[elisp/epg.git] / epg.el

;;; epg.el --- EasyPG, yet another GnuPG interface.
;; Copyright (C) 1999, 2000, 2002, 2003, 2004,
;;   2005, 2006 Free Software Foundation, Inc.
;; Copyright (C) 2006 Daiki Ueno

;; Author: Daiki Ueno <ueno@unixuser.org>
;; Keywords: PGP, GnuPG

;; This file is part of EasyPG.

;; This program is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation; either version 2, or (at your option)
;; any later version.

;; This program is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;; GNU General Public License for more details.

;; You should have received a copy of the GNU General Public License
;; along with GNU Emacs; see the file COPYING.  If not, write to the
;; Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
;; Boston, MA 02110-1301, USA.

;;; Code:

(defgroup epg ()
  "EasyPG, yet another GnuPG interface.")

(defcustom epg-gpg-program "gpg"
  "The `gpg' executable."
  :group 'epg
  :type 'string)

(defvar epg-user-id nil
  "GnuPG ID of your default identity.")

(defvar epg-user-id-alist nil
  "An alist mapping from key ID to user ID.")

(defvar epg-read-point nil)
(defvar epg-pending-status-list nil)
(defvar epg-key-id nil)
(defvar epg-context nil)
(defvar epg-debug nil)

(defvar epg-colons-pub-spec
  '((trust "[^:]")
    (length "[0-9]+" 0 string-to-number)
    (algorithm "[0-9]+" 0 string-to-number)
    (key-id "[^:]+")
    (creation-date "[0-9]+")
    (expiration-date "[0-9]+")
    nil
    (ownertrust "[^:]")
    nil
    nil
    (capability "[escaESCA]*"))
  "The schema of keylisting output whose type is \"pub\".
This is used by `epg-list-keys'.")

(defvar epg-colons-sec-spec
  '((trust "[^:]")
    (length "[0-9]+" 0 string-to-number)
    (algorithm "[0-9]+" 0 string-to-number)
    (key-id "[^:]+")
    (creation-date "[0-9]+")
    (expiration-date "[0-9]+")
    nil
    (ownertrust "[^:]"))
"The schema of keylisting output whose type is \"sec\".
This is used by `epg-list-keys'.")

(defvar epg-colons-uid-spec
  '((trust "[^:]")
    nil
    nil
    nil
    (creation-date "[0-9]+")
    (expiration-date "[0-9]+")
    (hash "[^:]+")
    nil
    (user-id "[^:]+"))
  "The schema of keylisting output whose type is \"uid\".
This is used by `epg-list-keys'.")

(defvar epg-prompt-alist nil)

(defun epg-make-data-from-file (file)
  "Make a data object from FILE."
  (vector file nil))

(defun epg-make-data-from-string (string)
  "Make a data object from STRING."
  (vector nil string))

(defun epg-data-file (data)
  "Return the file of DATA."
  (aref data 0))

(defun epg-data-string (data)
  "Return the string of DATA."
  (aref data 1))

(defun epg-make-context (&optional protocol armor textmode include-certs)
  "Return a context object."
  (vector protocol armor textmode include-certs
          #'epg-passphrase-callback-function
          #'epg-progress-callback-function
          nil nil nil nil))

(defun epg-context-protocol (context)
  "Return the protocol used within the context."
  (aref context 0))

(defun epg-context-armor (context)
  "Return t if the output shouled be ASCII armored in the CONTEXT context."
  (aref context 1))

(defun epg-context-textmode (context)
  "Return t if canonical text mode should be used in the CONTEXT context."
  (aref context 2))

(defun epg-context-include-certs (context)
  "Return how many certificates should be included in an S/MIME signed
message."
  (aref context 3))

(defun epg-context-passphrase-callback (context)
  "Return the function used to query passphrase."
  (aref context 4))

(defun epg-context-progress-callback (context)
  "Return the function which handles progress update."
  (aref context 5))

(defun epg-context-signers (context)
  "Return the list of key-id for singning."
  (aref context 6))

(defun epg-context-process (context)
  "Return the process object of `epg-gpg-program'.
This function is for internal use only."
  (aref context 7))

(defun epg-context-output-file (context)
  "Return the output file of `epg-gpg-program'.
This function is for internal use only."
  (aref context 8))

(defun epg-context-result (context)
  "Return the result of the previous cryptographic operation."
  (aref context 9))

(defun epg-context-set-protocol (context protocol)
  "Set the protocol used within the context."
  (aset context 0 protocol))

(defun epg-context-set-armor (context armor)
  "Specify if the output shouled be ASCII armored in the CONTEXT context."
  (aset context 1 armor))

(defun epg-context-set-textmode (context textmode)
  "Specify if canonical text mode should be used in the CONTEXT context."
  (aset context 2 textmode))

(defun epg-context-set-include-certs (context include-certs)
 "Set how many certificates should be included in an S/MIME signed message."
  (aset context 3 include-certs))

(defun epg-context-set-passphrase-callback (context
                                                 passphrase-callback)
  "Set the function used to query passphrase."
  (aset context 4 passphrase-callback))

(defun epg-context-set-progress-callback (context progress-callback)
  "Set the function which handles progress update."
  (aset context 5 progress-callback))

(defun epg-context-set-signers (context signers)
 "Set the list of key-id for singning."
  (aset context 6 signers))

(defun epg-context-set-process (context process)
  "Set the process object of `epg-gpg-program'.
This function is for internal use only."
  (aset context 7 process))

(defun epg-context-set-output-file (context output-file)
  "Set the output file of `epg-gpg-program'.
This function is for internal use only."
  (aset context 8 output-file))

(defun epg-context-set-result (context result)
  "Set the result of the previous cryptographic operation."
  (aset context 9 result))

(defun epg-make-signature (status key-id user-id)
  "Return a signature object."
  (vector status key-id user-id nil nil))

(defun epg-signature-status (signature)
  "Return the status code of SIGNATURE."
  (aref signature 0))

(defun epg-signature-key-id (signature)
  "Return the key-id of SIGNATURE."
  (aref signature 1))

(defun epg-signature-user-id (signature)
  "Return the user-id of SIGNATURE."
  (aref signature 2))
  
(defun epg-signature-validity (signature)
  "Return the validity of SIGNATURE."
  (aref signature 3))

(defun epg-signature-fingerprint (signature)
  "Return the fingerprint of SIGNATURE."
  (aref signature 4))

(defun epg-signature-set-status (signature status)
 "Set the status code of SIGNATURE."
  (aset signature 0 status))

(defun epg-signature-set-key-id (signature key-id)
 "Set the key-id of SIGNATURE."
  (aset signature 1 key-id))

(defun epg-signature-set-user-id (signature user-id)
 "Set the user-id of SIGNATURE."
  (aset signature 2 user-id))
  
(defun epg-signature-set-validity (signature validity)
 "Set the validity of SIGNATURE."
  (aset signature 3 validity))

(defun epg-signature-set-fingerprint (signature fingerprint)
 "Set the fingerprint of SIGNATURE."
  (aset signature 4 fingerprint))

(defun epg-context-result-for (context name)
  (cdr (assq name (epg-context-result context))))

(defun epg-context-set-result-for (context name value)
  (let* ((result (epg-context-result context))
         (entry (assq name result)))
    (if entry
        (setcdr entry value)
      (epg-context-set-result context (cons (cons name value) result)))))

(defun epg-start (context args)
  "Start `epg-gpg-program' in a subprocess with given ARGS."
  (let* ((args (append (list "--no-tty"
                             "--status-fd" "1"
                             "--command-fd" "0"
                             "--yes") ; overwrite
                       (if (epg-context-armor context) '("--armor"))
                       (if (epg-context-textmode context) '("--textmode"))
                       (if (epg-context-output-file context)
                           (list "--output" (epg-context-output-file context)))
                       args))
         (coding-system-for-write 'binary)
         process-connection-type
         (orig-mode (default-file-modes))
         (buffer (generate-new-buffer " *epg*"))
         process)
    (with-current-buffer buffer
      (make-local-variable 'epg-read-point)
      (setq epg-read-point (point-min))
      (make-local-variable 'epg-pending-status-list)
      (setq epg-pending-status-list nil)
      (make-local-variable 'epg-key-id)
      (setq epg-key-id nil)
      (make-local-variable 'epg-context)
      (setq epg-context context))
    (unwind-protect
        (progn
          (set-default-file-modes 448)
          (setq process
                (apply #'start-process "epg" buffer epg-gpg-program args)))
      (set-default-file-modes orig-mode))
    (set-process-filter process #'epg-process-filter)
    (epg-context-set-process context process)))

(defun epg-process-filter (process input)
  (if epg-debug
      (save-excursion
        (set-buffer (get-buffer-create  " *epg-debug*"))
        (goto-char (point-max))
        (insert input)))
  (if (buffer-live-p (process-buffer process))
      (save-excursion
        (set-buffer (process-buffer process))
        (goto-char (point-max))
        (insert input)
        (goto-char epg-read-point)
        (beginning-of-line)
        (while (looking-at ".*\n")      ;the input line is finished
          (save-excursion
            (if (looking-at "\\[GNUPG:] \\([A-Z_]+\\) ?\\(.*\\)")
                (let* ((status (match-string 1))
                       (string (match-string 2))
                       (symbol (intern-soft (concat "epg-status-" status))))
                  (if (member status epg-pending-status-list)
                      (setq epg-pending-status-list nil))
                  (if (and symbol
                           (fboundp symbol))
                      (funcall symbol process string)))))
          (forward-line))
        (setq epg-read-point (point)))))

(defun epg-read-output (context)
  (with-temp-buffer
    (if (fboundp 'set-buffer-multibyte)
        (set-buffer-multibyte nil))
    (if (file-exists-p (epg-context-output-file context))
        (let ((coding-system-for-read (if (epg-context-textmode context)
                                          'raw-text
                                        'binary)))
          (insert-file-contents (epg-context-output-file context))
          (buffer-string)))))

(defun epg-wait-for-status (context status-list)
  (with-current-buffer (process-buffer (epg-context-process context))
    (setq epg-pending-status-list status-list)
    (while (and (eq (process-status (epg-context-process context)) 'run)
                epg-pending-status-list)
      (accept-process-output (epg-context-process context) 1))))

(defun epg-wait-for-completion (context)
  (if (eq (process-status (epg-context-process context)) 'run)
      (process-send-eof (epg-context-process context)))
  (while (eq (process-status (epg-context-process context)) 'run)
    ;; We can't use accept-process-output instead of sit-for here
    ;; because it may cause an interrupt during the sentinel execution.
    (sit-for 0.1)))

(defun epg-reset (context)
  (if (and (epg-context-process context)
           (buffer-live-p (process-buffer (epg-context-process context))))
      (kill-buffer (process-buffer (epg-context-process context))))
  (epg-context-set-process context nil))

(defun epg-delete-output-file (context)
  (if (and (epg-context-output-file context)
           (file-exists-p (epg-context-output-file context)))
      (delete-file (epg-context-output-file context))))

(defun epg-status-USERID_HINT (process string)
  (if (string-match "\\`\\([^ ]+\\) \\(.*\\)" string)
      (let* ((key-id (match-string 1 string))
             (user-id (match-string 2 string))
             (entry (assoc key-id epg-user-id-alist)))
        (if entry
            (setcdr entry user-id)
          (setq epg-user-id-alist (cons (cons key-id user-id)
                                        epg-user-id-alist))))))

(defun epg-status-NEED_PASSPHRASE (process string)
  (if (string-match "\\`\\([^ ]+\\)" string)
      (setq epg-key-id (match-string 1 string))))

(defun epg-status-NEED_PASSPHRASE_SYM (process string)
  (setq epg-key-id 'SYM))

(defun epg-status-NEED_PASSPHRASE_PIN (process string)
  (setq epg-key-id 'PIN))

(defun epg-status-GET_HIDDEN (process string)
  (let ((passphrase
         (funcall (if (consp (epg-context-passphrase-callback epg-context))
                      (car (epg-context-passphrase-callback epg-context))
                    (epg-context-passphrase-callback epg-context))
                  epg-key-id
                  (if (consp (epg-context-passphrase-callback epg-context))
                      (cdr (epg-context-passphrase-callback epg-context)))))
        string)
    (if passphrase
        (unwind-protect
            (progn
              (setq string (concat passphrase "\n"))
              (fillarray passphrase 0)
              (setq passphrase nil)
              (process-send-string process string))
          (if string
              (fillarray string 0))))))

(defun epg-status-GET_BOOL (process string)
  (let ((entry (assoc string epg-prompt-alist)))
    (if (y-or-n-p (if entry (cdr entry) (concat string "? ")))
        (process-send-string process "y\n")
      (process-send-string process "n\n"))))

(defun epg-status-GET_LINE (process string)
  (let* ((entry (assoc string epg-prompt-alist))
         (string (read-string (if entry (cdr entry) (concat string ": ")))))
    (process-send-string process (concat string "\n"))))

(defun epg-status-GOODSIG (process string)
  (if (string-match "\\`\\([^ ]+\\) \\(.*\\)" string)
      (epg-context-set-result-for
       epg-context
       'verify
       (cons (epg-make-signature 'good
                                 (match-string 1 string)
                                 (match-string 2 string))
             (epg-context-result-for epg-context 'verify)))))

(defun epg-status-EXPSIG (process string)
  (if (string-match "\\`\\([^ ]+\\) \\(.*\\)" string)
      (epg-context-set-result-for
       epg-context
       'verify
       (cons (epg-make-signature 'expired
                                 (match-string 1 string)
                                 (match-string 2 string))
             (epg-context-result-for epg-context 'verify)))))

(defun epg-status-EXPKEYSIG (process string)
  (if (string-match "\\`\\([^ ]+\\) \\(.*\\)" string)
      (epg-context-set-result-for
       epg-context
       'verify
       (cons (epg-make-signature 'expired-key
                                 (match-string 1 string)
                                 (match-string 2 string))
             (epg-context-result-for epg-context 'verify)))))

(defun epg-status-REVKEYSIG (process string)
  (if (string-match "\\`\\([^ ]+\\) \\(.*\\)" string)
      (epg-context-set-result-for
       epg-context
       'verify
       (cons (epg-make-signature 'revoked-key
                                 (match-string 1 string)
                                 (match-string 2 string))
             (epg-context-result-for epg-context 'verify)))))

(defun epg-status-BADSIG (process string)
  (if (string-match "\\`\\([^ ]+\\) \\(.*\\)" string)
      (epg-context-set-result-for
       epg-context
       'verify
       (cons (epg-make-signature 'bad
                                 (match-string 1 string)
                                 (match-string 2 string))
             (epg-context-result-for epg-context 'verify)))))

(defun epg-status-VALIDSIG (process string)
  (let ((signature (car (epg-context-result-for epg-context 'verify))))
    (if (and signature
             (eq (epg-signature-status signature) 'good)
             (string-match "\\`\\([^ ]+\\) " string))
        (epg-signature-set-fingerprint signature (match-string 1 string)))))

(defun epg-status-TRUST_UNDEFINED (process string)
  (let ((signature (car (epg-context-result-for epg-context 'verify))))
    (if (and signature
             (eq (epg-signature-status signature) 'good))
        (epg-signature-set-validity signature 'undefined))))

(defun epg-status-TRUST_NEVER (process string)
  (let ((signature (car (epg-context-result-for epg-context 'verify))))
    (if (and signature
             (eq (epg-signature-status signature) 'good))
        (epg-signature-set-validity signature 'never))))

(defun epg-status-TRUST_MARGINAL (process string)
  (let ((signature (car (epg-context-result-for epg-context 'verify))))
    (if (and signature
             (eq (epg-signature-status signature) 'marginal))
        (epg-signature-set-validity signature 'marginal))))

(defun epg-status-TRUST_FULLY (process string)
  (let ((signature (car (epg-context-result-for epg-context 'verify))))
    (if (and signature
             (eq (epg-signature-status signature) 'good))
        (epg-signature-set-validity signature 'fully))))

(defun epg-status-TRUST_ULTIMATE (process string)
  (let ((signature (car (epg-context-result-for epg-context 'verify))))
    (if (and signature
             (eq (epg-signature-status signature) 'good))
        (epg-signature-set-validity signature 'ultimate))))

(defun epg-status-PROGRESS (process string)
  (if (string-match "\\`\\([^ ]+\\) \\([^ ]\\) \\([0-9]+\\) \\([0-9]+\\)"
                    string)
      (funcall (if (consp (epg-context-progress-callback epg-context))
                   (car (epg-context-progress-callback epg-context))
                 (epg-context-progress-callback epg-context))
               (match-string 1 string)
               (match-string 2 string)
               (string-to-number (match-string 3 string))
               (string-to-number (match-string 4 string))
               (if (consp (epg-context-progress-callback epg-context))
                   (cdr (epg-context-progress-callback epg-context))))))

(defun epg-status-DECRYPTION_FAILED (process string)
  (epg-context-set-result-for
   epg-context 'error
   (cons 'decryption-failed
         (epg-context-result-for epg-context 'error))))

(defun epg-status-NODATA (process string)
  (epg-context-set-result-for
   epg-context 'error
   (cons (cons 'no-data (string-to-number string))
         (epg-context-result-for epg-context 'error))))

(defun epg-status-UNEXPECTED (process string)
  (epg-context-set-result-for
   epg-context 'error
   (cons (cons 'unexpected (string-to-number string))
         (epg-context-result-for epg-context 'error))))

(defun epg-status-KEYEXPIRED (process string)
  (epg-context-set-result-for
   epg-context 'error
   (cons (cons 'key-expired string)
         (epg-context-result-for epg-context 'error))))

(defun epg-status-KEYREVOKED (process string)
  (epg-context-set-result-for
   epg-context 'error
   (cons 'key-revoked
         (epg-context-result-for epg-context 'error))))

(defun epg-status-BADARMOR (process string)
  (epg-context-set-result-for
   epg-context 'error
   (cons 'bad-armor
         (epg-context-result-for epg-context 'error))))

(defun epg-passphrase-callback-function (key-id handback)
  (read-passwd
   (if (eq key-id 'SYM)
       "Passphrase for symmetric encryption: "
     (if (eq key-id 'PIN)
         "Passphrase for PIN: "
       (let ((entry (assoc key-id epg-user-id-alist)))
         (if entry
             (format "Passphrase for %s %s: " key-id (cdr entry))
           (format "Passphrase for %s: " key-id)))))))

(defun epg-progress-callback-function (what char current total handback)
  (message "%s: %d%%/%d%%" what current total))

(defun epg-list-keys (name &optional secret)
  "List keys associated with STRING."
  (let ((args (list "--with-colons" "--no-greeting" "--batch"
                    "--fixed-list-mode"
                    (if secret "--list-secret-keys" "--list-keys")
                    name))
        keys type symbol pointer)
    (with-temp-buffer
      (apply #'call-process epg-gpg-program nil (list t nil) nil args)
      (goto-char (point-min))
      (while (looking-at "\\([a-z][a-z][a-z]\\):\\(.*\\)")
        (setq type (match-string 1)
              symbol (intern-soft (format "epg-colons-%s-spec" type)))
        (if (member type '("pub" "sec"))
            (setq keys (cons nil keys)))
        (if (and symbol
                 (boundp symbol))
            (setcar keys (cons (cons (intern type)
                                     (epg-parse-colons
                                      (symbol-value symbol)
                                      (match-string 2)))
                               (car keys))))
        (forward-line)))
    (setq pointer keys)
    (while pointer
      (setcar pointer (nreverse (car pointer)))
      (setq pointer (cdr pointer)))
    (nreverse keys)))

(defun epg-parse-colons (alist string)
  (let ((index 0)
        result)
    (while (and alist
                (or (null (car alist))
                    (eq index
                        (string-match
                         (concat "\\(" (nth 1 (car alist)) "\\)?:")
                         string index))))
      (if (car alist)
          (progn
            (setq index (match-end 0))
            (if (match-beginning 1)
                (setq result
                      (cons (cons (car (car alist))
                                  (funcall (or (nth 3 (car alist)) #'identity)
                                           (match-string
                                            (1+ (or (nth 2 (car alist)) 0))
                                            string)))
                            result))))
        (setq index (1+ index)))
      (setq alist (cdr alist)))
    (nreverse result)))

(if (fboundp 'make-temp-file)
    (defalias 'epg-make-temp-file 'make-temp-file)
  ;; stolen from poe.el.
  (defun epg-make-temp-file (prefix)
    "Create a temporary file.
The returned file name (created by appending some random characters at the end
of PREFIX, and expanding against `temporary-file-directory' if necessary),
is guaranteed to point to a newly created empty file.
You can then use `write-region' to write new data into the file."
    (let (tempdir tempfile)
      (unwind-protect
          (let (file)
            ;; First, create a temporary directory.
            (while (condition-case ()
                       (progn
                         (setq tempdir (make-temp-name
                                        (concat
                                         (file-name-directory prefix)
                                         "DIR")))
                         ;; return nil or signal an error.
                         (make-directory tempdir))
                     ;; let's try again.
                     (file-already-exists t)))
            (set-file-modes tempdir 448)
            ;; Second, create a temporary file in the tempdir.
            ;; There *is* a race condition between `make-temp-name'
            ;; and `write-region', but we don't care it since we are
            ;; in a private directory now.
            (setq tempfile (make-temp-name (concat tempdir "/EMU")))
            (write-region "" nil tempfile nil 'silent)
            (set-file-modes tempfile 384)
            ;; Finally, make a hard-link from the tempfile.
            (while (condition-case ()
                       (progn
                         (setq file (make-temp-name prefix))
                         ;; return nil or signal an error.
                         (add-name-to-file tempfile file))
                     ;; let's try again.
                     (file-already-exists t)))
            file)
        ;; Cleanup the tempfile.
        (and tempfile
             (file-exists-p tempfile)
             (delete-file tempfile))
        ;; Cleanup the tempdir.
        (and tempdir
             (file-directory-p tempdir)
             (delete-directory tempdir))))))

;;;###autoload
(defun epg-start-decrypt (context cipher)
  "Initiate a decrypt operation on CIPHER.
CIPHER is a data object.

If you use this function, you will need to wait for the completion of
`epg-gpg-program' by using `epg-wait-for-completion' and call
`epg-reset' to clear a temporaly output file.
If you are unsure, use synchronous version of this function
`epg-decrypt-file' or `epg-decrypt-string' instead."
  (unless (epg-data-file cipher)
    (error "Not a file"))
  (epg-context-set-result context nil)
  (epg-start context (list "--decrypt" (epg-data-file cipher)))
  (epg-wait-for-status context '("BEGIN_DECRYPTION")))

;;;###autoload
(defun epg-decrypt-file (context cipher plain)
  "Decrypt a file CIPHER and store the result to a file PLAIN.
If PLAIN is nil, it returns the result as a string."
  (unwind-protect
      (progn
        (if plain
            (epg-context-set-output-file context plain)
          (epg-context-set-output-file context
                                       (epg-make-temp-file "epg-output")))
        (epg-start-decrypt context (epg-make-data-from-file cipher))
        (epg-wait-for-completion context)
        (if (epg-context-result-for context 'error)
            (error "Decryption failed"))
        (unless plain
          (epg-read-output context)))
    (unless plain
      (epg-delete-output-file context))
    (epg-reset context)))

;;;###autoload
(defun epg-decrypt-string (context cipher)
  "Decrypt a string CIPHER and return the plain text."
  (let ((input-file (epg-make-temp-file "epg-input"))
        (coding-system-for-write 'binary))
    (unwind-protect
        (progn
          (write-region cipher nil input-file)
          (epg-context-set-output-file context
                                       (epg-make-temp-file "epg-output"))
          (epg-start-decrypt context (epg-make-data-from-file input-file))
          (epg-wait-for-completion context)
          (if (epg-context-result-for context 'error)
              (error "Decryption failed"))
          (epg-read-output context))
      (epg-delete-output-file context)
      (if (file-exists-p input-file)
          (delete-file input-file))
      (epg-reset context))))

;;;###autoload
(defun epg-start-verify (context signature &optional signed-text)
  "Initiate a verify operation on SIGNATURE.
SIGNATURE and SIGNED-TEXT are a data object if they are specified.

For a detached signature, both SIGNATURE and SIGNED-TEXT should be set.
For a normal or a clear text signature, SIGNED-TEXT should be nil.

If you use this function, you will need to wait for the completion of
`epg-gpg-program' by using `epg-wait-for-completion' and call
`epg-reset' to clear a temporaly output file.
If you are unsure, use synchronous version of this function
`epg-verify-file' or `epg-verify-string' instead."
  (epg-context-set-result context nil)
  (if signed-text
      ;; Detached signature.
      (if (epg-data-file signed-text)
          (epg-start context (list "--verify" (epg-data-file signature)
                                   (epg-data-file signed-text)))
        (epg-start context (list "--verify" (epg-data-file signature) "-"))
        (if (eq (process-status (epg-context-process context)) 'run)
            (process-send-string (epg-context-process context)
                                 (epg-data-string signed-text))))
    ;; Normal (or cleartext) signature.
    (if (epg-data-file signature)
        (epg-start context (list "--verify" (epg-data-file signature)))
      (epg-start context (list "--verify"))
      (if (eq (process-status (epg-context-process context)) 'run)
          (process-send-string (epg-context-process context)
                               (epg-data-string signature))))))

;;;###autoload
(defun epg-verify-file (context signature &optional signed-text plain)
  "Verify a file SIGNATURE.
SIGNED-TEXT and PLAIN are also a file if they are specified.

For a detached signature, both SIGNATURE and SIGNED-TEXT should be string.
For a normal or a clear text signature, SIGNED-TEXT should be nil."
  (unwind-protect
      (progn
        (if plain
            (epg-context-set-output-file context plain)
          (epg-context-set-output-file context
                                       (epg-make-temp-file "epg-output")))
        (if signed-text
            (epg-start-verify context
                              (epg-make-data-from-file signature)
                              (epg-make-data-from-file signed-text))
          (epg-start-verify context
                            (epg-make-data-from-file signature)))
        (epg-wait-for-completion context)
        (unless plain
          (epg-read-output context)))
    (unless plain
      (epg-delete-output-file context))
    (epg-reset context)))

;;;###autoload
(defun epg-verify-string (context signature &optional signed-text)
  "Verify a string SIGNATURE.
SIGNED-TEXT is a string if it is specified.

For a detached signature, both SIGNATURE and SIGNED-TEXT should be string.
For a normal or a clear text signature, SIGNED-TEXT should be nil."
  (let ((coding-system-for-write 'binary)
        input-file)
    (unwind-protect
        (progn
          (epg-context-set-output-file context
                                       (epg-make-temp-file "epg-output"))
          (if signed-text
              (progn
                (setq input-file (epg-make-temp-file "epg-signature"))
                (write-region signature nil input-file)
                (epg-start-verify context
                                  (epg-make-data-from-file input-file)
                                  (epg-make-data-from-string signed-text)))
            (epg-start-verify context (epg-make-data-from-string signature)))
          (epg-wait-for-completion context)
          (epg-read-output context))
      (epg-delete-output-file context)
      (if (and input-file
               (file-exists-p input-file))
          (delete-file input-file))
      (epg-reset context))))

;;;###autoload
(defun epg-start-sign (context plain &optional mode)
  "Initiate a sign operation on PLAIN.
PLAIN is a data object.

If optional 3rd argument MODE is 'clearsign, it makes a clear text signature.
If MODE is t or 'detached, it makes a detached signature.
Otherwise, it makes a normal signature.

If you use this function, you will need to wait for the completion of
`epg-gpg-program' by using `epg-wait-for-completion' and call
`epg-reset' to clear a temporaly output file.
If you are unsure, use synchronous version of this function
`epg-sign-file' or `epg-sign-string' instead."
  (epg-context-set-result context nil)
  (epg-start context
             (append (list (if (eq mode 'clearsign)
                               "--clearsign"
                             (if (or (eq mode t) (eq mode 'detached))
                                 "--detach-sign"
                               "--sign")))
                     (apply #'nconc
                            (mapcar (lambda (signer)
                                      (list "-u" signer))
                                    (epg-context-signers context)))
                     (if (epg-data-file plain)
                         (list (epg-data-file plain)))))
  (epg-wait-for-status context '("BEGIN_SIGNING"))
  (if (and (epg-data-string plain)
           (eq (process-status (epg-context-process context)) 'run))
      (process-send-string (epg-context-process context)
                           (epg-data-string plain))))

;;;###autoload
(defun epg-sign-file (context plain signature &optional mode)
  "Sign a file PLAIN and store the result to a file SIGNATURE.
If SIGNATURE is nil, it returns the result as a string.
If optional 3rd argument MODE is 'clearsign, it makes a clear text signature.
If MODE is t or 'detached, it makes a detached signature.
Otherwise, it makes a normal signature."
  (unwind-protect
      (progn
        (if signature
            (epg-context-set-output-file context signature)
          (epg-context-set-output-file context
                                       (epg-make-temp-file "epg-output")))
        (epg-start-sign context (epg-make-data-from-file plain) mode)
        (epg-wait-for-completion context)
        (if (epg-context-result-for context 'error)
            (error "Sign failed"))
        (unless signature
          (epg-read-output context)))
    (unless signature
      (epg-delete-output-file context))
    (epg-reset context)))

;;;###autoload
(defun epg-sign-string (context plain &optional mode)
  "Sign a string PLAIN and return the output as string.
If optional 3rd argument MODE is 'clearsign, it makes a clear text signature.
If MODE is t or 'detached, it makes a detached signature.
Otherwise, it makes a normal signature."
  (unwind-protect
      (progn
        (epg-context-set-output-file context
                                     (epg-make-temp-file "epg-output"))
        (epg-start-sign context (epg-make-data-from-string plain) mode)
        (epg-wait-for-completion context)
        (if (epg-context-result-for context 'error)
            (error "Sign failed"))
        (epg-read-output context))
    (epg-delete-output-file context)
    (epg-reset context)))

;;;###autoload
(defun epg-start-encrypt (context plain recipients
                                  &optional sign always-trust)
  "Initiate an encrypt operation on PLAIN.
PLAIN is a data object.
If RECIPIENTS is nil, it performs symmetric encryption.

If you use this function, you will need to wait for the completion of
`epg-gpg-program' by using `epg-wait-for-completion' and call
`epg-reset' to clear a temporaly output file.
If you are unsure, use synchronous version of this function
`epg-encrypt-file' or `epg-encrypt-string' instead."
  (epg-context-set-result context nil)
  (epg-start context
             (append (if always-trust '("--always-trust"))
                     (if recipients '("--encrypt") '("--symmetric"))
                     (if sign
                         (cons "--sign"
                               (apply #'nconc
                                      (mapcar (lambda (signer)
                                                (list "-u" signer))
                                              (epg-context-signers context)))))
                     (apply #'nconc
                            (mapcar (lambda (recipient)
                                      (list "-r" recipient))
                                    recipients))
                     (if (epg-data-file plain)
                         (list (epg-data-file plain)))))
  (if sign
      (epg-wait-for-status context '("BEGIN_SIGNING"))
    (if (null recipients)
        (epg-wait-for-status context '("BEGIN_ENCRYPTION"))))
  (if (and (epg-data-string plain)
           (eq (process-status (epg-context-process context)) 'run))
      (process-send-string (epg-context-process context)
                           (epg-data-string plain))))

;;;###autoload
(defun epg-encrypt-file (context plain recipients
                                 cipher &optional sign always-trust)
  "Encrypt a file PLAIN and store the result to a file CIPHER.
If CIPHER is nil, it returns the result as a string.
If RECIPIENTS is nil, it performs symmetric encryption."
  (unwind-protect
      (progn
        (if cipher
            (epg-context-set-output-file context cipher)
          (epg-context-set-output-file context
                                       (epg-make-temp-file "epg-output")))
        (epg-start-encrypt context (epg-make-data-from-file plain)
                           recipients sign always-trust)
        (epg-wait-for-completion context)
        (if (epg-context-result-for context 'error)
            (error "Encrypt failed"))
        (unless cipher
          (epg-read-output context)))
    (unless cipher
      (epg-delete-output-file context))
    (epg-reset context)))

;;;###autoload
(defun epg-encrypt-string (context plain recipients
                                   &optional sign always-trust)
  "Encrypt a string PLAIN.
If RECIPIENTS is nil, it performs symmetric encryption."
  (unwind-protect
      (progn
        (epg-context-set-output-file context
                                     (epg-make-temp-file "epg-output"))
        (epg-start-encrypt context (epg-make-data-from-string plain)
                           recipients sign always-trust)
        (epg-wait-for-completion context)
        (if (epg-context-result-for context 'error)
            (error "Encrypt failed"))
        (epg-read-output context))
    (epg-delete-output-file context)
    (epg-reset context)))

;;;###autoload
(defun epg-start-export-keys (context pattern)
  "Initiate an export keys operation.

If you use this function, you will need to wait for the completion of
`epg-gpg-program' by using `epg-wait-for-completion' and call
`epg-reset' to clear a temporaly output file.
If you are unsure, use synchronous version of this function
`epg-export-keys' instead."
  (epg-context-set-result context nil)
  (epg-context-set-output-file context (epg-make-temp-file "epg-output"))
  (epg-start context (list "--export" pattern)))

;;;###autoload
(defun epg-export-keys (context pattern)
  "Extract public keys matched with PATTERN and return them."
  (unwind-protect
      (progn
        (epg-start-export-keys context pattern)
        (epg-wait-for-completion context)
        (if (epg-context-result-for context 'error)
            (error "Export keys failed"))
        (epg-read-output context))
    (epg-reset context)))

;;;###autoload
(defun epg-start-import-keys (context keys)
  "Initiate an import keys operation.
KEYS is a data object.

If you use this function, you will need to wait for the completion of
`epg-gpg-program' by using `epg-wait-for-completion' and call
`epg-reset' to clear a temporaly output file.
If you are unsure, use synchronous version of this function
`epg-import-keys-from-file' or `epg-import-keys-from-string' instead."
  (epg-context-set-result context nil)
  (epg-context-set-output-file context (epg-make-temp-file "epg-output"))
  (epg-start context (append (list "--import") (epg-data-file keys)))
  (if (and (epg-data-string keys)
           (eq (process-status (epg-context-process context)) 'run))
      (process-send-string (epg-context-process context)
                           (epg-data-string keys))))
  
(defun epg-import-keys-1 (context keys)
  (unwind-protect
      (progn
        (epg-start-import-keys context keys)
        (epg-wait-for-completion context)
        (if (epg-context-result-for context 'error)
            (error "Import keys failed"))
        (epg-read-output context))
    (epg-reset context)))

;;;###autoload
(defun epg-import-keys-from-file (context keys)
  "Add keys from a file KEYS."
  (epg-import-keys-1 context (epg-make-data-from-file keys)))

;;;###autoload
(defun epg-import-keys-from-string (context keys)
  "Add keys from a string KEYS."
  (epg-import-keys-1 context (epg-make-data-from-string keys)))

(provide 'epg)

;;; epg.el ends here