summaryrefslogtreecommitdiff
path: root/src/leap/keymanager/openpgp.py
diff options
context:
space:
mode:
authordrebs <drebs@leap.se>2013-11-04 15:09:40 -0200
committerdrebs <drebs@leap.se>2013-11-04 15:10:26 -0200
commit933731e4671c8ed3b7fa16bf1222e06f76eea215 (patch)
tree6d0fab57953d5bddc8a149548bd326754e3c1326 /src/leap/keymanager/openpgp.py
parenta22efb595cee79fbcab830d8024a173a6a68d6aa (diff)
Add verification of detached signatures.
Diffstat (limited to 'src/leap/keymanager/openpgp.py')
-rw-r--r--src/leap/keymanager/openpgp.py25
1 files changed, 21 insertions, 4 deletions
diff --git a/src/leap/keymanager/openpgp.py b/src/leap/keymanager/openpgp.py
index 8ec86391..111dfafa 100644
--- a/src/leap/keymanager/openpgp.py
+++ b/src/leap/keymanager/openpgp.py
@@ -30,6 +30,7 @@ import locale
from gnupg import GPG
from gnupg.gnupg import GPGUtilities
+from gnupg._util import _make_binary_stream
from leap.common.check import leap_assert, leap_assert_type
from leap.keymanager import errors
@@ -570,15 +571,18 @@ class OpenPGPScheme(EncryptionScheme):
'%s != %s' % (rfprint, kfprint))
return result.data
- def verify(self, data, pubkey):
+ def verify(self, data, pubkey, detached_sig=None):
"""
- Verify signed C{data} with C{pubkey}.
+ Verify signed C{data} with C{pubkey}, eventually using
+ C{detached_sig}.
:param data: The data to be verified.
:type data: str
-
:param pubkey: The public key to be used on verification.
:type pubkey: OpenPGPKey
+ :param detached_sig: A detached signature. If given, C{data} is
+ verified against this detached signature.
+ :type detached_sig: str
:return: The ascii-armored signed data.
:rtype: str
@@ -586,7 +590,20 @@ class OpenPGPScheme(EncryptionScheme):
leap_assert_type(pubkey, OpenPGPKey)
leap_assert(pubkey.private is False)
with self._temporary_gpgwrapper(pubkey) as gpg:
- result = gpg.verify(data)
+ result = None
+ if detached_sig is None:
+ result = gpg.verify(data)
+ else:
+ # to verify using a detached sig we have to use
+ # gpg.verify_file(), which receives the data as a binary
+ # stream and the name of a file containing the signature.
+ sf, sfname = tempfile.mkstemp()
+ sfd = os.fdopen(sf, 'w')
+ sfd.write(detached_sig)
+ sfd.close()
+ df = _make_binary_stream(data, gpg._encoding)
+ result = gpg.verify_file(df, sig_file=sfname)
+ df.close()
gpgpubkey = gpg.list_keys().pop()
valid = result.valid
rfprint = result.fingerprint