1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE dita PUBLIC "-//OASIS//DTD DITA Composite//EN" "ditabase.dtd">
<dita xml:lang="en-GB">
<topic id="topic_p3g_yqy_5db">
<title>Signature Verification</title>
<body>
<p>Essentially there are two principal methods of verification of a signature. The first
of these is for use with the normal or default signing method and for clear-signed messages.
The second is for use with files and data with detached signatures.</p>
<p>The following example is intended for use with the default signing method where the file
was not ASCII armoured:</p>
<p>
<codeblock id="verify-1" outputclass="language-python">import gpg
import time
filename = "statement.txt"
gpg_file = "statement.txt.gpg"
c = gpg.Context()
try:
data, result = c.verify(open(gpg_file))
verified = True
except gpg.errors.BadSignatures as e:
verified = False
print(e)
if verified is True:
for i in range(len(result.signatures)):
sign = result.signatures[i]
print("""Good signature from:
{0}
with key {1}
made at {2}
""".format(c.get_key(sign.fpr).uids[0].uid,
sign.fpr, time.ctime(sign.timestamp)))
else:
pass
</codeblock>
</p>
<p>Whereas this next example, which is almost identical would work with normal ASCII armoured
files and with clear-signed files:</p>
<p>
<codeblock id="verify-2" outputclass="language-python">import gpg
import time
filename = "statement.txt"
asc_file = "statement.txt.asc"
c = gpg.Context()
try:
data, result = c.verify(open(asc_file))
verified = True
except gpg.errors.BadSignatures as e:
verified = False
print(e)
if verified is True:
for i in range(len(result.signatures)):
sign = result.signatures[i]
print("""Good signature from:
{0}
with key {1}
made at {2}
""".format(c.get_key(sign.fpr).uids[0].uid,
sign.fpr, time.ctime(sign.timestamp)))
else:
pass
</codeblock>
</p>
<p>In both of the previous examples it is also possible to compare the original data that was
signed against the signed data in <codeph>data</codeph> to see if it matches with something
like this:</p>
<p>
<codeblock id="verify-3" outputclass="language-python">with open(filename, "rb") as afile:
text = afile.read()
if text == data:
print("Good signature.")
else:
pass
</codeblock>
</p>
<p>The following two examples, however, deal with detached signatures. With his method of
verification the data that was signed does not get returned since it is already being
explicitly referenced in the first argument of <codeph>c.verify</codeph>. So
<codeph>data</codeph> is <codeph>None</codeph> and only the information in
<codeph>result</codeph> is available.</p>
<p>
<codeblock id="verify-4" outputclass="language-python">import gpg
import time
filename = "statement.txt"
sig_file = "statement.txt.sig"
c = gpg.Context()
try:
data, result = c.verify(open(filename), open(sig_file))
verified = True
except gpg.errors.BadSignatures as e:
verified = False
print(e)
if verified is True:
for i in range(len(result.signatures)):
sign = result.signatures[i]
print("""Good signature from:
{0}
with key {1}
made at {2}
""".format(c.get_key(sign.fpr).uids[0].uid,
sign.fpr, time.ctime(sign.timestamp)))
else:
pass
</codeblock>
</p>
<p>
<codeblock id="verify-5" outputclass="language-python">import gpg
import time
filename = "statement.txt"
asc_file = "statement.txt.asc"
c = gpg.Context()
try:
data, result = c.verify(open(filename), open(asc_file))
verified = True
except gpg.errors.BadSignatures as e:
verified = False
print(e)
if verified is not None:
for i in range(len(result.signatures)):
sign = result.signatures[i]
print("""Good signature from:
{0}
with key {1}
made at {2}
""".format(c.get_key(sign.fpr).uids[0].uid,
sign.fpr, time.ctime(sign.timestamp)))
else:
pass
</codeblock>
</p>
</body>
</topic>
</dita>
|
