From 14b148b7d34038fac863ab882de29c6d35d425f1 Mon Sep 17 00:00:00 2001 From: Jasper Spaans Date: Tue, 9 Feb 2021 11:29:07 +0100 Subject: [PATCH] python: Allow returning signatures made by unknown keys in `decrypt` -- This functionality got dropped somewhere after 1.12, as part of the cleanup of the `Context.decrypt` call signature. Reintroduce it again, now using an explicit keyword argument `filter_signatures` (which defaults to hiding signatures by unknown keys). GnuPG-bug-id: 5292 --- NEWS | 3 +++ lang/python/src/core.py | 12 +++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 01f7b990..91cad186 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,9 @@ Noteworthy changes in version 1.15.2 (unreleased) * qt: Add support for flags in LDAP server options. [#5217] + * python: New optional parameter filter_signatures for decrypt. + [#5292] + * Interface changes relative to the 1.15.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_set_ctx_flag EXTENDED: New flag 'cert-expire'. diff --git a/lang/python/src/core.py b/lang/python/src/core.py index 5e57e4a0..9618adcf 100644 --- a/lang/python/src/core.py +++ b/lang/python/src/core.py @@ -342,7 +342,7 @@ class Context(GpgmeWrapper): return self.__read__(sink, ciphertext), result, sig_result - def decrypt(self, ciphertext, sink=None, passphrase=None, verify=True): + def decrypt(self, ciphertext, sink=None, passphrase=None, verify=True, filter_signatures=True): """Decrypt data Decrypt the given ciphertext and verify any signatures. If @@ -354,6 +354,10 @@ class Context(GpgmeWrapper): signatures are required and no MissingSignatures error will be raised). + The filter_signatures argument can be used to force this + function to return signatures that are not fully trusted - for + example because they were made by unknown keys. + If the ciphertext is symmetrically encrypted using a passphrase, that passphrase can be given as parameter, using a callback registered at the context, or out-of-band via @@ -364,6 +368,8 @@ class Context(GpgmeWrapper): passphrase -- for symmetric decryption verify -- check signatures (boolean or iterable of keys, see above) (default True) + filter_signatures -- if this function should filter out signatures + that are not completely OK (default True) Returns: plaintext -- the decrypted data (or None if sink is given) @@ -437,8 +443,8 @@ class Context(GpgmeWrapper): results=results) if do_sig_verification: - # filter out all invalid signatures - verify_result.signatures = list(filter(lambda s: s.status == errors.NO_ERROR, verify_result.signatures)) + if filter_signatures: + verify_result.signatures = list(filter(lambda s: s.status == errors.NO_ERROR, verify_result.signatures)) if required_keys is not None: missing = [] for key in required_keys: