python: Allow returning signatures made by unknown keys in decrypt
-- This functionality got dropped somewhere after 1.12, as part of the cleanup of the `Context.decrypt` call signature. Reintroduce it again, now using an explicit keyword argument `filter_signatures` (which defaults to hiding signatures by unknown keys). GnuPG-bug-id: 5292
This commit is contained in:
parent
ac4536990a
commit
14b148b7d3
3
NEWS
3
NEWS
@ -7,6 +7,9 @@ Noteworthy changes in version 1.15.2 (unreleased)
|
||||
|
||||
* qt: Add support for flags in LDAP server options. [#5217]
|
||||
|
||||
* python: New optional parameter filter_signatures for decrypt.
|
||||
[#5292]
|
||||
|
||||
* Interface changes relative to the 1.15.1 release:
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
gpgme_set_ctx_flag EXTENDED: New flag 'cert-expire'.
|
||||
|
@ -342,7 +342,7 @@ class Context(GpgmeWrapper):
|
||||
|
||||
return self.__read__(sink, ciphertext), result, sig_result
|
||||
|
||||
def decrypt(self, ciphertext, sink=None, passphrase=None, verify=True):
|
||||
def decrypt(self, ciphertext, sink=None, passphrase=None, verify=True, filter_signatures=True):
|
||||
"""Decrypt data
|
||||
|
||||
Decrypt the given ciphertext and verify any signatures. If
|
||||
@ -354,6 +354,10 @@ class Context(GpgmeWrapper):
|
||||
signatures are required and no MissingSignatures error will be
|
||||
raised).
|
||||
|
||||
The filter_signatures argument can be used to force this
|
||||
function to return signatures that are not fully trusted - for
|
||||
example because they were made by unknown keys.
|
||||
|
||||
If the ciphertext is symmetrically encrypted using a
|
||||
passphrase, that passphrase can be given as parameter, using a
|
||||
callback registered at the context, or out-of-band via
|
||||
@ -364,6 +368,8 @@ class Context(GpgmeWrapper):
|
||||
passphrase -- for symmetric decryption
|
||||
verify -- check signatures (boolean or iterable of keys,
|
||||
see above) (default True)
|
||||
filter_signatures -- if this function should filter out signatures
|
||||
that are not completely OK (default True)
|
||||
|
||||
Returns:
|
||||
plaintext -- the decrypted data (or None if sink is given)
|
||||
@ -437,7 +443,7 @@ class Context(GpgmeWrapper):
|
||||
results=results)
|
||||
|
||||
if do_sig_verification:
|
||||
# filter out all invalid signatures
|
||||
if filter_signatures:
|
||||
verify_result.signatures = list(filter(lambda s: s.status == errors.NO_ERROR, verify_result.signatures))
|
||||
if required_keys is not None:
|
||||
missing = []
|
||||
|
Loading…
Reference in New Issue
Block a user