From f0063afa71bc7e71f19d174acc2fde26f0c11850 Mon Sep 17 00:00:00 2001
From: Ben McGinnes <ben@adversary.org>
Date: Tue, 15 May 2018 13:13:16 +1000
Subject: docs: python bindings HOWTO - DITA XML version

* Due to the org-babel bug which breaks Python source code examples
  beyond the most simple snippets, ported the HOWTO to a source format
  which I *know* for sure won't break it.
* Details of the org-mode bug is in https://dev.gnupg.org/T3977
* DITA project uses DITA-OT 2.x (2.4 or 2.5, IIRC) with support for DITA 1.3.
* source files were written with oXygenXML Editor 20.0, hence the
  oXygenXML project file in the directory; however only the .ditamap
  and .dita files are required to generate any output with the
  DITA-OT.

Signed-off-by: Ben McGinnes <ben@adversary.org>
---
 .../docs/dita/howto/part04/verification.dita       | 150 +++++++++++++++++++++
 1 file changed, 150 insertions(+)
 create mode 100644 lang/python/docs/dita/howto/part04/verification.dita

(limited to 'lang/python/docs/dita/howto/part04/verification.dita')

diff --git a/lang/python/docs/dita/howto/part04/verification.dita b/lang/python/docs/dita/howto/part04/verification.dita
new file mode 100644
index 00000000..d50482a8
--- /dev/null
+++ b/lang/python/docs/dita/howto/part04/verification.dita
@@ -0,0 +1,150 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE dita PUBLIC "-//OASIS//DTD DITA Composite//EN" "ditabase.dtd">
+<dita>
+    <topic id="topic_p3g_yqy_5db">
+        <title>Signature Verification</title>
+        <body>
+            <p>Essentially there are two principal methods of verification of a signature. The first
+        of these is for use with the normal or default signing method and for clear-signed messages.
+        The second is for use with files and data with detached signatures.</p>
+      <p>The following example is intended for use with the default signing method where the file
+        was not ASCII armoured:</p>
+      <p>
+        <codeblock id="verify-1" outputclass="language-python">import gpg
+import time
+
+filename = "statement.txt"
+gpg_file = "statement.txt.gpg"
+
+c = gpg.Context()
+
+try:
+    data, result = c.verify(open(gpg_file))
+    verified = True
+except gpg.errors.BadSignatures as e:
+    verified = False
+    print(e)
+
+if verified is True:
+    for i in range(len(result.signatures)):
+        sign = result.signatures[i]
+        print("""Good signature from:
+{0}
+with key {1}
+made at {2}
+""".format(c.get_key(sign.fpr).uids[0].uid,
+           sign.fpr, time.ctime(sign.timestamp)))
+else:
+    pass
+</codeblock>
+      </p>
+      <p>Whereas this next example, which is almost identical would work with normal ASCII armoured
+        files and with clear-signed files:</p>
+      <p>
+        <codeblock id="verify-2" outputclass="language-python">import gpg
+import time
+
+filename = "statement.txt"
+asc_file = "statement.txt.asc"
+
+c = gpg.Context()
+
+try:
+    data, result = c.verify(open(asc_file))
+    verified = True
+except gpg.errors.BadSignatures as e:
+    verified = False
+    print(e)
+
+if verified is True:
+    for i in range(len(result.signatures)):
+        sign = result.signatures[i]
+        print("""Good signature from:
+{0}
+with key {1}
+made at {2}
+""".format(c.get_key(sign.fpr).uids[0].uid,
+           sign.fpr, time.ctime(sign.timestamp)))
+else:
+    pass
+</codeblock>
+      </p>
+      <p>In both of the previous examples it is also possible to compare the original data that was
+        signed against the signed data in <codeph>data</codeph> to see if it matches with something
+        like this:</p>
+      <p>
+        <codeblock id="verify-3" outputclass="language-python">with open(filename, "rb") as afile:
+    text = afile.read()
+
+if text == data:
+    print("Good signature.")
+else:
+    pass
+</codeblock>
+      </p>
+      <p>The following two examples, however, deal with detached signatures. With his method of
+        verification the data that was signed does not get returned since it is already being
+        explicitly referenced in the first argument of <codeph>c.verify</codeph>. So
+          <codeph>data</codeph> is <codeph>None</codeph> and only the information in
+          <codeph>result</codeph> is available.</p>
+      <p>
+        <codeblock id="verify-4" outputclass="language-python">import gpg
+import time
+
+filename = "statement.txt"
+sig_file = "statement.txt.sig"
+
+c = gpg.Context()
+
+try:
+    data, result = c.verify(open(filename), open(sig_file))
+    verified = True
+except gpg.errors.BadSignatures as e:
+    verified = False
+    print(e)
+
+if verified is True:
+    for i in range(len(result.signatures)):
+        sign = result.signatures[i]
+        print("""Good signature from:
+{0}
+with key {1}
+made at {2}
+""".format(c.get_key(sign.fpr).uids[0].uid,
+           sign.fpr, time.ctime(sign.timestamp)))
+else:
+    pass
+</codeblock>
+      </p>
+      <p>
+        <codeblock id="verify-5" outputclass="language-python">import gpg
+import time
+
+filename = "statement.txt"
+asc_file = "statement.txt.asc"
+
+c = gpg.Context()
+
+try:
+    data, result = c.verify(open(filename), open(asc_file))
+    verified = True
+except gpg.errors.BadSignatures as e:
+    verified = False
+    print(e)
+
+if verified is not None:
+    for i in range(len(result.signatures)):
+        sign = result.signatures[i]
+        print("""Good signature from:
+{0}
+with key {1}
+made at {2}
+""".format(c.get_key(sign.fpr).uids[0].uid,
+           sign.fpr, time.ctime(sign.timestamp)))
+else:
+    pass
+</codeblock>
+      </p>
+        </body>
+    </topic>
+</dita>
-- 
cgit v1.2.3