search

vsajip / python-gnupg

A Python API for the GNU Privacy Guard (GnuPG). Encrypt, decrypt, sign and verify your data using Python! N.B. This repository has been migrated from Mercurial on 2019-11-16, so references to commits before this date will refer to the Mercurial source and not this Git repository. The migration is marked by a commit that adds a .gitignore file.
https://docs.red-dove.com/python-gnupg/
Other
107 stars 29 forks source link

A new method for verifying detached signatures #241

Closed FFY-HIT closed 3 weeks ago

FFY-HIT commented 2 months ago

Is your feature request related to a problem? Please describe. I'm always frustrated when verifying with a signature and data both in memory.

Describe the solution you'd like I think it's a good idea to create a method that can solve this problem , such as a method named gpg.verify_rawdata(signature, data). signature and data are both byte string .

Additional context I hope that you can adopt my suggestion and it will be realized soon, thank you.

vsajip commented 4 weeks ago

Unfortunately, the way GnuPG verifies a detached signature is through the command line

$ gpg --verify doc.sig doc

See the section entitled "Detached signatures" in this page in the GnuPG documentation.

This means that to implement your requirement, the signature would need to be written to file from memory anyway. I suggest you either add a helper function to do this, or subclass GPG and add your method there. I don't think this is a sufficiently common use case to have a method added in the base library - detached signatures are usually sent around as files along with the content they sign.