python: Allow returning signatures made by unknown keys in decrypt

--
This functionality got dropped somewhere after 1.12, as part of the
cleanup of the `Context.decrypt` call signature. Reintroduce it again,
now using an explicit keyword argument `filter_signatures` (which
defaults to hiding signatures by unknown keys).

GnuPG-bug-id: 5292
This commit is contained in:
Jasper Spaans 2021-02-09 11:29:07 +01:00 committed by Werner Koch
parent ac4536990a
commit 14b148b7d3
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 12 additions and 3 deletions

3
NEWS
View File

@ -7,6 +7,9 @@ Noteworthy changes in version 1.15.2 (unreleased)
* qt: Add support for flags in LDAP server options. [#5217]
* python: New optional parameter filter_signatures for decrypt.
[#5292]
* Interface changes relative to the 1.15.1 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgme_set_ctx_flag EXTENDED: New flag 'cert-expire'.

View File

@ -342,7 +342,7 @@ class Context(GpgmeWrapper):
return self.__read__(sink, ciphertext), result, sig_result
def decrypt(self, ciphertext, sink=None, passphrase=None, verify=True):
def decrypt(self, ciphertext, sink=None, passphrase=None, verify=True, filter_signatures=True):
"""Decrypt data
Decrypt the given ciphertext and verify any signatures. If
@ -354,6 +354,10 @@ class Context(GpgmeWrapper):
signatures are required and no MissingSignatures error will be
raised).
The filter_signatures argument can be used to force this
function to return signatures that are not fully trusted - for
example because they were made by unknown keys.
If the ciphertext is symmetrically encrypted using a
passphrase, that passphrase can be given as parameter, using a
callback registered at the context, or out-of-band via
@ -364,6 +368,8 @@ class Context(GpgmeWrapper):
passphrase -- for symmetric decryption
verify -- check signatures (boolean or iterable of keys,
see above) (default True)
filter_signatures -- if this function should filter out signatures
that are not completely OK (default True)
Returns:
plaintext -- the decrypted data (or None if sink is given)
@ -437,7 +443,7 @@ class Context(GpgmeWrapper):
results=results)
if do_sig_verification:
# filter out all invalid signatures
if filter_signatures:
verify_result.signatures = list(filter(lambda s: s.status == errors.NO_ERROR, verify_result.signatures))
if required_keys is not None:
missing = []