我用Python gnupg模块验证签名有问题.
使用此模块,我可以加密和签名文件:
gpg.encrypt_file(stream,encrypt_for,sign=sign_by,passphrase=key_passwd,output=file_out)这样的加密文件可以通过命令行gpg解密,输出:
gpg: encrypted with 2048-bit ELG-E key,ID 518CD1AD,created 2011-04-14 "clIEnt"gpg: Signature made 04/14/11 13:36:14 using DSA key ID C7C006DDgpg: Good signature from "server"它也可以通过Python gnupg模块解密,输出文件有解密内容,
但我无法验证签名.解密和验证的代码:
def decrypt_file(file_in,file_out,key_passwd): gpg = gnupg.GPG() f = open(file_in,"rb") data = f.read() f.close() gpg.decrypt(data,output=file_out) verifIEd = gpg.verify(data) if not verifIEd: raise ValueError("Signature Could not be verifIEd!")我得到的例外:
decrypting file...Exception in thread Thread-12:Traceback (most recent call last): file "c:\Python26\lib\threading.py",line 534,in __bootstrap_inner self.run() file "c:\Python26\lib\threading.py",line 486,in run self.__target(*self.__args,**self.__kwargs) file "c:\Python26\lib\site-packages\gnupg.py",line 202,in _read_response result.handle_status(keyword,value) file "c:\Python26\lib\site-packages\gnupg.py",line 731,in handle_status raise ValueError("UnkNown status message: %r" % key)ValueError: UnkNown status message: u'UNEXPECTED'Traceback (most recent call last): file "ht_gnupg.py",line 32,in 我使用来自python-gnupg-0.2.7.win32.exe的gnupg-0.2.7和ActiveStatus Python 2.6.
我也试过gpg.verify_file()但是我得到了同样的错误.文件是ASCII装甲,看起来像:
-----BEGIN PGP MESSAGE-----Version: GnuPG v1.4.9 (MingW32)hQIOA0EAndRRjNGtEAf/YxMQaFMnBwT3Per6ypoMYaO1AKQikRgJJMJ90a/EoZ44...=G6Ai-----END PGP MESSAGE-----如何验证命令行gpg的签名?最佳答案有关示例脚本的信息,请参阅this gist,其中显示了解密时如何验证签名.
代码(截至2011-04-05)如下:
from cStringIO import StringIOimport gnupgimport loggingimport osimport shutildef generate_key(gpg,first_name,last_name,domain,passphrase=None): "Generate a key" params = { 'Key-Type': 'DSA','Key-Length': 1024,'Subkey-Type': 'ELG-E','Subkey-Length': 2048,'name-Comment': 'A test user','Expire-Date': 0,} params['name-Real'] = '%s %s' % (first_name,last_name) params['name-Email'] = ("%s.%s@%s" % (first_name,domain)).lower() if passphrase is None: passphrase = ("%s%s" % (first_name[0],last_name)).lower() params['Passphrase'] = passphrase cmd = gpg.gen_key_input(**params) return gpg.gen_key(cmd)def init_logging(): logging.basicConfig(level=logging.DEBUG,filename="gpg.log",filemode="w",format="%(asctime)s %(levelname)-5s %(name)-10s %(threadname)-10s %(message)s")def print_info(decrypted): print('User name: %s' % decrypted.username) print('Key ID: %s' % decrypted.key_ID) print('Signature ID: %s' % decrypted.signature_ID) #print('Signature timestamp: %s' % decrypted.sig_timestamp) print('Fingerprint: %s' % decrypted.fingerprint)def main(): init_logging() if os.path.exists('keys'): shutil.rmtree('keys') gpg = gnupg.GPG(gnupghome='keys') key = generate_key(gpg,"Andrew","Able","Alpha.com",passphrase="andy") andrew = key.fingerprint key = generate_key(gpg,"barbara","brown","beta.com") barbara = key.fingerprint #First - without signing data = 'top secret' encrypted = gpg.encrypt_file(StringIO(data),barbara,#sign=andrew,passphrase='andy',output='encrypted.txt') assert encrypted.status == 'encryption ok' # Data is in encrypted.txt. Read it in and verify/decrypt it. data = open('encrypted.txt','r').read() decrypted = gpg.decrypt(data,passphrase='bbrown',output='decrypted.txt') print_info(decrypted) #Now with signing data = 'top secret' encrypted = gpg.encrypt_file(StringIO(data),sign=andrew,output='decrypted.txt') print_info(decrypted)if __name__ == '__main__': main()以上是内存溢出为你收集整理的如何用Python gnupg模块验证gnupg签名?全部内容,希望文章能够帮你解决如何用Python gnupg模块验证gnupg签名?所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)