diff options
| author | Ben McGinnes <[email protected]> | 2018-03-21 16:58:58 +0000 |
|---|---|---|
| committer | Ben McGinnes <[email protected]> | 2018-03-21 16:58:58 +0000 |
| commit | ad6cb4f9b8b97a2bc501c17fc542a84b725dedea (patch) | |
| tree | 8a370e85cc4331767322111637c8fd8d29ea6f2e /lang/python/examples/howto/verify-signatures.py | |
| parent | example: verify signed file (diff) | |
| download | gpgme-ad6cb4f9b8b97a2bc501c17fc542a84b725dedea.tar.gz gpgme-ad6cb4f9b8b97a2bc501c17fc542a84b725dedea.zip | |
example: verify signatures
* Added example for verifying detached signatures against the files
they're the signatures for.
Diffstat (limited to 'lang/python/examples/howto/verify-signatures.py')
| -rwxr-xr-x | lang/python/examples/howto/verify-signatures.py | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/lang/python/examples/howto/verify-signatures.py b/lang/python/examples/howto/verify-signatures.py new file mode 100755 index 00000000..8aafc3ba --- /dev/null +++ b/lang/python/examples/howto/verify-signatures.py @@ -0,0 +1,64 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, unicode_literals + +# Copyright (C) 2018 Ben McGinnes <[email protected]> +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU Lesser General Public License as published by the Free +# Software Foundation; either version 2.1 of the License, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License and the GNU +# Lesser General Public Licensefor more details. +# +# You should have received a copy of the GNU General Public License and the GNU +# Lesser General Public along with this program; if not, see +# <http://www.gnu.org/licenses/>. + +import gpg +import sys +import time + +""" +Verifies a signed file which has been signed with a detached signature. +""" + +if len(sys.argv) > 2: + filename = sys.argv[1] + sig_file = sys.argv[2] +elif len(sys.argv) == 2: + filename = sys.argv[1] + sig_file = input("Enter the path and filename of the detached signature: ") +else: + filename = input("Enter the path and filename to verify: ") + sig_file = input("Enter the path and filename of the detached signature: ") + +c = gpg.Context() + +try: + data, result = c.verify(open(filename), open(sig_file)) + verified = True +except gpg.errors.BadSignatures as e: + verified = False + print(e) + +if verified is True: + for i in range(len(result.signatures)): + sign = result.signatures[i] + print("""Good signature from: +{0} +with key {1} +made at {2} +""".format(c.get_key(sign.fpr).uids[0].uid, sign.fpr, + time.ctime(sign.timestamp))) +else: + pass |