我在使用python gnupg模块进行验证签名时遇到问题。
使用此模块,我可以对文件进行加密和签名:
gpg.encrypt_file(stream, encrypt_for, sign=sign_by, passphrase=key_passwd, output=file_out)
这样的加密文件可以通过命令行
gpg解密,输出:gpg: encrypted with 2048-bit ELG-E key, ID 518CD1AD, created 2011-04-14
"client"
gpg: Signature made 04/14/11 13:36:14 using DSA key ID C7C006DD
gpg: Good signature from "server"
它也可以由Python
gnupg模块解密,输出文件具有解密的内容,但我无法验证签名。解密和验证的代码:
def decrypt_file(file_in, file_out, key_passwd):
gpg = gnupg.GPG()
f = open(file_in, "rb")
data = f.read()
f.close()
gpg.decrypt(data, passphrase=key_passwd, output=file_out)
verified = gpg.verify(data)
if not verified:
raise ValueError("Signature could not be verified!")
我得到的异常(exception):
decrypting file...
Exception in thread Thread-12:
Traceback (most recent call last):
File "c:\Python26\lib\threading.py", line 534, in __bootstrap_inner
self.run()
File "c:\Python26\lib\threading.py", line 486, in run
self.__target(*self.__args, **self.__kwargs)
File "c:\Python26\lib\site-packages\gnupg.py", line 202, in _read_response
result.handle_status(keyword, value)
File "c:\Python26\lib\site-packages\gnupg.py", line 731, in handle_status
raise ValueError("Unknown status message: %r" % key)
ValueError: Unknown status message: u'UNEXPECTED'
Traceback (most recent call last):
File "ht_gnupg.py", line 32, in <module>
test()
File "ht_gnupg.py", line 27, in test
decrypt_file('test_p.enc', 'test_p.txt', 'client')
File "ht_gnupg.py", line 18, in decrypt_file
raise ValueError("Signature could not be verified!")
ValueError: Signature could not be verified!
我在ActiveStatus Python 2.6中使用了
gnupg-0.2.7中的python-gnupg-0.2.7.win32.exe。我也尝试了
gpg.verify_file(),但是遇到了同样的错误。文件是ASCII铠装的,看起来像:-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.9 (MingW32)
hQIOA0EAndRRjNGtEAf/YxMQaFMnBwT3Per6ypoMYaO1AKQikRgJJMJ90a/EoZ44
...
=G6Ai
-----END PGP MESSAGE-----
如何验证签名,例如命令行
gpg? 最佳答案
有关示例脚本,请参阅this gist,该脚本显示了如何在解密时验证签名。
代码(截至2011-04-05)如下:
from cStringIO import StringIO
import gnupg
import logging
import os
import shutil
def generate_key(gpg, first_name, last_name, domain, passphrase=None):
"Generate a key"
params = {
'Key-Type': 'DSA',
'Key-Length': 1024,
'Subkey-Type': 'ELG-E',
'Subkey-Length': 2048,
'Name-Comment': 'A test user',
'Expire-Date': 0,
}
params['Name-Real'] = '%s %s' % (first_name, last_name)
params['Name-Email'] = ("%s.%s@%s" % (first_name, last_name, domain)).lower()
if passphrase is None:
passphrase = ("%s%s" % (first_name[0], last_name)).lower()
params['Passphrase'] = passphrase
cmd = gpg.gen_key_input(**params)
return gpg.gen_key(cmd)
def init_logging():
logging.basicConfig(level=logging.DEBUG, filename="gpg.log",
filemode="w", format="%(asctime)s %(levelname)-5s %(name)-10s %(threadName)-10s %(message)s")
def print_info(decrypted):
print('User name: %s' % decrypted.username)
print('Key id: %s' % decrypted.key_id)
print('Signature id: %s' % decrypted.signature_id)
#print('Signature timestamp: %s' % decrypted.sig_timestamp)
print('Fingerprint: %s' % decrypted.fingerprint)
def main():
init_logging()
if os.path.exists('keys'):
shutil.rmtree('keys')
gpg = gnupg.GPG(gnupghome='keys')
key = generate_key(gpg, "Andrew", "Able", "alpha.com",
passphrase="andy")
andrew = key.fingerprint
key = generate_key(gpg, "Barbara", "Brown", "beta.com")
barbara = key.fingerprint
#First - without signing
data = 'Top secret'
encrypted = gpg.encrypt_file(StringIO(data), barbara,
#sign=andrew, passphrase='andy',
output='encrypted.txt')
assert encrypted.status == 'encryption ok'
# Data is in encrypted.txt. Read it in and verify/decrypt it.
data = open('encrypted.txt', 'r').read()
decrypted = gpg.decrypt(data, passphrase='bbrown', output='decrypted.txt')
print_info(decrypted)
#Now with signing
data = 'Top secret'
encrypted = gpg.encrypt_file(StringIO(data), barbara,
sign=andrew, passphrase='andy',
output='encrypted.txt')
assert encrypted.status == 'encryption ok'
# Data is in encrypted.txt. Read it in and verify/decrypt it.
data = open('encrypted.txt', 'r').read()
decrypted = gpg.decrypt(data, passphrase='bbrown', output='decrypted.txt')
print_info(decrypted)
if __name__ == '__main__':
main()
关于python - 如何使用Python gnupg模块验证gnupg签名?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/5673255/