Closed bwbroersma closed 1 year ago
We attempted to use the GNUPG function mentioned in your issue. For this we tested python-gnupg, a wrapper for GnuPG. However for this the binary would need to be installed if you use this package. We did find a replacement module, PGPy Python library for implementing Pretty Good Privacy into Python programs, conforming to the OpenPGP specification per RFC 4880. This package will detect any issue with the pgp message or the data within without decrypting the message.
To prevent an invalid PGP signature like to pass, like:
54
55
The data could be passed to gpg to validate the form of the signature data. E.g. an invalid escape like listed in #54 would produce:
While a parsable message results in:
Even the signature date could be checked for: