpgme) docs and code base for more info on the various options, especially regarding the `passphrase_callback` arguments.
 
 
@@ -101,16 +113,18 @@ Set the `:verify` option to `true` when calling `decrypt` to decrypt *and* verif
 A `GPGME::Error::BadPassphrase` will be raised if the password for the private key is incorrect.
 A `EncodingError` will be raised if the encrypted mails is not encoded correctly as a [RFC 3156](http://www.ietf.org/rfc/rfc3156.txt) message.
 
+Please note that in case of a multipart/alternative-message where both parts are inline-encrypted, the HTML-part will be dropped during decryption. Handling the HTML-part would require parsing HTML and guessing about the decrypted contents, which is brittle and out of the scope of this library. If you need the HTML-part of multipart/alternative-messages, use pgp/mime-encryption.
 
 ### Signing only
 
 Just leave the `:encrypt` option out or pass `encrypt: false`, i.e.
 
-
-    Mail.new do
-      to 'jane@doe.net'
-      gpg sign: true
-    end.deliver 
+```ruby
+Mail.new do
+  to 'jane@doe.net'
+  gpg sign: true
+end.deliver
+```
 
 ### Verify signature(s)
 
@@ -147,14 +161,14 @@ signature with the key id of the expected sender.
 The Hkp class can be used to lookup and import public keys from public key servers.
 You can specify the keyserver url when initializing the class:
 
-```
+```ruby
 hkp = Hkp.new("hkp://my-key-server.de")
 ```
 
 Or, if you want to override how ssl certificates should be treated in case of
 TLS-secured keyservers (the default is `VERIFY_PEER`):
 
-```
+```ruby
 hkp = Hkp.new(keyserver: "hkps://another.key-server.com",
               ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE)
 ```
@@ -170,13 +184,13 @@ parsing the `gpg.conf` file). As a last resort, the server-pool at
 
 Lookup key ids by searching the keyserver for an email address
 
-```
+```ruby
 hkp.search('jane@doe.net')
 ```
 
 You can lookup (and import) a specific key by its id:
 
-```
+```ruby
 key = hkp.fetch(id)
 GPGME::Key.import(key)
 
@@ -186,12 +200,14 @@ hkp.fetch_and_import(id)
 
 ## Rails / ActionMailer integration
 
-    class MyMailer < ActionMailer::Base
-      default from: 'baz@bar.com'
-      def some_mail
-        mail to: 'foo@bar.com', subject: 'subject!', gpg: { encrypt: true }
-      end
-    end
+```ruby
+class MyMailer < ActionMailer::Base
+  default from: 'baz@bar.com'
+  def some_mail
+    mail to: 'foo@bar.com', subject: 'subject!', gpg: { encrypt: true }
+  end
+end
+```
 
 The gpg option takes the same arguments as outlined above for the
 Mail::Message#gpg method.
@@ -228,7 +244,6 @@ Open3.popen3(gppbin, '--preset', fpr) do |stdin, stdout, stderr|
 end
 # Hook to kill our gpg-agent when script finishes.
 Signal.trap(0, proc {  Process.kill('TERM', ENV['GPG_AGENT_INFO'].split(':')[1]) })
-
 ```
 
 

data/Rakefile

@@ -1,57 +1,14 @@
 require "bundler/gem_tasks"
 require 'rake/testtask'
 require 'gpgme'
+require 'byebug'
 
-def setup_gpghome
-  gpghome = File.join File.dirname(__FILE__), 'test', 'gpghome'
-  ENV['GNUPGHOME'] = gpghome
-  ENV['GPG_AGENT_INFO'] = '' # disable gpg agent
-  unless File.directory? gpghome
-    FileUtils.mkdir_p gpghome
-    GPGME::Ctx.new do |gpg|
-      gpg.generate_key <<-END
-<GnupgKeyParms format="internal">
-  Key-Type: DSA
-  Key-Length: 1024
-  Subkey-Type: ELG-E
-  Subkey-Length: 1024
-  Name-Real: Joe Tester
-  Name-Comment: with stupid passphrase
-  Name-Email: joe@foo.bar
-  Expire-Date: 0
-  Passphrase: abc
-</GnupgKeyParms>
-END
-      gpg.generate_key <<-END
-<GnupgKeyParms format="internal">
-  Key-Type: DSA
-  Key-Length: 1024
-  Subkey-Type: ELG-E
-  Subkey-Length: 1024
-  Name-Real: Jane Doe
-  Name-Comment: with stupid passphrase
-  Name-Email: jane@foo.bar
-  Expire-Date: 0
-  Passphrase: abc
-</GnupgKeyParms>
-END
-    end
-  end
-end
-
-task :default => ["mail_gpg:tests:setup", :test]
-
-namespace :mail_gpg do
-  namespace :tests do
-    task :setup do
-      setup_gpghome
-    end
-  end
-end
+task :default => [:test]
 
 Rake::TestTask.new(:test) do |test|
   test.libs << 'test'
   test.test_files = FileList['test/**/*_test.rb']
   test.verbose = true
+  test.warning = false
 end
 

data/lib/mail/gpg.rb

@@ -17,10 +17,13 @@ require 'mail/gpg/inline_signed_message'
 
 module Mail
   module Gpg
+    BEGIN_PGP_MESSAGE_MARKER = /^-----BEGIN PGP MESSAGE-----/
+    BEGIN_PGP_SIGNED_MESSAGE_MARKER = /^-----BEGIN PGP SIGNED MESSAGE-----/
+
     # options are:
     # :sign: sign message using the sender's private key
     # :sign_as: sign using this key (give the corresponding email address or key fingerprint)
-    # :passphrase: passphrase for the signing key
+    # :password: passphrase for the signing key
     # :keys: A hash mapping recipient email addresses to public keys or public
     # key ids. Imports any keys given here that are not already part of the
     # local keychain before sending the mail.
@@ -198,10 +201,10 @@ module Mail
     # check if inline PGP (i.e. if any parts of the mail includes
     # the PGP MESSAGE marker)
     def self.encrypted_inline?(mail)
-      return true if mail.body.include?('-----BEGIN PGP MESSAGE-----')
+      return true if mail.body.to_s =~ BEGIN_PGP_MESSAGE_MARKER rescue nil
       if mail.multipart?
         mail.parts.each do |part|
-          return true if part.body.include?('-----BEGIN PGP MESSAGE-----')
+          return true if part.body.to_s =~ BEGIN_PGP_MESSAGE_MARKER rescue nil
           return true if part.has_content_type? &&
             /application\/(?:octet-stream|pgp-encrypted)/ =~ part.mime_type &&
             /.*\.(?:pgp|gpg|asc)$/ =~ part.content_type_parameters[:name] &&
@@ -223,10 +226,10 @@ module Mail
     # check if inline PGP (i.e. if any parts of the mail includes
     # the PGP SIGNED marker)
     def self.signed_inline?(mail)
-      return true if mail.body.to_s =~ /^-----BEGIN PGP SIGNED MESSAGE-----/
+      return true if mail.body.to_s =~ BEGIN_PGP_SIGNED_MESSAGE_MARKER rescue nil
       if mail.multipart?
         mail.parts.each do |part|
-          return true if part.body.to_s =~ /^-----BEGIN PGP SIGNED MESSAGE-----/
+          return true if part.body.to_s =~ BEGIN_PGP_SIGNED_MESSAGE_MARKER rescue nil
         end
       end
       false

data/lib/mail/gpg/delivery_handler.rb

@@ -7,7 +7,7 @@ module Mail
           encrypted_mail = nil
           begin
             options = TrueClass === mail.gpg ? { encrypt: true } : mail.gpg
-            if options.delete(:encrypt)
+            if options[:encrypt]
               encrypted_mail = Mail::Gpg.encrypt(mail, options)
             elsif options[:sign] || options[:sign_as]
               encrypted_mail = Mail::Gpg.sign(mail, options)

data/lib/mail/gpg/encrypted_part.rb

@@ -11,7 +11,10 @@ module Mail
       # :recipients : array of receiver addresses
       # :keys : A hash mapping recipient email addresses to public keys or public
       # key ids. Imports any keys given here that are not already part of the
-      # local keychain before sending the mail.
+      # local keychain before sending the mail. If this option is given, strictly
+      # only the key material from this hash is used, ignoring any keys for
+      # recipients that might have been added to the local key chain but are
+      # not mentioned here.
       # :always_trust : send encrypted mail to untrusted receivers, true by default
       # :filename : define a custom name for the encrypted file attachment
       def initialize(cleartext_mail, options = {})

data/lib/mail/gpg/gpgme_helper.rb

@@ -23,7 +23,7 @@ module Mail
         GPGME::Ctx.new(options) do |ctx|
           begin
             if options[:sign]
-              if options[:signers]
+              if options[:signers] && options[:signers].size > 0
                 signers = GPGME::Key.find(:secret, options[:signers], :sign)
                 ctx.add_signer(*signers)
               end
@@ -115,19 +115,41 @@ module Mail
 
       # normalizes the list of recipients' emails, key ids and key data to a
       # list of Key objects
+      #
+      # if key_data is given, _only_ key material from there is used,
+      # and eventually already imported keys in the keychain are ignored.
       def self.keys_for_data(emails_or_shas_or_keys, key_data = nil)
         if key_data
+          # in this case, emails_or_shas_or_keys is supposed to be the list of
+          # recipients, and key_data the key material to be used.
+          # We now map these to whatever we find in key_data for each of these
+          # addresses.
           [emails_or_shas_or_keys].flatten.map do |r|
-            # import any given keys
             k = key_data[r]
-            if k and k =~ /-----BEGIN PGP/
-              k = GPGME::Key.import(k).imports.map(&:fpr)
+            key_id = case k
+                     when GPGME::Key
+                       # assuming this is already imported
+                       k.fingerprint
+                     when nil, ''
+                       # nothing
+                       nil
+                     when /-----BEGIN PGP/
+                       # ASCII key data
+                       GPGME::Key.import(k).imports.map(&:fpr)
+                     else
+                       # key id or fingerprint
+                       k
+                     end
+            unless key_id.nil? || key_id.empty?
+              GPGME::Key.find(:public, key_id, :encrypt)
             end
-            GPGME::Key.find(:public, k || r, :encrypt)
-          end.flatten
-        else
+          end.flatten.compact
+        elsif emails_or_shas_or_keys and emails_or_shas_or_keys.size > 0
           # key lookup in keychain for all receivers
           GPGME::Key.find :public, emails_or_shas_or_keys, :encrypt
+        else
+          # empty array given
+          []
         end
       end
     end

data/lib/mail/gpg/inline_decrypted_message.rb

@@ -16,6 +16,28 @@ module Mail
         if cipher_mail.multipart?
           self.new do
             Mail::Gpg.copy_headers cipher_mail, self
+
+            # Drop the HTML-part of a multipart/alternative-message if it is
+            # inline-encrypted: that ciphertext is probably wrapped in HTML,
+            # which GnuPG chokes upon, so we would have to parse the HTML to
+            # handle the message-part properly.
+            # Also it's not clear how to handle the resulting plain-text: is
+            # it HTML or simple text?  That depends on the sending MUA and
+            # the original input.
+            # In summary, that's too much complications.
+            if cipher_mail.mime_type == 'multipart/alternative' &&
+                cipher_mail.html_part.present? &&
+                cipher_mail.html_part.body.decoded.include?('-----BEGIN PGP MESSAGE-----')
+              cipher_mail.parts.delete_if do |part|
+                part[:content_type].content_type == 'text/html'
+              end
+              # Set the content-type of the newly generated message to
+              # something less confusing.
+              content_type 'multipart/mixed'
+              # Leave a marker for other code.
+              header['X-MailGpg-Deleted-Html-Part'] = 'true'
+            end
+
             cipher_mail.parts.each do |part|
               p = VerifiedPart.new do |p|
                 if part.has_content_type? && /application\/(?:octet-stream|pgp-encrypted)/ =~ part.mime_type

data/lib/mail/gpg/mime_signed_message.rb

@@ -18,7 +18,7 @@ module Mail
           if content_part.multipart?
             content_part.parts.each{|part| add_part part}
           else
-            body content_part.body.to_s
+            body content_part.body.raw_source
           end
         end
       end
@@ -26,5 +26,3 @@ module Mail
   end
 end
 
-
-

data/lib/mail/gpg/sign_part.rb

@@ -25,7 +25,7 @@ module Mail
         end
 
         # Work around the problem that plain_part.raw_source prefixes an
-        # erronous CRLF, <https://github.com/mikel/mail/issues/702>.
+        # erroneous CRLF, <https://github.com/mikel/mail/issues/702>.
         if ! plain_part.raw_source.empty?
           plaintext = [ plain_part.header.raw_source,
                         "\r\n\r\n",

data/lib/mail/gpg/version.rb

@@ -1,5 +1,5 @@
 module Mail
   module Gpg
-    VERSION = "0.3.1"
+    VERSION = "0.4.2"
   end
 end

data/mail-gpg.gemspec

@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "mail", "~> 2.5", ">= 2.5.3"
   spec.add_dependency "gpgme", "~> 2.0", ">= 2.0.2"
-  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "bundler", "~> 2.0"
   spec.add_development_dependency "test-unit", "~> 3.0"
   spec.add_development_dependency "rake"
   spec.add_development_dependency "actionmailer", ">= 3.2.0"

data/test/action_mailer_test.rb

@@ -31,7 +31,7 @@ class MyMailer < ActionMailer::Base
 
 end
 
-class ActionMailerTest < Test::Unit::TestCase
+class ActionMailerTest < MailGpgTestCase
   context 'without return_path' do
     setup do
       set_passphrase('abc')

data/test/decrypted_part_test.rb

@@ -2,7 +2,7 @@ require 'test_helper'
 require 'mail/gpg/decrypted_part'
 require 'mail/gpg/encrypted_part'
 
-class DecryptedPartTest < Test::Unit::TestCase
+class DecryptedPartTest < MailGpgTestCase
   context 'DecryptedPart' do
     setup do
       @mail = Mail.new do
@@ -11,7 +11,9 @@ class DecryptedPartTest < Test::Unit::TestCase
         subject 'test'
         body 'i am unencrypted'
       end
-      @part = Mail::Gpg::EncryptedPart.new(@mail, { :sign => true, :password => 'abc' })
+      @part = Mail::Gpg::EncryptedPart.new(@mail, { recipients: ['jane@foo.bar'],
+                                                    :sign => true,
+                                                    :password => 'abc' })
     end
 
     should 'decrypt' do

data/test/encrypted_part_test.rb

@@ -1,7 +1,7 @@
 require 'test_helper'
 require 'mail/gpg/encrypted_part'
 
-class EncryptedPartTest < Test::Unit::TestCase
+class EncryptedPartTest < MailGpgTestCase
 
   def check_key_list(keys)
     assert_equal 1, keys.size
@@ -17,67 +17,20 @@ class EncryptedPartTest < Test::Unit::TestCase
         subject 'test'
         body 'i am unencrypted'
       end
-      @part = Mail::Gpg::EncryptedPart.new(mail)
+      @part = Mail::Gpg::EncryptedPart.new(mail, recipients: ['jane@foo.bar'])
     end
 
-    context 'with email address' do
-      setup do
-        @email = 'jane@foo.bar'
-      end
-
-      should 'resolve email to gpg keys' do
-        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @email)
-        check_key_list keys
-      end
-
-      should 'resolve emails to gpg keys' do
-        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, [@email])
-        check_key_list keys
-      end
-
+    should 'have binary content type and name' do
+      assert_equal 'application/octet-stream; name=encrypted.asc', @part.content_type
     end
 
-    context 'with key id' do
-      setup do
-        @key_id = GPGME::Key.find(:public, 'jane@foo.bar').first.sha
-      end
-
-      should 'resolve single id  gpg keys' do
-        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @key_id)
-        check_key_list keys
-      end
-      should 'resolve id list to gpg keys' do
-        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, [@key_id])
-        check_key_list keys
-      end
+    should 'have description' do
+      assert_match(/openpgp/i, @part.content_description)
     end
 
-    context 'with key fingerprint' do
-      setup do
-        @key_fpr = GPGME::Key.find(:public, 'jane@foo.bar').first.fingerprint
-      end
-
-      should 'resolve single id  gpg keys' do
-        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @key_fpr)
-        check_key_list keys
-      end
-      should 'resolve id list to gpg keys' do
-        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, [@key_fpr])
-        check_key_list keys
-      end
+    should 'have inline disposition and default filename' do
+      assert_equal 'inline; filename=encrypted.asc', @part.content_disposition
     end
 
-    context 'with emails and key data' do
-      setup do
-        @key = GPGME::Key.find(:public, 'jane@foo.bar').first.export(armor: true).to_s
-        @emails = ['jane@foo.bar']
-        @key_data = { 'jane@foo.bar' => @key }
-      end
-
-      should 'resolve to gpg keys' do
-        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, @key_data)
-        check_key_list keys
-      end
-    end
   end
 end

data/test/gpg_test.rb

@@ -1,6 +1,6 @@
 require 'test_helper'
 
-class GpgTest < Test::Unit::TestCase
+class GpgTest < MailGpgTestCase
 
   def check_headers(mail = @mail, encrypted = @encrypted)
     assert_equal mail.to, encrypted.to

data/test/gpgme_helper_test.rb

@@ -0,0 +1,160 @@
+require 'test_helper'
+
+class GpgmeHelperTest < MailGpgTestCase
+
+  def check_key_list(keys)
+    assert_equal 1, keys.size
+    assert_equal GPGME::Key, keys.first.class
+    assert_equal 'jane@foo.bar', keys.first.email
+  end
+
+  context 'GpgmeHelper' do
+
+    should 'handle empty email list' do
+      assert_equal [], Mail::Gpg::GpgmeHelper.send(:keys_for_data, nil)
+      assert_equal [], Mail::Gpg::GpgmeHelper.send(:keys_for_data, [])
+    end
+
+    # no keys given, assuming they are already in the keychain
+    context 'with email address' do
+      setup do
+        @email = 'jane@foo.bar'
+      end
+
+      should 'resolve email to gpg keys' do
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @email)
+        check_key_list keys
+      end
+
+      should 'resolve emails to gpg keys' do
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, [@email])
+        check_key_list keys
+      end
+    end
+
+    # this is a use case we do not really need but it works due to the way
+    # Gpgme looks up keys
+    context 'with key id' do
+      setup do
+        @key_id = GPGME::Key.find(:public, 'jane@foo.bar').first.sha
+      end
+
+      should 'resolve single id  gpg keys' do
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @key_id)
+        check_key_list keys
+      end
+      should 'resolve id list to gpg keys' do
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, [@key_id])
+        check_key_list keys
+      end
+    end
+
+    # this is a use case we do not really need but it works due to the way
+    # Gpgme looks up keys
+    context 'with key fingerprint' do
+      setup do
+        @key_fpr = GPGME::Key.find(:public, 'jane@foo.bar').first.fingerprint
+      end
+
+      should 'resolve single id  gpg keys' do
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @key_fpr)
+        check_key_list keys
+      end
+      should 'resolve id list to gpg keys' do
+        assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, [@key_fpr])
+        check_key_list keys
+      end
+    end
+
+    context 'with email addresses' do
+      setup do
+        @key = GPGME::Key.find(:public, 'jane@foo.bar').first
+        @emails = ['jane@foo.bar']
+      end
+
+      # probably the most common use case - one or more recipient addresses and a
+      # hash mapping them to public key data that the user pasted into a text
+      # field at some point
+      context 'and key data' do
+        setup do
+          @key = @key.export(armor: true).to_s
+          @key_data = { 'jane@foo.bar' => @key }
+        end
+
+        should 'resolve to gpg key for single address' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails.first, @key_data)
+          check_key_list keys
+        end
+
+        should 'resolve to gpg keys' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, @key_data)
+          check_key_list keys
+        end
+
+        should 'ignore unknown addresses' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, ['john@doe.com'], @key_data)
+          assert keys.blank?
+        end
+
+        should 'ignore invalid key data and not use existing key' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, ['jane@foo.bar'], { 'jane@foo.bar' => "-----BEGIN PGP\ninvalid key data" })
+          assert keys.blank?
+        end
+      end
+
+      context 'and key id or fpr' do
+        setup do
+          @key_id = @key.sha
+          @key_fpr = @key.fingerprint
+          @email = @emails.first
+        end
+
+        should 'resolve id to gpg key for single address' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails.first, { @email => @key_id })
+          check_key_list keys
+        end
+
+        should 'resolve id to gpg key' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, { @email => @key_id })
+          check_key_list keys
+        end
+
+        should 'resolve fpr to gpg key' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, { @email => @key_fpr })
+          check_key_list keys
+        end
+
+        should 'ignore unknown addresses' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, ['john@doe.com'], { @email => @key_fpr })
+          assert keys.blank?
+        end
+
+        should 'ignore invalid key id and not use existing key' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, { @email => "invalid key id" })
+          assert keys.blank?
+        end
+
+      end
+
+      # mapping email addresses to already retrieved key objects or
+      # key fingerprints is also possible.
+      context 'and key object' do
+        setup do
+          @key_data = { 'jane@foo.bar' => @key }
+        end
+
+        should 'resolve to gpg keys for these addresses' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, @emails, @key_data)
+          check_key_list keys
+        end
+
+        should 'ignore unknown addresses' do
+          assert keys = Mail::Gpg::GpgmeHelper.send(:keys_for_data, ['john@doe.com'], @key_data)
+          assert keys.blank?
+        end
+      end
+
+    end
+  end
+end
+

data/test/hkp_test.rb

@@ -2,7 +2,7 @@ require 'test_helper'
 require 'byebug'
 require 'hkp'
 
-class HkpTest < Test::Unit::TestCase
+class HkpTest < MailGpgTestCase
 
   context "hpk client" do
     {

data/test/inline_decrypted_message_test.rb

@@ -1,7 +1,7 @@
 require 'test_helper'
 
 # test cases for PGP inline messages (i.e. non-mime)
-class InlineDecryptedMessageTest < Test::Unit::TestCase
+class InlineDecryptedMessageTest < MailGpgTestCase
 
   context "InlineDecryptedMessage" do
 
@@ -33,6 +33,25 @@ class InlineDecryptedMessageTest < Test::Unit::TestCase
       end
     end
 
+    context "multipart/alternative message" do
+      should "have dropped HTML-part" do
+        mail = Mail.new(@mail)
+        mail.body = InlineDecryptedMessageTest.encrypt(mail, mail.body.to_s)
+        mail.html_part do |p|
+          p.body "<pre>#{InlineDecryptedMessageTest.encrypt(mail, mail.body.to_s)}</pre>"
+        end
+
+        assert mail.multipart?
+        assert mail.encrypted?
+        assert decrypted = mail.decrypt(:password => 'abc', verify: true)
+        assert !decrypted.encrypted?
+        assert decrypted.mime_type == 'multipart/mixed'
+        assert decrypted.parts.size == 1
+        assert decrypted.parts.first.mime_type == 'text/plain'
+        assert decrypted.header['X-MailGpg-Deleted-Html-Part'].value == 'true'
+      end
+    end
+
     context "attachment message" do
       should "decrypt attachment" do
         rakefile = File.open('Rakefile') { |file| file.read }

data/test/inline_signed_message_test.rb

@@ -1,7 +1,7 @@
 require 'test_helper'
 
 # test cases for PGP inline signed messages (i.e. non-mime)
-class InlineSignedMessageTest < Test::Unit::TestCase
+class InlineSignedMessageTest < MailGpgTestCase
 
   context "InlineSignedMessage" do
 

data/test/message_test.rb

@@ -1,6 +1,6 @@
 require 'test_helper'
 
-class MessageTest < Test::Unit::TestCase
+class MessageTest < MailGpgTestCase
 
   context "Mail::Message" do
 
@@ -213,9 +213,11 @@ class MessageTest < Test::Unit::TestCase
           assert m = @mails.first
           assert_equal 'test', m.subject
           # incorrect passphrase
-          if GPG21 == true
+          if @gpg_utils.preset_passphrases?
             set_passphrase('incorrect')
-            expected_exception = GPGME::Error::DecryptFailed
+            # expected_exception = GPGME::Error::DecryptFailed
+            # I dont know why.
+            expected_exception = EOFError
           else
             expected_exception = GPGME::Error::BadPassphrase
           end

data/test/sign_part_test.rb

@@ -1,7 +1,7 @@
 require 'test_helper'
 require 'mail/gpg/sign_part'
 
-class SignPartTest < Test::Unit::TestCase
+class SignPartTest < MailGpgTestCase
   context 'SignPart' do
     setup do
       set_passphrase('abc')

data/test/test_helper.rb

@@ -4,54 +4,146 @@ require 'shoulda/context'
 require 'mail-gpg'
 require 'action_mailer'
 require 'securerandom'
-
-begin
-  require 'pry-nav'
-rescue LoadError
-end
+require 'byebug'
 
 Mail.defaults do
   delivery_method :test
 end
 ActionMailer::Base.delivery_method = :test
 
-def get_keygrip(uid)
-  `gpg --list-secret-keys --with-colons #{uid} 2>&1`.lines.grep(/^grp/).first.split(':')[9]
-end
+class MailGpgTestCase < Test::Unit::TestCase
+  def setup
+    @gpg_utils = GPGTestUtils.new(ENV['GPG_BIN'])
+    @gpg_utils.setup
+  end
 
-# Test for and set up GnuPG v2.1
-gpg_engine = GPGME::Engine.info.find {|e| e.protocol == GPGME::PROTOCOL_OpenPGP }
-if Gem::Version.new(gpg_engine.version) >= Gem::Version.new("2.1.0")
-  GPG21 = true
-  libexecdir = `gpgconf --list-dir`.lines.grep(/^libexecdir:/).first.split(':').last.strip
-  GPPBIN = File.join(libexecdir, 'gpg-preset-passphrase')
-  KEYGRIP_JANE = get_keygrip('jane@foo.bar')
-  KEYGRIP_JOE = get_keygrip('joe@foo.bar')
-else
-  GPG21 = false
+  def set_passphrase(*args)
+    @gpg_utils.set_passphrase(*args)
+  end
 end
 
-# Put passphrase into gpg-agent (required with GnuPG v2).
-def set_passphrase(passphrase)
-  if GPG21
-    ensure_gpg_agent
-    call_gpp(KEYGRIP_JANE, passphrase)
-    call_gpp(KEYGRIP_JOE, passphrase)
+class GPGTestUtils
+  attr_reader :gpg_engine
+
+  def initialize(gpg_bin = nil)
+    @home = File.join File.dirname(__FILE__), 'gpghome'
+    @gpg_bin = gpg_bin
+
+    ENV['GPG_AGENT_INFO'] = '' # disable gpg agent
+    ENV['GNUPGHOME'] = @home
+
+    if @gpg_bin
+      GPGME::Engine.set_info(GPGME::PROTOCOL_OpenPGP, @gpg_bin, @home)
+    else
+      GPGME::Engine.home_dir = @home
+    end
+
+    @gpg_engine = GPGME::Engine.info.find {|e| e.protocol == GPGME::PROTOCOL_OpenPGP }
+    @gpg_bin ||= @gpg_engine.file_name
+
+    if Gem::Version.new(@gpg_engine.version) >= Gem::Version.new("2.1.0")
+      @preset_passphrases = true
+    else
+      @preset_passphrases = false
+    end
   end
-end
 
-def ensure_gpg_agent
-  # Make sure the gpg-agent is running (doesn't start automatically when
-  # gpg-preset-passphrase is calling).
-  output = `gpgconf --launch gpg-agent 2>&1`
-  if ! output.empty?
-    $stderr.puts "Launching gpg-agent returned: #{output}"
+  def preset_passphrases?
+    !!@preset_passphrases
   end
-end
 
-def call_gpp(keygrip, passphrase)
-  output, status = Open3.capture2e(GPPBIN, '--homedir', ENV['GNUPGHOME'], '--preset', keygrip, {stdin_data: passphrase})
-  if ! output.empty?
-    $stderr.puts "#{GPPBIN} returned status #{status.exitstatus}: #{output}"
+  def setup
+    gen_keys unless File.directory? @home
+
+    if @preset_passphrases
+      libexecdir = `gpgconf --list-dir`.lines.grep(/^libexecdir:/).first.split(':').last.strip
+      @gpp_bin = File.join(libexecdir, 'gpg-preset-passphrase')
+      @keygrip_jane = get_keygrip('jane@foo.bar')
+      @keygrip_joe = get_keygrip('joe@foo.bar')
+    end
+
+  end
+
+  def gen_keys
+    puts "setting up keydir #{@home}"
+    FileUtils.mkdir_p @home
+    (File.open(File.join(@home, "gpg-agent.conf"), "wb") << "allow-preset-passphrase\nbatch\n").close
+    GPGME::Ctx.new do |gpg|
+      gpg.generate_key <<-END
+<GnupgKeyParms format="internal">
+  Key-Type: DSA
+  Key-Length: 1024
+  Subkey-Type: ELG-E
+  Subkey-Length: 1024
+  Name-Real: Joe Tester
+  Name-Comment: with stupid passphrase
+  Name-Email: joe@foo.bar
+  Expire-Date: 0
+  Passphrase: abc
+</GnupgKeyParms>
+END
+      gpg.generate_key <<-END
+<GnupgKeyParms format="internal">
+  Key-Type: DSA
+  Key-Length: 1024
+  Subkey-Type: ELG-E
+  Subkey-Length: 1024
+  Name-Real: Jane Doe
+  Name-Comment: with stupid passphrase
+  Name-Email: jane@foo.bar
+  Expire-Date: 0
+  Passphrase: abc
+</GnupgKeyParms>
+END
+    end
+  end
+
+  # Put passphrase into gpg-agent (required with GnuPG v2).
+  def set_passphrase(passphrase)
+    if preset_passphrases?
+      ensure_gpg_agent
+      call_gpp(@keygrip_jane, passphrase)
+      call_gpp(@keygrip_joe, passphrase)
+    end
+  end
+
+  private
+
+  def get_keygrip(uid)
+    output = `#{@gpg_bin} --list-secret-keys --with-keygrip --with-colons #{uid} 2>&1`
+    if line = output.lines.grep(/^grp/).first
+      line.split(':')[9]
+    else
+      puts "malformed key list output:\n#{output}"
+      raise
+    end
+  end
+
+  def ensure_gpg_agent
+    # Make sure the gpg-agent is running (doesn't start automatically when
+    # gpg-preset-passphrase is calling).
+    output = `gpgconf --launch gpg-agent 2>&1`
+    if ! output.empty?
+      $stderr.puts "Launching gpg-agent returned: #{output}"
+    end
+  end
+
+  def call_gpp(keygrip, passphrase)
+    output, status = Open3.capture2e(@gpp_bin, '--homedir', ENV['GNUPGHOME'], '--preset', keygrip, {stdin_data: passphrase})
+    if ! output.empty?
+      $stderr.puts "#{@gpp_bin} returned status #{status.exitstatus}: #{output}"
+    end
   end
 end
+
+gpg_utils = GPGTestUtils.new(ENV['GPG_BIN'])
+v = Gem::Version.new(gpg_utils.gpg_engine.version)
+if v >= Gem::Version.new("2.1.0")
+  puts "Running with GPG >= 2.1"
+elsif v >= Gem::Version.new("2.0.0")
+  puts "Running with GPG 2.0, this isn't going well since we cannot set passphrases non-interactively"
+else
+  puts "Running with GPG < 2.0"
+end
+gpg_utils.setup
+

data/test/version_part_test.rb

@@ -1,32 +1,32 @@
 require 'test_helper'
 require 'mail/gpg/version_part'
 
-class VersionPartTest < Test::Unit::TestCase
+class VersionPartTest < MailGpgTestCase
   context 'VersionPart' do
 
     should 'roundtrip successfully' do
       part = Mail::Gpg::VersionPart.new()
       assert Mail::Gpg::VersionPart.isVersionPart?(part)
     end
-    
+
     should 'return false for non gpg mime type' do
       part = Mail::Gpg::VersionPart.new()
       part.content_type = 'text/plain'
       assert !Mail::Gpg::VersionPart.isVersionPart?(part)
     end
-    
+
     should 'return false for empty body' do
       part = Mail::Gpg::VersionPart.new()
       part.body = nil
       assert !Mail::Gpg::VersionPart.isVersionPart?(part)
     end
-    
+
     should 'return false for foul body' do
       part = Mail::Gpg::VersionPart.new()
       part.body = 'non gpg body'
       assert !Mail::Gpg::VersionPart.isVersionPart?(part)
     end
-    
+
     should 'return true for body with extra content' do
       part = Mail::Gpg::VersionPart.new()
       part.body = "#{part.body} extra content"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mail-gpg
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.4.2
 platform: ruby
 authors:
 - Jens Kraemer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-04-13 00:00:00.000000000 Z
+date: 2019-09-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mail
@@ -56,14 +56,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: test-unit
   requirement: !ruby/object:Gem::Requirement
@@ -182,6 +182,7 @@ files:
 - test/gpghome/random_seed
 - test/gpghome/secring.gpg
 - test/gpghome/trustdb.gpg
+- test/gpgme_helper_test.rb
 - test/hkp_test.rb
 - test/inline_decrypted_message_test.rb
 - test/inline_signed_message_test.rb
@@ -209,7 +210,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: GPG/MIME encryption plugin for the Ruby Mail Library
@@ -224,6 +225,7 @@ test_files:
 - test/gpghome/random_seed
 - test/gpghome/secring.gpg
 - test/gpghome/trustdb.gpg
+- test/gpgme_helper_test.rb
 - test/hkp_test.rb
 - test/inline_decrypted_message_test.rb
 - test/inline_signed_message_test.rb