Closed vsoch closed 3 years ago
techge
commented
3 years ago As far as I can see that would need to have some kind of key store or you would at least need to be able to provide the public part of the key that signed the file. This is not implemented in this lib afaik and does not match the use case either imho.
vsoch
commented
3 years ago okay, so what if I had the public key that signed the file. It would still be hard / not in scope of this library?
techge
commented
3 years ago Exactly. This library is about parsing keys, not signed/encrypted data. You can use gpgme for that, but be aware that it is a bit... well it is not that well supported/maintained imho. For most things it is working fine though, especially verifying signed data should be feasible.
vsoch
commented
3 years ago Yeah I know, I was just hoping to find some understandable example or documentation (beyond the original code) for how the process works.
Thanks for your help, I appreciate it!
techge
commented
3 years ago @vsoch in the source folder of gpgme are example files (in the python subfolder). These helped me a lot in the past!
vsoch
commented
3 years ago Ah thank you! I will check them out!
vsoch
commented
3 years ago @techge do you have a link? I don’t see a Python subfolder anywhere here: https://github.com/gpg/gpgme. Should I look at older releases, possibly it was removed?
Hi! Do you have an example for how this library could be used to verify a signed key? E.g., if I have a file, I can sign it:
And that produces
tacos.txt.gpg, which I could load packets for and see several blocks:I was actually looking at a gist that is conceptually similar to the library here. But I'm interested in reading the packets and then verifying, but I'm having trouble finding a good example of doing that (the RFC document isn't super helpful because it's all pretty abstract). Thanks for your help!