如何用Python gnupg模块验证gnupg签名?

前端之家收集整理的这篇文章主要介绍了如何用Python gnupg模块验证gnupg签名?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

我用Python gnupg模块验证签名有问题.
使用此模块,我可以加密和签名文件

@H_403_6@gpg.encrypt_file(stream,encrypt_for,sign=sign_by,passphrase=key_passwd,output=file_out)

这样的加密文件可以通过命令行gpg解密,输出

@H_403_6@gpg: encrypted with 2048-bit ELG-E key,ID 518CD1AD,created 2011-04-14 "client" gpg: Signature made 04/14/11 13:36:14 using DSA key ID C7C006DD gpg: Good signature from "server"

它也可以通过Python gnupg模块解密,输出文件有解密内容,
但我无法验证签名.解密和验证的代码

@H_403_6@def decrypt_file(file_in,file_out,key_passwd): gpg = gnupg.GPG() f = open(file_in,"rb") data = f.read() f.close() gpg.decrypt(data,output=file_out) verified = gpg.verify(data) if not verified: raise ValueError("Signature could not be verified!")

我得到的例外:

@H_403_6@decrypting file... Exception in thread Thread-12: Traceback (most recent call last): File "c:\Python26\lib\threading.py",line 534,in __bootstrap_inner self.run() File "c:\Python26\lib\threading.py",line 486,in run self.__target(*self.__args,**self.__kwargs) File "c:\Python26\lib\site-packages\gnupg.py",line 202,in _read_response result.handle_status(keyword,value) File "c:\Python26\lib\site-packages\gnupg.py",line 731,in handle_status raise ValueError("Unknown status message: %r" % key) ValueError: Unknown status message: u'UNEXPECTED' Traceback (most recent call last): File "ht_gnupg.py",line 32,in

我使用来自python-gnupg-0.2.7.win32.exe的gnupg-0.2.7和ActiveStatus Python 2.6.

我也试过gpg.verify_file()但是我得到了同样的错误.文件是ASCII装甲,看起来像:

@H_403_6@-----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.9 (MingW32) hQIOA0EAndRRjNGtEAf/YxMQaFMnBwT3Per6ypoMYaO1AKQikRgJJMJ90a/EoZ44 ... =G6Ai -----END PGP MESSAGE-----

如何验证命令行gpg的签名?

最佳答案
有关示例脚本的信息,请参阅this gist,其中显示了解密时如何验证签名.

代码(截至2011-04-05)如下:

@H_403_6@from cStringIO import StringIO import gnupg import logging import os import shutil def generate_key(gpg,first_name,last_name,domain,passphrase=None): "Generate a key" params = { 'Key-Type': 'DSA','Key-Length': 1024,'Subkey-Type': 'ELG-E','Subkey-Length': 2048,'Name-Comment': 'A test user','Expire-Date': 0,} params['Name-Real'] = '%s %s' % (first_name,last_name) params['Name-Email'] = ("%s.%s@%s" % (first_name,domain)).lower() if passphrase is None: passphrase = ("%s%s" % (first_name[0],last_name)).lower() params['Passphrase'] = passphrase cmd = gpg.gen_key_input(**params) return gpg.gen_key(cmd) def init_logging(): logging.basicConfig(level=logging.DEBUG,filename="gpg.log",filemode="w",format="%(asctime)s %(levelname)-5s %(name)-10s %(threadName)-10s %(message)s") def print_info(decrypted): print('User name: %s' % decrypted.username) print('Key id: %s' % decrypted.key_id) print('Signature id: %s' % decrypted.signature_id) #print('Signature timestamp: %s' % decrypted.sig_timestamp) print('Fingerprint: %s' % decrypted.fingerprint) def main(): init_logging() if os.path.exists('keys'): shutil.rmtree('keys') gpg = gnupg.GPG(gnupghome='keys') key = generate_key(gpg,"Andrew","Able","alpha.com",passphrase="andy") andrew = key.fingerprint key = generate_key(gpg,"Barbara","Brown","beta.com") barbara = key.fingerprint #First - without signing data = 'Top secret' encrypted = gpg.encrypt_file(StringIO(data),barbara,#sign=andrew,passphrase='andy',output='encrypted.txt') assert encrypted.status == 'encryption ok' # Data is in encrypted.txt. Read it in and verify/decrypt it. data = open('encrypted.txt','r').read() decrypted = gpg.decrypt(data,passphrase='bbrown',output='decrypted.txt') print_info(decrypted) #Now with signing data = 'Top secret' encrypted = gpg.encrypt_file(StringIO(data),sign=andrew,output='decrypted.txt') print_info(decrypted) if __name__ == '__main__': main()

猜你在找的Python相关文章