6 files changed, 52 insertions, 7 deletions

diff --git a/src/mailman_pgp/config/mailman_pgp.cfg b/src/mailman_pgp/config/mailman_pgp.cfg
index 0828b3d..6a65ad9 100644
--- a/src/mailman_pgp/config/mailman_pgp.cfg
+++ b/src/mailman_pgp/config/mailman_pgp.cfg
@@ -63,9 +63,20 @@ primary_key: RSA:4096
 #     brainpoolP512r1, secp256k1
 sub_key: RSA:4096
 
-# Shred keys on list deletion?
+# Shred keypair on list deletion? Shredding tries to securely erase the file
+# by overwriting it with random data many times. Will be only performed if
+# the `delete` option is also set to yes.
 shred: yes
 
+# A command, that is run when shredding the list key (if shred is set).
+# It is passed the list key path as an argument.
+# If empty, mailman-pgp will try to shred the listkey itself.
+# Some Linux distributions provide the `shred` command from GNU coreutils, or
+# similar.
+shred_command:
+
+# Delete list keypair on list deletion?
+delete: yes
 
 [queues]
 # The queue to which processed incoming messages are passed.
diff --git a/src/mailman_pgp/config/schema.cfg b/src/mailman_pgp/config/schema.cfg
index feed0b6..9967485 100644
--- a/src/mailman_pgp/config/schema.cfg
+++ b/src/mailman_pgp/config/schema.cfg
@@ -43,6 +43,10 @@ sub_key: (RSA:\d{3,4}|ECDH:(nistp256|nistp384|nistp521|brainpoolP256r1|brainpool
 
 shred: lazr.config.as_boolean
 
+shred_command: mailman_pgp.utils.config.expandable_str
+
+delete: lazr.config.as_boolean
+
 
 [queues]
 in: str
diff --git a/src/mailman_pgp/model/fs_key.py b/src/mailman_pgp/model/fs_key.py
index b72c76f..3ba9aca 100644
--- a/src/mailman_pgp/model/fs_key.py
+++ b/src/mailman_pgp/model/fs_key.py
@@ -108,7 +108,7 @@ class FSKey:
     def shred(self):
         try:
             size = getsize(self.key_path)
-            for _ in range(10):
+            for _ in range(50):
                 with open(self.key_path, 'wb') as f:
                     data = urandom(size)
                     f.write(data)
diff --git a/src/mailman_pgp/model/list.py b/src/mailman_pgp/model/list.py
index 13d4430..84cb3bc 100644
--- a/src/mailman_pgp/model/list.py
+++ b/src/mailman_pgp/model/list.py
@@ -20,6 +20,7 @@ from mailman.database.types import Enum, SAUnicode
 from mailman.interfaces.action import Action
 from mailman.interfaces.listmanager import IListManager, ListDeletingEvent
 from mailman.interfaces.member import MemberRole
+from os import system
 from public import public
 from sqlalchemy import Boolean, Column, Integer
 from sqlalchemy.orm import reconstructor
@@ -154,11 +155,17 @@ class PGPMailingList(Base):
 @classhandler.handler(ListDeletingEvent)
 def on_delete(event):
     shred = config.get_value('keypairs', 'shred')
+    shred_command = config.get_value('keypairs', 'shred_command')
+    delete = config.get_value('keypairs', 'delete')
     pgp_list = PGPMailingList.for_list(event.mailing_list)
     if pgp_list:
         with transaction() as session:
-            if shred:
-                pgp_list.fs_key.shred()
-            else:
-                pgp_list.fs_key.delete()
+            if delete:
+                if shred:
+                    if shred_command:
+                        system(shred_command + ' ' + pgp_list.key_path)
+                    else:
+                        pgp_list.fs_key.shred()
+                else:
+                    pgp_list.fs_key.delete()
             session.delete(pgp_list)
diff --git a/src/mailman_pgp/model/tests/test_list.py b/src/mailman_pgp/model/tests/test_list.py
index aa07a79..9bb0a4e 100644
--- a/src/mailman_pgp/model/tests/test_list.py
+++ b/src/mailman_pgp/model/tests/test_list.py
@@ -50,6 +50,17 @@ class TestPGPMailingList(TestCase):
         getUtility(IListManager).delete(self.mlist)
         self.assertFalse(exists(key_path))
 
+    def test_shred_key_command(self):
+        self.addCleanup(config.set, 'keypairs', 'shred_command', '')
+        config.set('keypairs', 'shred_command', 'shred')
+        key_path = PGPMailingList.for_list(self.mlist).key_path
+        with open(key_path, 'rb') as f:
+            before = f.read()
+        getUtility(IListManager).delete(self.mlist)
+        with open(key_path, 'rb') as f:
+            after = f.read()
+        self.assertNotEqual(before, after)
+
     def test_delete_key(self):
         self.addCleanup(config.set, 'keypairs', 'shred', 'yes')
         config.set('keypairs', 'shred', 'no')
diff --git a/src/mailman_pgp/testing/mailman_pgp.cfg b/src/mailman_pgp/testing/mailman_pgp.cfg
index 1ef8938..d80def0 100644
--- a/src/mailman_pgp/testing/mailman_pgp.cfg
+++ b/src/mailman_pgp/testing/mailman_pgp.cfg
@@ -63,9 +63,21 @@ primary_key: ECDSA:secp256k1
 #     brainpoolP512r1, secp256k1
 sub_key: ECDH:secp256k1
 
-# Shred keys on list deletion?
+# Shred keypair on list deletion? Shredding tries to securely erase the file
+# by overwriting it with random data many times. Will be only performed if
+# the `delete` option is also set to yes.
 shred: yes
 
+# A command, that is run when shredding the list key (if shred is set).
+# It is passed the list key path as an argument.
+# If empty, mailman-pgp will try to shred the listkey itself.
+# Some Linux distributions provide the `shred` command from GNU coreutils, or
+# similar.
+shred_command:
+
+# Delete list keypair on list deletion?
+delete: yes
+
 
 [queues]
 # The queue to which processed incoming messages are passed.