diff options
| author | drebs <drebs@leap.se> | 2013-11-04 15:09:40 -0200 |
|---|---|---|
| committer | drebs <drebs@leap.se> | 2013-11-04 15:10:26 -0200 |
| commit | 933731e4671c8ed3b7fa16bf1222e06f76eea215 (patch) | |
| tree | 6d0fab57953d5bddc8a149548bd326754e3c1326 /src/leap/keymanager/openpgp.py | |
| parent | a22efb595cee79fbcab830d8024a173a6a68d6aa (diff) | |
Add verification of detached signatures.
Diffstat (limited to 'src/leap/keymanager/openpgp.py')
| -rw-r--r-- | src/leap/keymanager/openpgp.py | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/src/leap/keymanager/openpgp.py b/src/leap/keymanager/openpgp.py index 8ec8639..111dfaf 100644 --- a/src/leap/keymanager/openpgp.py +++ b/src/leap/keymanager/openpgp.py @@ -30,6 +30,7 @@ import locale from gnupg import GPG from gnupg.gnupg import GPGUtilities +from gnupg._util import _make_binary_stream from leap.common.check import leap_assert, leap_assert_type from leap.keymanager import errors @@ -570,15 +571,18 @@ class OpenPGPScheme(EncryptionScheme): '%s != %s' % (rfprint, kfprint)) return result.data - def verify(self, data, pubkey): + def verify(self, data, pubkey, detached_sig=None): """ - Verify signed C{data} with C{pubkey}. + Verify signed C{data} with C{pubkey}, eventually using + C{detached_sig}. :param data: The data to be verified. :type data: str - :param pubkey: The public key to be used on verification. :type pubkey: OpenPGPKey + :param detached_sig: A detached signature. If given, C{data} is + verified against this detached signature. + :type detached_sig: str :return: The ascii-armored signed data. :rtype: str @@ -586,7 +590,20 @@ class OpenPGPScheme(EncryptionScheme): leap_assert_type(pubkey, OpenPGPKey) leap_assert(pubkey.private is False) with self._temporary_gpgwrapper(pubkey) as gpg: - result = gpg.verify(data) + result = None + if detached_sig is None: + result = gpg.verify(data) + else: + # to verify using a detached sig we have to use + # gpg.verify_file(), which receives the data as a binary + # stream and the name of a file containing the signature. + sf, sfname = tempfile.mkstemp() + sfd = os.fdopen(sf, 'w') + sfd.write(detached_sig) + sfd.close() + df = _make_binary_stream(data, gpg._encoding) + result = gpg.verify_file(df, sig_file=sfname) + df.close() gpgpubkey = gpg.list_keys().pop() valid = result.valid rfprint = result.fingerprint |