From 5a0824108dc8c5328e95beed9f21fa7bf62d195d Mon Sep 17 00:00:00 2001
From: Scott Kitterman <scott@kitterman.com>
Date: Sun, 15 Dec 2019 01:12:02 -0500
Subject: [PATCH] Provide specialized error message when signing or verifying
 ed25519 signatures and pynacl is not installed (LP: #1854475)

---
 ChangeLog        |  2 ++
 README.md        |  5 +++++
 dkim/__init__.py | 11 ++++++++---
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 10f29b1..48a40d4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
 Version 1.0.1
     - Follow CNAMES when looking up key records when using DNS (pydns)
       (LP: #1856421)
+    - Provide specialized error message when signing or verifying ed25519
+      signatures and pynacl is not installed (LP: #1854475)
 
 2019-12-09 Version 1.0.0
     - Add support for RFC 8460 tlsrpt DKIM signature processing (LP: #1847020)
diff --git a/README.md b/README.md
index 55eae2a..ca26cb2 100644
--- a/README.md
+++ b/README.md
@@ -139,6 +139,11 @@ need not be considered experimental.  The dkimpy implementation has
 successfully interoperated with three other implementations and the technical
 parameters for ed25519-sha256 are defined and stable.
 
+To install from pypi with the required optional depenencies, use the ed25519
+option:
+
+```pip install -e '.[ed25519]'```
+
 ## DKIM SCRIPTS
 
 Three helper programs are also supplied: dknewkey, dkimsign and
diff --git a/dkim/__init__.py b/dkim/__init__.py
index 171e668..de6f1dd 100644
--- a/dkim/__init__.py
+++ b/dkim/__init__.py
@@ -184,7 +184,6 @@ class NaClNotFoundError(DKIMException):
     """ Nacl package not installed, needed for ed25119 signatures """
     pass
 
-
 class UnknownKeyTypeError(DKIMException):
     """ Key type (k tag) is not known (rsa/ed25519) """
 
@@ -443,7 +442,10 @@ def evaluate_pk(name, s):
       pass
   try:
       if pub[b'k'] == b'ed25519':
-          pk = nacl.signing.VerifyKey(pub[b'p'], encoder=nacl.encoding.Base64Encoder)
+          try:
+              pk = nacl.signing.VerifyKey(pub[b'p'], encoder=nacl.encoding.Base64Encoder)
+          except NameError:
+              raise NaClNotFoundError('pynacl module required for ed25519 signing, see README.md')
           keysize = 256
           ktag = b'ed25519'
   except KeyError:
@@ -826,7 +828,10 @@ class DKIM(DomainSigner):
         except UnparsableKeyError as e:
             raise KeyFormatError(str(e))
     elif self.signature_algorithm == b'ed25519-sha256':
-        pk = nacl.signing.SigningKey(privkey, encoder=nacl.encoding.Base64Encoder)
+        try:
+            pk = nacl.signing.SigningKey(privkey, encoder=nacl.encoding.Base64Encoder)
+        except NameError:
+            raise NaClNotFoundError('pynacl module required for ed25519 signing, see README.md')
 
     if identity is not None and not identity.endswith(domain):
         raise ParameterError("identity must end with domain")