monkeysign issueshttps://0xacab.org/monkeysphere/monkeysign/-/issues2019-01-19T05:11:39Zhttps://0xacab.org/monkeysphere/monkeysign/-/issues/65monkeysign fails to send certifications of User IDs that lack an e-mail-address2019-01-19T05:11:39Zdkgmonkeysign fails to send certifications of User IDs that lack an e-mail-addresssome keys, like 25FC1614B8F87B52FF2F99B962AF4031C82E0039, have a user ID that has no e-mail address.
If the user indicates that they intend to certify that user ID, its certification should be attached to any other certification that *c...some keys, like 25FC1614B8F87B52FF2F99B962AF4031C82E0039, have a user ID that has no e-mail address.
If the user indicates that they intend to certify that user ID, its certification should be attached to any other certification that *can* be sent -- so the certifications are sent in tandem.
So for example, if an OpenPGP certificate looks like:
uid 0: Alice Jones
uid 1: Alice Jones <alice@example.net>
uid 2: Alice Jones (CEO) <boss@example.biz>
then the e-mail that goes to `alice@example.net` should contain the certification for User IDs 0 and 1, and the e-mail that goes to `boss@example.biz` should contain the certification for User IDs 0 and 2.
That way, if the recipient gets any of the e-mails, they can see a certification over the user ID that has no e-mail address.
What monkeysign currently does in the above scenario is to try to send the certification of User ID 0 to "Alice Jones", which is typically treated as a bogus e-mail address and gets bounced.
The behavior i'm proposing is how caff handles this kind of User ID, fwiw.https://0xacab.org/monkeysphere/monkeysign/-/issues/63Cannot specify signing user2017-03-30T12:18:52ZmicahCannot specify signing userIn 2.2.3 of monkeysign if I try to specify a key to sign with, it fails:
```
$ monkeysign -u 8CBF9A322861A790 <keyid to sign>
monkeysign: error: too few arguments
```
I've tried every combination I could think of to make that work, but...In 2.2.3 of monkeysign if I try to specify a key to sign with, it fails:
```
$ monkeysign -u 8CBF9A322861A790 <keyid to sign>
monkeysign: error: too few arguments
```
I've tried every combination I could think of to make that work, but couldn't find one.simonftsimonfthttps://0xacab.org/monkeysphere/monkeysign/-/issues/62configuration format not explained in man page2018-02-15T09:52:05ZLeLutinconfiguration format not explained in man pageI'm really excited about the new configuration files. now I don't have to specify smtp server and user on every call!
however finding the configuration file format was not obvious at first. I was looking at the man page which only says ...I'm really excited about the new configuration files. now I don't have to specify smtp server and user on every call!
however finding the configuration file format was not obvious at first. I was looking at the man page which only says that two files are parsed by default.
the format is explained in the online documentation, so it would be great to somehow copy this explanation to man pages.
maybe in a monkeysign.conf(5) man page? then this page could be mentioned in the "SEE ALSO" section of the monkeysign page. or it could just be added to the currently existing man page since it's not really big.https://0xacab.org/monkeysphere/monkeysign/-/issues/60Add option to set signature expiration2018-02-15T09:52:05ZMuri NicanorAdd option to set signature expirationit would be great if monkeysign could be used to sign keys with an expiring signature. there could even be a default value for an expiration date that matches the expiration date of the key that is being signed (or 1y if the key has no e...it would be great if monkeysign could be used to sign keys with an expiring signature. there could even be a default value for an expiration date that matches the expiration date of the key that is being signed (or 1y if the key has no expiration date)https://0xacab.org/monkeysphere/monkeysign/-/issues/58monkeysign crashes when trying to sign key that has no encryption capability ...2016-10-23T17:46:13ZMuri Nicanormonkeysign crashes when trying to sign key that has no encryption capability or subkeyWhen i try to sign the tails signing key, monkeysign crashes (looked here and on bugs.d.o, but didn't find that issue)
## Expected behavior
either a warning, that a the key can not be signed or monkeysign signing the key without encryp...When i try to sign the tails signing key, monkeysign crashes (looked here and on bugs.d.o, but didn't find that issue)
## Expected behavior
either a warning, that a the key can not be signed or monkeysign signing the key without encrypting it
## Actual behavior
```
Signing the following key
pub [unknown] 4096R/58ACD84F 1421590671 [expiry: 2018-01-11 13:49:04]
Fingerprint = A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F
uid 1 [unknown] Tails developers (offline long-term identity key) <tails@boum.org>
uid 2 [unknown] Tails developers <tails@boum.org>
sub 4096R/752A3DB6 1421590835 [expiry: 2018-01-11 13:49:20]
sub 4096R/A0EDAA41 1472561457 [expiry: 2018-01-11 13:50:57]
sub 4096R/56987A65 1421590930 [expiry: 2016-01-11 15:22:10]
sub 4096R/2F699C56 1421595116 [expiry: 2018-01-11 13:49:36]
Sign all identities? [y/N]
Choose the identity to sign (1-2 or full UID, control-c to abort): 1
Really sign key? [y/N] y
Exception OSError: OSError(2, 'No such file or directory') in <bound method TempKeyring.__del__ of <monkeysign.gpg.TempKeyring instance at 0x7fc58b1e07e8>> ignored
[Errno 2] encryption to A490D0F4D311A4153E2BB7CADBB802B258ACD84F failed: gpg: [stdin]: encryption failed: Unusable public key.
```
## Steps to reproduce
```
monkeysign A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F --mua --debug
```
(don't know how to copy the debug output, the tails signing key is preeetty big and my terminal buffter doesn't go back that far, but here is the last bit:)
```
-----END PGP PUBLIC KEY BLOCK-----
stderr: [GNUPG:] EXPORTED A490D0F4D311A4153E2BB7CADBB802B258ACD84F
[GNUPG:] EXPORT_RES 1 0 1
Monkeysign: 2.2.1
Load path: /usr/lib/python2.7/dist-packages/monkeysign
CPython: 2.7.12+ (GCC 6.2.0 20160927 default Sep 1 2016 20:27:38)
Kernel: Linux tekla 4.7.0-1-amd64 #1 SMP Debian 4.7.6-1 (2016-10-07) x86_64
Operating system: debian stretch/sid (Linux)
PID: 8112, CWD: /home/muri
Command: ['/usr/bin/monkeysign', 'A490', 'D0F4', 'D311', 'A415', '3E2B', 'B7CA', 'DBB8', '02B2', '58AC', 'D84F', '--mua', '--debug']
GnuPG: 2.1.15
deleting the temporary keyring /tmp/pygpg-6LNXPo
Traceback (most recent call last):
File "/usr/bin/monkeysign", line 41, in <module>
u.main()
File "/usr/lib/python2.7/dist-packages/monkeysign/cli.py", line 73, in main
self.export_key()
File "/usr/lib/python2.7/dist-packages/monkeysign/ui.py", line 624, in export_key
return self.sendmail(msg)
File "/usr/lib/python2.7/dist-packages/monkeysign/ui.py", line 677, in sendmail
msg.keyfpr)
File "/usr/lib/python2.7/dist-packages/monkeysign/gpg.py", line 456, in encrypt_data
raise GpgRuntimeError(self.context.returncode, _('encryption to %s failed: %s.') % (recipient, self.context.stderr.split("\n")[-2]))
monkeysign.gpg.GpgRuntimeError: [Errno 2] encryption to A490D0F4D311A4153E2BB7CADBB802B258ACD84F failed: gpg: [stdin]: encryption failed: Unusable public key.
```
## Testsuite output
> Please paste the output of `monkeysign --test` here:
```
monkeysign --test 1 ↵
..Exception OSError: OSError(2, 'No such file or directory') in <bound method TempKeyring.__del__ of <monkeysign.gpg.TempKeyring instance at 0x7f7db0e8e248>> ignored
....................pub [unknown] 1024R/96F47C6A 1342795252
Fingerprint = 3F94 240C 918E 6359 0B04 152E 86E4 E70A 96F4 7C6A
uid 1 [unknown] Second Test Key <unittests@monkeysphere.info>
uid 2 [unknown] Test Key <foo@example.com>
sub 1024R/14B46386 1342795252
.............pub [empty] 1024R/4023702F 1110320887 [expiry: 2010-03-13 00:56:20]
Fingerprint = C9E1 F123 0DBE 47D5 7BAB 3C60 5860 73B3 4023 702F
uid 1 [empty] The Anarcat <anarcat@anarcat.ath.cx>
sub 2048R/EB8D47BB 1110320966
.xx.Exception OSError: OSError(2, 'No such file or directory') in <bound method TempKeyring.__del__ of <monkeysign.gpg.TempKeyring instance at 0x7f7db0e96320>> ignored
....Exception OSError: OSError(2, 'No such file or directory') in <bound method TempKeyring.__del__ of <monkeysign.gpg.TempKeyring instance at 0x7f7db0dcdd88>> ignored
.Exception OSError: OSError(2, 'No such file or directory') in <bound method TempKeyring.__del__ of <monkeysign.gpg.TempKeyring instance at 0x7f7db0dc38c0>> ignored
..Exception OSError: OSError(2, 'No such file or directory') in <bound method TempKeyring.__del__ of <monkeysign.gpg.TempKeyring instance at 0x7f7db0de95f0>> ignored
.Exception OSError: OSError(2, 'No such file or directory') in <bound method TempKeyring.__del__ of <monkeysign.gpg.TempKeyring instance at 0x7f7db0d6d638>> ignored
....Exception OSError: OSError(2, 'No such file or directory') in <bound method TempKeyring.__del__ of <monkeysign.gpg.TempKeyring instance at 0x7f7db0d80f38>> ignored
...^C
```
(killed the test after 10 minutes- if you need it, i can do a full run and paste the output, but i have some problems with accessing keyservers at the moment, which makes it run for a very long time)
## Environment details
```
Monkeysign: 2.2.1
Load path: /usr/lib/python2.7/dist-packages/monkeysign
CPython: 2.7.12+ (GCC 6.2.0 20160927 default Sep 1 2016 20:27:38)
Kernel: Linux tekla 4.7.0-1-amd64 #1 SMP Debian 4.7.6-1 (2016-10-07) x86_64
Operating system: debian stretch/sid (Linux)
PID: 9110, CWD: /home/muri
Command: ['/usr/bin/monkeysign', '--version']
GnuPG: 2.1.15
```
installed via debian package
thanks for monkeysign!https://0xacab.org/monkeysphere/monkeysign/-/issues/55Don't show the option to sign revoked subkeys2017-04-06T18:50:01ZsimonftDon't show the option to sign revoked subkeysI can't think of a reason someone would want to sign a revoked subkey, so the option to sign them shouldn't be shown in the CLI or GUI interfaces.
Possibly the same should apply to expired keys.I can't think of a reason someone would want to sign a revoked subkey, so the option to sign them shouldn't be shown in the CLI or GUI interfaces.
Possibly the same should apply to expired keys.Monkeysign 2.3.0simonftsimonfthttps://0xacab.org/monkeysphere/monkeysign/-/issues/48make a screencast?2016-09-26T14:25:41Zanarcatmake a screencast?it would be useful to have a video explaining how we use monkeysign, and maybe how it interoperates with other software like OpenKeychain.it would be useful to have a video explaining how we use monkeysign, and maybe how it interoperates with other software like OpenKeychain.https://0xacab.org/monkeysphere/monkeysign/-/issues/47build manpages with sphinx2018-02-15T09:52:05Zanarcatbuild manpages with sphinxright now, we have this terrible system to build manpages that is based on dealing with the `argparse` Python library. it is obscure, doesn't work very well and can't manage to build mutliple manpages cleanly since we ported from `optpar...right now, we have this terrible system to build manpages that is based on dealing with the `argparse` Python library. it is obscure, doesn't work very well and can't manage to build mutliple manpages cleanly since we ported from `optparse`.
maybe it would be better to just generate manapages from the `usage` documentation. the following makes a pretty nice manpage:
```
diff --git a/doc/conf.py b/doc/conf.py
index 3022103..de18650 100644
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -238,7 +238,7 @@
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
- ('index', 'monkeysign', u'Monkeysign Documentation',
+ ('usage', 'monkeysign', u'Monkeysign Documentation',
[u'Antoine Beaupré'], 1)
]
```
but it lacks the parameters documented in `--help`.
borg uses a custom command to generate RST usage files for their main documentation. see their `build_usage` command: https://github.com/borgbackup/borg/blob/master/setup.py#L156
we could reuse that to build a usage file that could be included in a hand-maintained documentation. right now it's a horrible mess.Monkeysign 2.3.0https://0xacab.org/monkeysphere/monkeysign/-/issues/46From: of mail gets set to $user@localhost2017-04-06T18:50:01ZgeorgFrom: of mail gets set to $user@localhostAs discussed in #39, on my machine the `From:` gets set to `georg@localhost`. The `uid` of the key looks fairly standard:
```gpg --list-keys georg@riseup.net | grep uid
uid georg@riseup.net <georg@riseup.net>```
Shoul...As discussed in #39, on my machine the `From:` gets set to `georg@localhost`. The `uid` of the key looks fairly standard:
```gpg --list-keys georg@riseup.net | grep uid
uid georg@riseup.net <georg@riseup.net>```
Should I try to debug this further?Monkeysign 2.3.0https://0xacab.org/monkeysphere/monkeysign/-/issues/42Keep camera frame containing qr-code for safekeeping2018-02-15T09:52:05ZJerome CharaouiKeep camera frame containing qr-code for safekeepingIt would be awesome if Monkeysign would, by default, keep a copy of qr-codes containing fingerprints of keys being signed.
Here's a little snippet demonstrating how to use OpenCV and zbar to do that: https://0xacab.org/snippets/4
As a ...It would be awesome if Monkeysign would, by default, keep a copy of qr-codes containing fingerprints of keys being signed.
Here's a little snippet demonstrating how to use OpenCV and zbar to do that: https://0xacab.org/snippets/4
As a bonus, it uses zbar data to visually identify the qr-code containing the fingerprint in the saved image. This probably eliminates an attack scenario where a bad qr-code would be placed behind the user in an attempt to have the wrong key signed.
Obviously, the difficult part is integrating this in a the GTK UI. Probably this will be easier after #21 is fixed.Monkeysign 3.0.0https://0xacab.org/monkeysphere/monkeysign/-/issues/41make preferences window user friendly2017-04-06T18:50:00Zanarcatmake preferences window user friendlyThe current preferences window is incredibly ugly and basically unusable for the average monkey. It works, but it's more a prototype than anything functional.
Some UI design would improve it a lot. Right now, we just suck in all options...The current preferences window is incredibly ugly and basically unusable for the average monkey. It works, but it's more a prototype than anything functional.
Some UI design would improve it a lot. Right now, we just suck in all options from the commandline config, that's not so great. We could affort to hardcode options in there and create a better design.
This is a followup to #20.Monkeysign 2.3.0simonftsimonfthttps://0xacab.org/monkeysphere/monkeysign/-/issues/31encode a "can you keep my picture" in the qrcode2018-02-15T09:52:05ZJerome Charaouiencode a "can you keep my picture" in the qrcode*Imported from bugseverywhere, created on 2013-10-20**Imported from bugseverywhere, created on 2013-10-20*Monkeysign 3.0.0https://0xacab.org/monkeysphere/monkeysign/-/issues/27merge the signing prompts2018-02-15T09:52:05ZJerome Charaouimerge the signing prompts*Imported from bugseverywhere, created on 2013-10-20**Imported from bugseverywhere, created on 2013-10-20*https://0xacab.org/monkeysphere/monkeysign/-/issues/26wizard? add explanations on what will happen2018-02-15T09:52:05ZJerome Charaouiwizard? add explanations on what will happen*Imported from bugseverywhere, created on 2013-10-20**Imported from bugseverywhere, created on 2013-10-20*Monkeysign 3.0.0https://0xacab.org/monkeysphere/monkeysign/-/issues/24reuse tactical tech's security-in-a-box PGP training material2018-02-15T09:52:05ZJerome Charaouireuse tactical tech's security-in-a-box PGP training material*Imported from bugseverywhere, created on 2013-10-20**Imported from bugseverywhere, created on 2013-10-20*https://0xacab.org/monkeysphere/monkeysign/-/issues/22merge with python-gnupg2018-02-15T09:52:05ZJerome Charaouimerge with python-gnupg*Imported from bugseverywhere, created on 2013-10-20**Imported from bugseverywhere, created on 2013-10-20*Monkeysign 3.0.0https://0xacab.org/monkeysphere/monkeysign/-/issues/21port to GTK 32018-06-18T15:44:16ZJerome Charaouiport to GTK 3*Imported from bugseverywhere, created on 2013-12-01**Imported from bugseverywhere, created on 2013-12-01*Monkeysign 3.0.0https://0xacab.org/monkeysphere/monkeysign/-/issues/19batch mode2018-02-15T09:52:05ZJerome Charaouibatch mode*Imported from bugseverywhere, created on 2013-10-20**Imported from bugseverywhere, created on 2013-10-20*Monkeysign 3.0.0https://0xacab.org/monkeysphere/monkeysign/-/issues/18windows port2018-02-15T09:52:05ZJerome Charaouiwindows port*Imported from bugseverywhere, created on 2013-10-20**Imported from bugseverywhere, created on 2013-10-20*Monkeysign 3.0.0https://0xacab.org/monkeysphere/monkeysign/-/issues/17merge the monkeysign and monkeyscan binaries2018-02-15T09:52:05ZJerome Charaouimerge the monkeysign and monkeyscan binaries*Imported from bugseverywhere, created on 2013-10-20**Imported from bugseverywhere, created on 2013-10-20*