python: Allow returning signatures made by unknown keys in decrypt
-- This functionality got dropped somewhere after 1.12, as part of the cleanup of the `Context.decrypt` call signature. Reintroduce it again, now using an explicit keyword argument `filter_signatures` (which defaults to hiding signatures by unknown keys). GnuPG-bug-id: 5292
This commit is contained in:
parent
ac4536990a
commit
14b148b7d3
3
NEWS
3
NEWS
@ -7,6 +7,9 @@ Noteworthy changes in version 1.15.2 (unreleased)
|
|||||||
|
|
||||||
* qt: Add support for flags in LDAP server options. [#5217]
|
* qt: Add support for flags in LDAP server options. [#5217]
|
||||||
|
|
||||||
|
* python: New optional parameter filter_signatures for decrypt.
|
||||||
|
[#5292]
|
||||||
|
|
||||||
* Interface changes relative to the 1.15.1 release:
|
* Interface changes relative to the 1.15.1 release:
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
gpgme_set_ctx_flag EXTENDED: New flag 'cert-expire'.
|
gpgme_set_ctx_flag EXTENDED: New flag 'cert-expire'.
|
||||||
|
@ -342,7 +342,7 @@ class Context(GpgmeWrapper):
|
|||||||
|
|
||||||
return self.__read__(sink, ciphertext), result, sig_result
|
return self.__read__(sink, ciphertext), result, sig_result
|
||||||
|
|
||||||
def decrypt(self, ciphertext, sink=None, passphrase=None, verify=True):
|
def decrypt(self, ciphertext, sink=None, passphrase=None, verify=True, filter_signatures=True):
|
||||||
"""Decrypt data
|
"""Decrypt data
|
||||||
|
|
||||||
Decrypt the given ciphertext and verify any signatures. If
|
Decrypt the given ciphertext and verify any signatures. If
|
||||||
@ -354,6 +354,10 @@ class Context(GpgmeWrapper):
|
|||||||
signatures are required and no MissingSignatures error will be
|
signatures are required and no MissingSignatures error will be
|
||||||
raised).
|
raised).
|
||||||
|
|
||||||
|
The filter_signatures argument can be used to force this
|
||||||
|
function to return signatures that are not fully trusted - for
|
||||||
|
example because they were made by unknown keys.
|
||||||
|
|
||||||
If the ciphertext is symmetrically encrypted using a
|
If the ciphertext is symmetrically encrypted using a
|
||||||
passphrase, that passphrase can be given as parameter, using a
|
passphrase, that passphrase can be given as parameter, using a
|
||||||
callback registered at the context, or out-of-band via
|
callback registered at the context, or out-of-band via
|
||||||
@ -364,6 +368,8 @@ class Context(GpgmeWrapper):
|
|||||||
passphrase -- for symmetric decryption
|
passphrase -- for symmetric decryption
|
||||||
verify -- check signatures (boolean or iterable of keys,
|
verify -- check signatures (boolean or iterable of keys,
|
||||||
see above) (default True)
|
see above) (default True)
|
||||||
|
filter_signatures -- if this function should filter out signatures
|
||||||
|
that are not completely OK (default True)
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
plaintext -- the decrypted data (or None if sink is given)
|
plaintext -- the decrypted data (or None if sink is given)
|
||||||
@ -437,8 +443,8 @@ class Context(GpgmeWrapper):
|
|||||||
results=results)
|
results=results)
|
||||||
|
|
||||||
if do_sig_verification:
|
if do_sig_verification:
|
||||||
# filter out all invalid signatures
|
if filter_signatures:
|
||||||
verify_result.signatures = list(filter(lambda s: s.status == errors.NO_ERROR, verify_result.signatures))
|
verify_result.signatures = list(filter(lambda s: s.status == errors.NO_ERROR, verify_result.signatures))
|
||||||
if required_keys is not None:
|
if required_keys is not None:
|
||||||
missing = []
|
missing = []
|
||||||
for key in required_keys:
|
for key in required_keys:
|
||||||
|
Loading…
Reference in New Issue
Block a user