[elisp/epg.git] / epg.el

(defgroup epg ()
  "EasyPG, yet another GnuPG interface.")

(defcustom epg-gpg-program "gpg"
  "The `gpg' executable."
  :group 'epg
  :type 'string)

(defvar epg-user-id nil
  "GnuPG ID of your default identity.")

(defvar epg-user-id-alist nil
  "An alist mapping from key ID to user ID.")

(defvar epg-read-point nil)
(defvar epg-pending-status-list nil)
(defvar epg-key-id nil)
(defvar epg-context nil)
(defvar epg-debug nil)

(defvar epg-colons-pub-spec
  '((trust "[^:]")
    (length "[0-9]+" 0 string-to-number)
    (algorithm "[0-9]+" 0 string-to-number)
    (key-id "[^:]+")
    (creation-date "[0-9]+")
    (expiration-date "[0-9]+")
    nil
    (ownertrust "[^:]")
    nil
    nil
    (capability "[escaESCA]*"))
  "The schema of keylisting output whose type is \"pub\".
This is used by `epg-list-keys'.")

(defvar epg-colons-sec-spec
  '((trust "[^:]")
    (length "[0-9]+" 0 string-to-number)
    (algorithm "[0-9]+" 0 string-to-number)
    (key-id "[^:]+")
    (creation-date "[0-9]+")
    (expiration-date "[0-9]+")
    nil
    (ownertrust "[^:]"))
"The schema of keylisting output whose type is \"sec\".
This is used by `epg-list-keys'.")

(defvar epg-colons-uid-spec
  '((trust "[^:]")
    nil
    nil
    nil
    (creation-date "[0-9]+")
    (expiration-date "[0-9]+")
    (hash "[^:]+")
    nil
    (user-id "[^:]+"))
  "The schema of keylisting output whose type is \"uid\".
This is used by `epg-list-keys'.")
    
(defun epg-make-context (&optional protocol armor textmode include-certs)
  "Return a context object."
  (vector protocol armor textmode include-certs
          (cons #'epg-passphrase-callback-function nil)
          (cons #'epg-progress-callback-function nil)
          nil nil nil nil))

(defun epg-context-protocol (context)
  "Return the protocol used within the context."
  (aref context 0))

(defun epg-context-armor (context)
  "Return t if the output shouled be ASCII armored in the CONTEXT context."
  (aref context 1))

(defun epg-context-textmode (context)
  "Return t if canonical text mode should be used in the CONTEXT context."
  (aref context 2))

(defun epg-context-include-certs (context)
  "Return how many certificates should be included in an S/MIME signed
message."
  (aref context 3))

(defun epg-context-passphrase-callback-info (context)
  "Return the function used to query passphrase."
  (aref context 4))

(defun epg-context-progress-callback-info (context)
  "Return the function which handles progress update."
  (aref context 5))

(defun epg-context-signers (context)
  "Return the list of key-id for singning."
  (aref context 6))

(defun epg-context-process (context)
  "Return the process object of `epg-gpg-program'.
This function is for internal use only."
  (aref context 7))

(defun epg-context-output-file (context)
  "Return the output file of `epg-gpg-program'.
This function is for internal use only."
  (aref context 8))

(defun epg-context-result (context)
  "Return the result of the previous cryptographic operation."
  (aref context 9))

(defun epg-context-set-protocol (context protocol)
  "Set the protocol used within the context."
  (aset context 0 protocol))

(defun epg-context-set-armor (context armor)
  "Specify if the output shouled be ASCII armored in the CONTEXT context."
  (aset context 1 armor))

(defun epg-context-set-textmode (context textmode)
  "Specify if canonical text mode should be used in the CONTEXT context."
  (aset context 2 textmode))

(defun epg-context-set-include-certs (context include-certs)
 "Set how many certificates should be included in an S/MIME signed message."
  (aset context 3 include-certs))

(defun epg-context-set-passphrase-callback-info (context
                                                 passphrase-callback-info)
  "Set the function used to query passphrase."
  (aset context 4 passphrase-callback-info))

(defun epg-context-set-progress-callback-info (context progress-callback-info)
  "Set the function which handles progress update."
  (aset context 5 progress-callback-info))

(defun epg-context-set-signers (context signers)
 "Set the list of key-id for singning."
  (aset context 6 signers))

(defun epg-context-set-process (context process)
  "Set the process object of `epg-gpg-program'.
This function is for internal use only."
  (aset context 7 process))

(defun epg-context-set-output-file (context output-file)
  "Set the output file of `epg-gpg-program'.
This function is for internal use only."
  (aset context 8 output-file))

(defun epg-context-set-result (context result)
  "Set the result of the previous cryptographic operation."
  (aset context 9 result))

(defun epg-make-signature (status key-id user-id)
  "Return a signature object."
  (vector status key-id user-id nil nil))

(defun epg-signature-status (signature)
  "Return the status code of SIGNATURE."
  (aref signature 0))

(defun epg-signature-key-id (signature)
  "Return the key-id of SIGNATURE."
  (aref signature 1))

(defun epg-signature-user-id (signature)
  "Return the user-id of SIGNATURE."
  (aref signature 2))
  
(defun epg-signature-validity (signature)
  "Return the validity of SIGNATURE."
  (aref signature 3))

(defun epg-signature-fingerprint (signature)
  "Return the fingerprint of SIGNATURE."
  (aref signature 4))

(defun epg-signature-set-status (signature status)
 "Set the status code of SIGNATURE."
  (aset signature 0 status))

(defun epg-signature-set-key-id (signature key-id)
 "Set the key-id of SIGNATURE."
  (aset signature 1 key-id))

(defun epg-signature-set-user-id (signature user-id)
 "Set the user-id of SIGNATURE."
  (aset signature 2 user-id))
  
(defun epg-signature-set-validity (signature validity)
 "Set the validity of SIGNATURE."
  (aset signature 3 validity))

(defun epg-signature-set-fingerprint (signature fingerprint)
 "Set the fingerprint of SIGNATURE."
  (aset signature 4 fingerprint))

(defun epg-context-result-for (context name)
  (cdr (assq name (epg-context-result context))))

(defun epg-context-set-result-for (context name value)
  (let* ((result (epg-context-result context))
         (entry (assq name result)))
    (if entry
        (setcdr entry value)
      (epg-context-set-result context (cons (cons name value) result)))))

(defun epg-start (context args)
  "Start `epg-gpg-program' in a subprocess with given ARGS."
  (let* ((args (append (list "--no-tty"
                             "--status-fd" "1"
                             "--command-fd" "0"
                             "--yes") ; overwrite
                       (if (epg-context-armor context) '("--armor"))
                       (if (epg-context-textmode context) '("--textmode"))
                       (if (epg-context-output-file context)
                           (list "--output" (epg-context-output-file context)))
                       args))
         (coding-system-for-write 'binary)
         process-connection-type
         (orig-mode (default-file-modes))
         (buffer (generate-new-buffer " *epg*"))
         process)
    (with-current-buffer buffer
      (make-local-variable 'epg-read-point)
      (setq epg-read-point (point-min))
      (make-local-variable 'epg-pending-status-list)
      (setq epg-pending-status-list nil)
      (make-local-variable 'epg-key-id)
      (setq epg-key-id nil)
      (make-local-variable 'epg-context)
      (setq epg-context context))
    (unwind-protect
        (progn
          (set-default-file-modes 448)
          (setq process
                (apply #'start-process "epg" buffer epg-gpg-program args)))
      (set-default-file-modes orig-mode))
    (set-process-filter process #'epg-process-filter)
    (epg-context-set-process context process)))

(defun epg-process-filter (process input)
  (if epg-debug
      (save-excursion
        (set-buffer (get-buffer-create  " *epg-debug*"))
        (goto-char (point-max))
        (insert input)))
  (if (buffer-live-p (process-buffer process))
      (save-excursion
        (set-buffer (process-buffer process))
        (goto-char (point-max))
        (insert input)
        (goto-char epg-read-point)
        (beginning-of-line)
        (while (looking-at ".*\n")      ;the input line is finished
          (save-excursion
            (if (looking-at "\\[GNUPG:] \\([A-Z_]+\\) ?\\(.*\\)")
                (let* ((status (match-string 1))
                       (string (match-string 2))
                       (symbol (intern-soft (concat "epg-status-" status))))
                  (if (member status epg-pending-status-list)
                      (setq epg-pending-status-list nil))
                  (if (and symbol
                           (fboundp symbol))
                      (funcall symbol process string)))))
          (forward-line))
        (setq epg-read-point (point)))))

(defun epg-read-output (context)
  (with-temp-buffer
    (if (fboundp 'set-buffer-multibyte)
        (set-buffer-multibyte nil))
    (if (file-exists-p (epg-context-output-file context))
        (let ((coding-system-for-read (if (epg-context-textmode context)
                                          'raw-text
                                        'binary)))
          (insert-file-contents (epg-context-output-file context))
          (buffer-string)))))

(defun epg-wait-for-status (context status-list)
  (with-current-buffer (process-buffer (epg-context-process context))
    (setq epg-pending-status-list status-list)
    (while (and (eq (process-status (epg-context-process context)) 'run)
                epg-pending-status-list)
      (accept-process-output (epg-context-process context) 1))))

(defun epg-wait-for-completion (context)
  (if (eq (process-status (epg-context-process context)) 'run)
      (process-send-eof (epg-context-process context)))
  (while (eq (process-status (epg-context-process context)) 'run)
    ;; We can't use accept-process-output instead of sit-for here
    ;; because it may cause an interrupt during the sentinel execution.
    (sit-for 0.1)))

(defun epg-reset (context)
  (if (and (epg-context-process context)
           (buffer-live-p (process-buffer (epg-context-process context))))
      (kill-buffer (process-buffer (epg-context-process context))))
  (epg-context-set-process context nil)
  (if (file-exists-p (epg-context-output-file context))
      (delete-file (epg-context-output-file context))))

(defun epg-status-USERID_HINT (process string)
  (if (string-match "\\`\\([^ ]+\\) \\(.*\\)" string)
      (let* ((key-id (match-string 1 string))
             (user-id (match-string 2 string))
             (entry (assoc key-id epg-user-id-alist)))
        (if entry
            (setcdr entry user-id)
          (setq epg-user-id-alist (cons (cons key-id user-id)
                                        epg-user-id-alist))))))

(defun epg-status-NEED_PASSPHRASE (process string)
  (if (string-match "\\`\\([^ ]+\\)" string)
      (setq epg-key-id (match-string 1 string))))

(defun epg-status-NEED_PASSPHRASE_SYM (process string)
  (setq epg-key-id 'SYM))

(defun epg-status-NEED_PASSPHRASE_PIN (process string)
  (setq epg-key-id 'PIN))

(defun epg-status-GET_HIDDEN (process string)
  (let ((passphrase
         (funcall (car (epg-context-passphrase-callback-info epg-context))
                  epg-key-id
                  (cdr (epg-context-passphrase-callback-info epg-context))))
        string)
    (if passphrase
        (unwind-protect
            (progn
              (setq string (concat passphrase "\n"))
              (fillarray passphrase 0)
              (setq passphrase nil)
              (process-send-string process string))
          (if string
              (fillarray string 0))))))

(defun epg-status-GOODSIG (process string)
  (if (string-match "\\`\\([^ ]+\\) \\(.*\\)" string)
      (epg-context-set-result-for
       epg-context
       'verify
       (cons (epg-make-signature 'good
                                 (match-string 1 string)
                                 (match-string 2 string))
             (epg-context-result-for epg-context 'verify)))))

(defun epg-status-EXPSIG (process string)
  (if (string-match "\\`\\([^ ]+\\) \\(.*\\)" string)
      (epg-context-set-result-for
       epg-context
       'verify
       (cons (epg-make-signature 'expired
                                 (match-string 1 string)
                                 (match-string 2 string))
             (epg-context-result-for epg-context 'verify)))))

(defun epg-status-EXPKEYSIG (process string)
  (if (string-match "\\`\\([^ ]+\\) \\(.*\\)" string)
      (epg-context-set-result-for
       epg-context
       'verify
       (cons (epg-make-signature 'expired-key
                                 (match-string 1 string)
                                 (match-string 2 string))
             (epg-context-result-for epg-context 'verify)))))

(defun epg-status-REVKEYSIG (process string)
  (if (string-match "\\`\\([^ ]+\\) \\(.*\\)" string)
      (epg-context-set-result-for
       epg-context
       'verify
       (cons (epg-make-signature 'revoked-key
                                 (match-string 1 string)
                                 (match-string 2 string))
             (epg-context-result-for epg-context 'verify)))))

(defun epg-status-BADSIG (process string)
  (if (string-match "\\`\\([^ ]+\\) \\(.*\\)" string)
      (epg-context-set-result-for
       epg-context
       'verify
       (cons (epg-make-signature 'bad
                                 (match-string 1 string)
                                 (match-string 2 string))
             (epg-context-result-for epg-context 'verify)))))

(defun epg-status-VALIDSIG (process string)
  (let ((signature (car (epg-context-result-for epg-context 'verify))))
    (if (and signature
             (eq (epg-signature-status signature) 'good)
             (string-match "\\`\\([^ ]+\\) " string))
        (epg-signature-set-fingerprint signature (match-string 1 string)))))

(defun epg-status-TRUST_UNDEFINED (process string)
  (let ((signature (car (epg-context-result-for epg-context 'verify))))
    (if (and signature
             (eq (epg-signature-status signature) 'good))
        (epg-signature-set-validity signature 'undefined))))

(defun epg-status-TRUST_NEVER (process string)
  (let ((signature (car (epg-context-result-for epg-context 'verify))))
    (if (and signature
             (eq (epg-signature-status signature) 'good))
        (epg-signature-set-validity signature 'never))))

(defun epg-status-TRUST_MARGINAL (process string)
  (let ((signature (car (epg-context-result-for epg-context 'verify))))
    (if (and signature
             (eq (epg-signature-status signature) 'marginal))
        (epg-signature-set-validity signature 'marginal))))

(defun epg-status-TRUST_FULLY (process string)
  (let ((signature (car (epg-context-result-for epg-context 'verify))))
    (if (and signature
             (eq (epg-signature-status signature) 'good))
        (epg-signature-set-validity signature 'fully))))

(defun epg-status-TRUST_ULTIMATE (process string)
  (let ((signature (car (epg-context-result-for epg-context 'verify))))
    (if (and signature
             (eq (epg-signature-status signature) 'good))
        (epg-signature-set-validity signature 'ultimate))))

(defun epg-status-PROGRESS (process string)
  (if (string-match "\\`\\([^ ]+\\) \\([^ ]\\) \\([0-9]+\\) \\([0-9]+\\)"
                    string)
      (funcall (car (epg-context-progress-callback-info epg-context))
               (match-string 1 string)
               (match-string 2 string)
               (string-to-number (match-string 3 string))
               (string-to-number (match-string 4 string))
               (cdr (epg-context-progress-callback-info epg-context)))))

(defun epg-status-DECRYPTION_FAILED (process string)
  (epg-context-set-result-for
   epg-context 'error
   (cons 'decryption-failed
         (epg-context-result-for epg-context 'error))))

(defun epg-status-NODATA (process string)
  (epg-context-set-result-for
   epg-context 'error
   (cons (cons 'no-data (string-to-number string))
         (epg-context-result-for epg-context 'error))))

(defun epg-status-UNEXPECTED (process string)
  (epg-context-set-result-for
   epg-context 'error
   (cons (cons 'unexpected (string-to-number string))
         (epg-context-result-for epg-context 'error))))

(defun epg-status-KEYEXPIRED (process string)
  (epg-context-set-result-for
   epg-context 'error
   (cons (cons 'key-expired string)
         (epg-context-result-for epg-context 'error))))

(defun epg-status-KEYREVOKED (process string)
  (epg-context-set-result-for
   epg-context 'error
   (cons 'key-revoked
         (epg-context-result-for epg-context 'error))))

(defun epg-status-BADARMOR (process string)
  (epg-context-set-result-for
   epg-context 'error
   (cons 'bad-armor
         (epg-context-result-for epg-context 'error))))

(defun epg-passphrase-callback-function (key-id handback)
  (read-passwd
   (if (eq key-id 'SYM)
       "Passphrase for symmetric encryption: "
     (if (eq key-id 'PIN)
         "Passphrase for PIN: "
       (let ((entry (assoc key-id epg-user-id-alist)))
         (if entry
             (format "Passphrase for %s %s: " key-id (cdr entry))
           (format "Passphrase for %s: " key-id)))))))

(defun epg-progress-callback-function (what char current total handback)
  (message "%s: %d%%/%d%%" what current total))

(defun epg-list-keys (name &optional secret)
  "List keys associated with STRING."
  (let ((args (list "--with-colons" "--no-greeting" "--batch"
                    "--fixed-list-mode"
                    (if secret "--list-secret-keys" "--list-keys")
                    name))
        keys type symbol pointer)
    (with-temp-buffer
      (apply #'call-process epg-gpg-program nil (list t nil) nil args)
      (goto-char (point-min))
      (while (looking-at "\\([a-z][a-z][a-z]\\):\\(.*\\)")
        (setq type (match-string 1)
              symbol (intern-soft (format "epg-colons-%s-spec" type)))
        (if (member type '("pub" "sec"))
            (setq keys (cons nil keys)))
        (if (and symbol
                 (boundp symbol))
            (setcar keys (cons (cons (intern type)
                                     (epg-parse-colons
                                      (symbol-value symbol)
                                      (match-string 2)))
                               (car keys))))
        (forward-line)))
    (setq pointer keys)
    (while pointer
      (setcar pointer (nreverse (car pointer)))
      (setq pointer (cdr pointer)))
    (nreverse keys)))

(defun epg-parse-colons (alist string)
  (let ((index 0)
        result)
    (while (and alist
                (or (null (car alist))
                    (eq index
                        (string-match
                         (concat "\\(" (nth 1 (car alist)) "\\)?:")
                         string index))))
      (if (car alist)
          (progn
            (setq index (match-end 0))
            (if (match-beginning 1)
                (setq result
                      (cons (cons (car (car alist))
                                  (funcall (or (nth 3 (car alist)) #'identity)
                                           (match-string
                                            (1+ (or (nth 2 (car alist)) 0))
                                            string)))
                            result))))
        (setq index (1+ index)))
      (setq alist (cdr alist)))
    (nreverse result)))

(if (fboundp 'make-temp-file)
    (defalias 'epg-make-temp-file 'make-temp-file)
  ;; stolen from poe.el.
  (defun epg-make-temp-file (prefix)
    "Create a temporary file.
The returned file name (created by appending some random characters at the end
of PREFIX, and expanding against `temporary-file-directory' if necessary),
is guaranteed to point to a newly created empty file.
You can then use `write-region' to write new data into the file."
    (let (tempdir tempfile)
      (unwind-protect
          (let (file)
            ;; First, create a temporary directory.
            (while (condition-case ()
                       (progn
                         (setq tempdir (make-temp-name
                                        (concat
                                         (file-name-directory prefix)
                                         "DIR")))
                         ;; return nil or signal an error.
                         (make-directory tempdir))
                     ;; let's try again.
                     (file-already-exists t)))
            (set-file-modes tempdir 448)
            ;; Second, create a temporary file in the tempdir.
            ;; There *is* a race condition between `make-temp-name'
            ;; and `write-region', but we don't care it since we are
            ;; in a private directory now.
            (setq tempfile (make-temp-name (concat tempdir "/EMU")))
            (write-region "" nil tempfile nil 'silent)
            (set-file-modes tempfile 384)
            ;; Finally, make a hard-link from the tempfile.
            (while (condition-case ()
                       (progn
                         (setq file (make-temp-name prefix))
                         ;; return nil or signal an error.
                         (add-name-to-file tempfile file))
                     ;; let's try again.
                     (file-already-exists t)))
            file)
        ;; Cleanup the tempfile.
        (and tempfile
             (file-exists-p tempfile)
             (delete-file tempfile))
        ;; Cleanup the tempdir.
        (and tempdir
             (file-directory-p tempdir)
             (delete-directory tempdir))))))

;;;###autoload
(defun epg-start-decrypt (context input-file)
  "Initiate a decrypt operation on INPUT-FILE.

If you use this function, you will need to wait for the completion of
`epg-gpg-program' by using `epg-wait-for-completion' and call
`epg-reset' to clear a temporaly output file.
If you are unsure, use synchronous version of this function
`epg-decrypt-string' instead."
  (epg-context-set-result context nil)
  (epg-context-set-output-file context (epg-make-temp-file "epg-output"))
  (epg-start context
             (list "--decrypt" input-file))
  (epg-wait-for-status context '("BEGIN_DECRYPTION")))

;;;###autoload
(defun epg-decrypt-file (context input-file)
  "Decrypt INPUT-FILE and return the plain text."
  (unwind-protect
      (progn
        (epg-start-decrypt context input-file)
        (epg-wait-for-completion context)
        (if (epg-context-result-for context 'error)
            (error "Decryption failed"))
        (epg-read-output context))
    (epg-reset context)))

;;;###autoload
(defun epg-decrypt-string (context string)
  "Decrypt STRING and return the plain text."
  (let ((input-file (epg-make-temp-file "epg-input"))
        (coding-system-for-write 'binary))
    (unwind-protect
        (progn
          (write-region string nil input-file)
          (epg-decrypt-file context input-file))
      (if (file-exists-p input-file)
          (delete-file input-file)))))

;;;###autoload
(defun epg-start-verify (context signature &optional string)
  "Initiate a verify operation on SIGNATURE.

For a detached signature, both SIGNATURE and STRING should be string.
For a normal or a clear text signature, STRING should be nil.

If you use this function, you will need to wait for the completion of
`epg-gpg-program' by using `epg-wait-for-completion' and call
`epg-reset' to clear a temporaly output file.
If you are unsure, use synchronous version of this function
`epg-verify-string' instead."
  (epg-context-set-result context nil)
  (epg-context-set-output-file context (epg-make-temp-file "epg-output"))
  (if string
      ;; Detached signature.
      (progn
        (epg-start context
                   (append (list "--verify")
                           (list signature "-")))
        (if (eq (process-status (epg-context-process context)) 'run)
            (process-send-string (epg-context-process context) string)))
    ;; Normal (or cleartext) signature.
    (epg-start context (list "--verify"))
    (if (eq (process-status (epg-context-process context)) 'run)
        (process-send-string (epg-context-process context) signature))))

;;;###autoload
(defun epg-verify-file (context input-file &optional string)
  "Verify INPUT-FILE.

For a detached signature, both INPUT-FILE and STRING should be string.
For a normal or a clear text signature, STRING should be nil."
  (unwind-protect
      (progn
        (epg-start-verify context input-file string)
        (epg-wait-for-completion context)
        (epg-context-result-for context 'verify))
    (epg-reset context)))

;;;###autoload
(defun epg-verify-string (context signature &optional string)
  "Verify SIGNATURE.

For a detached signature, both SIGNATURE and STRING should be string.
For a normal or a clear text signature, STRING should be nil."
  (let ((input-file (epg-make-temp-file "epg-input"))
        (coding-system-for-write 'binary))
    (unwind-protect
        (progn
          (if string
              (write-region signature nil input-file))
          (epg-verify-file context input-file string))
      (if (file-exists-p input-file)
          (delete-file input-file)))))

;;;###autoload
(defun epg-start-sign (context string &optional mode)
  "Initiate a sign operation on STRING.

If optional 3rd argument MODE is 'clearsign, it makes a clear text signature.
If MODE is t or 'detached, it makes a detached signature.
Otherwise, it makes a normal signature.

If you use this function, you will need to wait for the completion of
`epg-gpg-program' by using `epg-wait-for-completion' and call
`epg-reset' to clear a temporaly output file.
If you are unsure, use synchronous version of this function
`epg-sign-string' instead."
  (epg-context-set-result context nil)
  (epg-context-set-output-file context (epg-make-temp-file "epg-output"))
  (epg-start context
             (append (list (if (eq mode 'clearsign)
                               "--clearsign"
                             (if (or (eq mode t) (eq mode 'detached))
                                 "--detach-sign"
                               "--sign")))
                     (apply #'nconc
                            (mapcar (lambda (signer)
                                      (list "-u" signer))
                                    (epg-context-signers context)))))
  (epg-wait-for-status context '("BEGIN_SIGNING"))
  (if (eq (process-status (epg-context-process context)) 'run)
      (process-send-string (epg-context-process context) string)))

;;;###autoload
(defun epg-sign-string (context string &optional mode)
  "Sign STRING and return the output as string.
If optional 3rd argument MODE is 'clearsign, it makes a clear text signature.
If MODE is t or 'detached, it makes a detached signature.
Otherwise, it makes a normal signature."
  (unwind-protect
      (progn
        (epg-start-sign context string mode)
        (epg-wait-for-completion context)
        (if (epg-context-result-for context 'error)
            (error "Sign failed"))
        (epg-read-output context))
    (epg-reset context)))

;;;###autoload
(defun epg-start-encrypt (context string recipients
                                  &optional sign always-trust)
  "Initiate an encrypt operation on STRING.
If RECIPIENTS is nil, it performs symmetric encryption.

If you use this function, you will need to wait for the completion of
`epg-gpg-program' by using `epg-wait-for-completion' and call
`epg-reset' to clear a temporaly output file.
If you are unsure, use synchronous version of this function
`epg-encrypt-string' instead."
  (epg-context-set-result context nil)
  (epg-context-set-output-file context (epg-make-temp-file "epg-output"))
  (epg-start context
             (append (if always-trust '("--always-trust"))
                     (if recipients '("--encrypt") '("--symmetric"))
                     (if sign
                         (cons "--sign"
                               (apply #'nconc
                                      (mapcar (lambda (signer)
                                                (list "-u" signer))
                                              (epg-context-signers context)))))
                     (apply #'nconc
                            (mapcar (lambda (recipient)
                                      (list "-r" recipient))
                                    recipients))))
  (if sign
      (epg-wait-for-status context '("BEGIN_SIGNING"))
    (if (null recipients)
        (epg-wait-for-status context '("BEGIN_ENCRYPTION"))))
  (if (eq (process-status (epg-context-process context)) 'run)
      (process-send-string (epg-context-process context) string)))

;;;###autoload
(defun epg-encrypt-string (context string recipients
                                   &optional sign always-trust)
  "Encrypt STRING.
If RECIPIENTS is nil, it performs symmetric encryption."
  (unwind-protect
      (progn
        (epg-start-encrypt context string recipients sign always-trust)
        (epg-wait-for-completion context)
        (if (epg-context-result-for context 'error)
            (error "Encrypt failed"))
        (epg-read-output context))
    (epg-reset context)))

;;;###autoload
(defun epg-start-export-keys (context pattern)
  "Initiate an export keys operation.

If you use this function, you will need to wait for the completion of
`epg-gpg-program' by using `epg-wait-for-completion' and call
`epg-reset' to clear a temporaly output file.
If you are unsure, use synchronous version of this function
`epg-export-keys' instead."
  (epg-context-set-result context nil)
  (epg-context-set-output-file context (epg-make-temp-file "epg-output"))
  (epg-start context (list "--export" pattern)))

;;;###autoload
(defun epg-export-keys (context pattern)
  "Extract public keys matched with PATTERN and return them."
  (unwind-protect
      (progn
        (epg-start-export-keys context pattern)
        (epg-wait-for-completion context)
        (if (epg-context-result-for context 'error)
            (error "Export keys failed"))
        (epg-read-output context))
    (epg-reset context)))

;;;###autoload
(defun epg-start-import-keys (context keys)
  "Initiate an import key operation.

If you use this function, you will need to wait for the completion of
`epg-gpg-program' by using `epg-wait-for-completion' and call
`epg-reset' to clear a temporaly output file.
If you are unsure, use synchronous version of this function
`epg-import-keys' instead."
  (epg-context-set-result context nil)
  (epg-context-set-output-file context (epg-make-temp-file "epg-output"))
  (epg-start context (list "--import"))
  (if (eq (process-status (epg-context-process context)) 'run)
      (process-send-string (epg-context-process context) keys)))

;;;###autoload
(defun epg-import-keys (context keys)
  "Add KEYS."
  (unwind-protect
      (progn
        (epg-start-import-keys context keys)
        (epg-wait-for-completion context)
        (if (epg-context-result-for context 'error)
            (error "Import keys failed"))
        (epg-read-output context))
    (epg-reset context)))

(provide 'epg)

;;; epg.el ends here