Add support for testing the integrity of a PGP Public key

singpolyma / OpenPGP-Python

A port of OpenPGP-PHP to Python

ISC License

34 stars 8 forks source link

Add support for testing the integrity of a PGP Public key #3

Closed fpietrosanti closed 9 years ago

fpietrosanti commented 10 years ago

As far as i understand currently OpenPGP-Python does not support validation of the integrity a public PGP key.

It would be very useful to add support capability to verify the integrity of a public PGP key, to be used before trying to use it as a public key for encryption as per #2 .

That would be useful as a step to make it suitable with GlobaLeaks as a Python-GnuPG replacement https://github.com/globaleaks/GlobaLeaks/issues/860

singpolyma commented 10 years ago

If you look in tests/test_Crypto.py especially testHelloKey there are tests for key verification. If by "integrity" you mean verifying signatures on the key, that's what that stuff is about.

fpietrosanti commented 10 years ago

@singpolyma Well, currently in GlobaLeaks a receiver can "import" it's own PGP Public Key (being ascii armored or binary).

GlobaLeaks software does a validation (at import stage) by verifying two things:

Test import into the PGP keyring (fully delegate to GnuPG the integrity verification, if it's imported, it works)
Check that the public key is not expired

So i expect that in OpenPGP-Python we should have a couple a functionalities with something like:

check_public_key_integrity()
check_public_key_expiry_time()

What do you think?

singpolyma commented 10 years ago

Ah, ok, so just checking the self-sig, and then checking that the key expiry time on it is not before now. I can add an example for that use case.

singpolyma commented 10 years ago

Does this handle your use case: https://github.com/singpolyma/OpenPGP-Python/blob/master/examples/verifykey.py ?

fpietrosanti commented 10 years ago

@singpolyma For me it seems ok, it's likely that GnuPG does some similar check when trying to import a key.

@evilaliv3 @vecna @hellais Do you have any suggestions regarding the key verification steps to be done before importing a Public Key?

fpietrosanti commented 10 years ago

@singpolyma Does OpenPGP-Python support parsing both ascii armored PGP public key and binary PGP public key?

singpolyma commented 10 years ago

@fpietrosanti Looks like that hasn't been ported in yet, I've opened that as #8

singpolyma commented 10 years ago

With the exception of ASCII-armour (which is a seperate issue that has been opened) -- is this issue resolved?