diff options
| author | Jasper Spaans <[email protected]> | 2021-02-09 10:29:07 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2021-06-24 16:09:55 +0000 |
| commit | 14b148b7d34038fac863ab882de29c6d35d425f1 (patch) | |
| tree | adf43ad84edc0709fcaf39ceb8d6bc59cbfa080b /lang/python/src | |
| parent | qt: Extend SignKeyJob to create signatures with expiration date (diff) | |
| download | gpgme-14b148b7d34038fac863ab882de29c6d35d425f1.tar.gz gpgme-14b148b7d34038fac863ab882de29c6d35d425f1.zip | |
python: Allow returning signatures made by unknown keys in `decrypt`
--
This functionality got dropped somewhere after 1.12, as part of the
cleanup of the `Context.decrypt` call signature. Reintroduce it again,
now using an explicit keyword argument `filter_signatures` (which
defaults to hiding signatures by unknown keys).
GnuPG-bug-id: 5292
Diffstat (limited to 'lang/python/src')
| -rw-r--r-- | lang/python/src/core.py | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/lang/python/src/core.py b/lang/python/src/core.py index 5e57e4a0..9618adcf 100644 --- a/lang/python/src/core.py +++ b/lang/python/src/core.py @@ -342,7 +342,7 @@ class Context(GpgmeWrapper): return self.__read__(sink, ciphertext), result, sig_result - def decrypt(self, ciphertext, sink=None, passphrase=None, verify=True): + def decrypt(self, ciphertext, sink=None, passphrase=None, verify=True, filter_signatures=True): """Decrypt data Decrypt the given ciphertext and verify any signatures. If @@ -354,6 +354,10 @@ class Context(GpgmeWrapper): signatures are required and no MissingSignatures error will be raised). + The filter_signatures argument can be used to force this + function to return signatures that are not fully trusted - for + example because they were made by unknown keys. + If the ciphertext is symmetrically encrypted using a passphrase, that passphrase can be given as parameter, using a callback registered at the context, or out-of-band via @@ -364,6 +368,8 @@ class Context(GpgmeWrapper): passphrase -- for symmetric decryption verify -- check signatures (boolean or iterable of keys, see above) (default True) + filter_signatures -- if this function should filter out signatures + that are not completely OK (default True) Returns: plaintext -- the decrypted data (or None if sink is given) @@ -437,8 +443,8 @@ class Context(GpgmeWrapper): results=results) if do_sig_verification: - # filter out all invalid signatures - verify_result.signatures = list(filter(lambda s: s.status == errors.NO_ERROR, verify_result.signatures)) + if filter_signatures: + verify_result.signatures = list(filter(lambda s: s.status == errors.NO_ERROR, verify_result.signatures)) if required_keys is not None: missing = [] for key in required_keys: |