1 files changed, 25 insertions, 5 deletions

diff --git a/src/leap/keymanager/openpgp.py b/src/leap/keymanager/openpgp.py
index 8ec86391..a4dc1b8b 100644
--- a/src/leap/keymanager/openpgp.py
+++ b/src/leap/keymanager/openpgp.py
@@ -27,9 +27,11 @@ import re
 import shutil
 import tempfile
 import locale
+from contextlib import closing
 
 from gnupg import GPG
 from gnupg.gnupg import GPGUtilities
+from gnupg._util import _make_binary_stream
 
 from leap.common.check import leap_assert, leap_assert_type
 from leap.keymanager import errors
@@ -46,6 +48,10 @@ from leap.keymanager.keys import (
 logger = logging.getLogger(__name__)
 
 
+#
+# A temporary GPG keyring wrapped to provide OpenPGP functionality.
+#
+
 class TempGPGWrapper(object):
     """
     A context manager that wraps a temporary GPG keyring which only contains
@@ -243,7 +249,7 @@ class OpenPGPScheme(EncryptionScheme):
                 key_length=4096,
                 name_real=address,
                 name_email=address,
-                name_comment='Generated by LEAP Key Manager.')
+                name_comment='')
             logger.info("About to generate keys... This might take SOME time.")
             gpg.gen_key(params)
             logger.info("Keys for %s have been successfully "
@@ -570,15 +576,18 @@ class OpenPGPScheme(EncryptionScheme):
                 '%s != %s' % (rfprint, kfprint))
         return result.data
 
-    def verify(self, data, pubkey):
+    def verify(self, data, pubkey, detached_sig=None):
         """
-        Verify signed C{data} with C{pubkey}.
+        Verify signed C{data} with C{pubkey}, eventually using
+        C{detached_sig}.
 
         :param data: The data to be verified.
         :type data: str
-
         :param pubkey: The public key to be used on verification.
         :type pubkey: OpenPGPKey
+        :param detached_sig: A detached signature. If given, C{data} is
+                             verified against this detached signature.
+        :type detached_sig: str
 
         :return: The ascii-armored signed data.
         :rtype: str
@@ -586,7 +595,18 @@ class OpenPGPScheme(EncryptionScheme):
         leap_assert_type(pubkey, OpenPGPKey)
         leap_assert(pubkey.private is False)
         with self._temporary_gpgwrapper(pubkey) as gpg:
-            result = gpg.verify(data)
+            result = None
+            if detached_sig is None:
+                result = gpg.verify(data)
+            else:
+                # to verify using a detached sig we have to use
+                # gpg.verify_file(), which receives the data as a binary
+                # stream and the name of a file containing the signature.
+                sf, sfname = tempfile.mkstemp()
+                with os.fdopen(sf, 'w') as sfd:
+                    sfd.write(detached_sig)
+                with closing(_make_binary_stream(data, gpg._encoding)) as df:
+                    result = gpg.verify_file(df, sig_file=sfname)
             gpgpubkey = gpg.list_keys().pop()
             valid = result.valid
             rfprint = result.fingerprint