BatzenCA is a set of Python of classes and functions that ought to make managing OpenPGP keys easier for certification authorities.
A group of users want to use a mailing list but with OpenPGP encrypted messages. They don’t want the server to be able to decrypt their messages either. An easy ad-hoc way of accomplishing this is by every user encrypting to every other user. This can easily accomplished using e.g. Thunderbird/Enigmail’s “Per-Recipient Rules”.
As the group grows, verifying each other’s OpenPGP keys becomes tedious. Our group of users choose not to use the Web of Trust, say because they have a clear definition who belongs on their list and who doesn’t. Instead, they nominate a user or a group of users as a Certification Authority (CA), so they are actually doing the X.509 thing with OpenPGP: all users verify the CA’s key and grant it full owner trust. The CA then checks new users’ identities, verifies their keys, signs and distributes them. When users leave the group the CA revokes its signature. To update the users of our mailing list the CA sends (ir)regular “releases” which contain all keys for those users active on our mailing list. The remaining users import these keys and to update their per-recipient rules to reflect these changes. In a nutshell: a poor person’s CA using OpenPGP.
This library makes the job of the CA easier by providing means to prepare such releases.
The purpose of this library is to distribute OpenPGP keys in releases (batzenca.database.releases.Release). These releases contain active and inactive keys (batzenca.database.keys.Key) one for each user (batzenca.database.peers.Peer). Active are those keys which users ought to use, while inactive keys are those where the signature was revoked etc. Releases are meant for specific mailinglists (batzenca.database.mailinglists.MailingList). Each mailinglist furthermore has a policy (batzenca.database.policies.Policy) which specifies what kind of PGP keys are acceptable - for example, it might specify that keys must expire every 2 years.
BatzenCA relies on PyMe ≥ 0.9.0 for talking to GnuPG.
Note that an abandoned branch is available which attempts to switch to the newer PyGPGME is available on Bitbucket. It was abandoned because PyGPGME does not provide an interface to all GPGME functions needed by BatzenCA.
BatzenCA uses SQLAlchemy to talk to a SQLite database which stores all metadata about keys such as users, releases, mailing lists, policies etc.
BatzenCA uses GitPython to take snapshots of its database and the internal GnuPG directory.
The easiest way to install all required Python packages is:
pip install -r requirements.txt
Alternatives to realising OpenPGP encrypted mailinglists include
- Schleuder “Schleuder is a gpg-enabled mailinglist with remailer-capabilities. It is designed to serve as a tool for group communication: subscribers can communicate encrypted (and pseudonymously) among themselves, receive emails from non-subscribers and send emails to non-subscribers via the list. Schleuder takes care of all de- and encryption, stripping of headers, formatting conversions, etc. Further schleuder can send out its own public key upon request and receive administrative commands by email.” – http://schleuder2.nadir.org/ Hence, users must trust that the server has not been compromised.
- SELS “Secure Email List Services (SELS) is an open source software for creating and developing secure email list services among user communities. SELS provides signature and encryption capabilities while ensuring that the List Server does not have access to email plain text. SELS has been developed with available open-source components and is compatible with many commonly used email clients.” – http://sels.ncsa.illinois.edu/ However, the project is discontinued.