isislovecruft / python-gnupg

A modified version of python-gnupg, including security patches, extensive documentation, and extra features.
Other
424 stars 172 forks source link

No difference when signing encrypted byte data with binary=True and binary=False #180

Open Pavitheran opened 7 years ago

Pavitheran commented 7 years ago

I am trying to sign some encrypted unarmored data. I want the result to be a raw byte string (unarmored) of the signed encrypted data.

gpg = GPG(homedir="/path/to/homedir")

binary_signed = gpg.sign(encrypted_data, default_key=key_id, passphrase=passphrase, clearsign=True, binary=True)

not_binary_signed = gpg.sign(encrypted_data, default_key=key_id, passphrase=passphrase, clearsign=True, binary=False)

binary_signed.data == not_binary_signed.data

It seems like the binary option of gpg.sign does nothing. Am I using it wrong or is this a bug in gnupg?

I am on version 2.2.0 of python-gnupg.

ghost commented 7 years ago

I had this issue too, having read the code I found clearsign must be set to False. If clearsign is True it will not be detached or un-armoured.

if clearsign:
    args.append("--clearsign")
    if detach:
        log.warn("Cannot use both --clearsign and --detach-sign.")
        log.warn("Using default GPG behaviour: --clearsign only.")
elif detach and not clearsign:
    args.append("--detach-sign")
kristovatlas commented 6 years ago

Thanks @grobinson-blockchain! :)