个人中心
gpt4 book ai didi

python - 如何使用 Python gnupg 模块验证 gnupg 签名?

转载 作者:太空狗 更新时间:2023-10-30 01:17:18 26 4
gpt4 key购买 nike

我在使用 Python gnupg 模块验证签名时遇到问题。使用此模块,我可以加密和签署文件:

gpg.encrypt_file(stream, encrypt_for, sign=sign_by, passphrase=key_passwd, output=file_out)

这样的加密文件可以通过命令行gpg解密,输出:

gpg: encrypted with 2048-bit ELG-E key, ID 518CD1AD, created 2011-04-14
            "client"
gpg: Signature made 04/14/11 13:36:14 using DSA key ID C7C006DD
gpg: Good signature from "server"

也可以用Python gnupg模块解密,输出文件有解密内容,但我无法验证签名。解密验证代码:

def decrypt_file(file_in, file_out, key_passwd):
    gpg = gnupg.GPG()
    f = open(file_in, "rb")
    data = f.read()
    f.close()
    gpg.decrypt(data, passphrase=key_passwd, output=file_out)
    verified = gpg.verify(data)
    if not verified:
        raise ValueError("Signature could not be verified!")

我得到的异常:

decrypting file...
Exception in thread Thread-12:
Traceback (most recent call last):
    File "c:\Python26\lib\threading.py", line 534, in __bootstrap_inner
        self.run()
    File "c:\Python26\lib\threading.py", line 486, in run
        self.__target(*self.__args, **self.__kwargs)
    File "c:\Python26\lib\site-packages\gnupg.py", line 202, in _read_response
        result.handle_status(keyword, value)
    File "c:\Python26\lib\site-packages\gnupg.py", line 731, in handle_status
        raise ValueError("Unknown status message: %r" % key)
ValueError: Unknown status message: u'UNEXPECTED'

Traceback (most recent call last):
    File "ht_gnupg.py", line 32, in <module>
        test()
    File "ht_gnupg.py", line 27, in test
        decrypt_file('test_p.enc', 'test_p.txt', 'client')
    File "ht_gnupg.py", line 18, in decrypt_file
        raise ValueError("Signature could not be verified!")
ValueError: Signature could not be verified!

我使用 python-gnupg-0.2.7.win32.exe 中的 gnupg-0.2.7 和 ActiveStatus Python 2.6。

我也试过 gpg.verify_file() 但我得到了同样的错误。文件是 ASCII 装甲的,看起来像:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.9 (MingW32)

hQIOA0EAndRRjNGtEAf/YxMQaFMnBwT3Per6ypoMYaO1AKQikRgJJMJ90a/EoZ44
...
=G6Ai
-----END PGP MESSAGE-----

如何像命令行gpg一样验证签名?

最佳答案

参见 this gist示例脚本向您展示了如何在解密时验证签名。

代码(截至 2011-04-05)如下:

from cStringIO import StringIO
import gnupg
import logging
import os
import shutil

def generate_key(gpg, first_name, last_name, domain, passphrase=None):
    "Generate a key"
    params = {
        'Key-Type': 'DSA',
        'Key-Length': 1024,
        'Subkey-Type': 'ELG-E',
        'Subkey-Length': 2048,
        'Name-Comment': 'A test user',
        'Expire-Date': 0,
    }
    params['Name-Real'] = '%s %s' % (first_name, last_name)
    params['Name-Email'] = ("%s.%s@%s" % (first_name, last_name, domain)).lower()
    if passphrase is None:
        passphrase = ("%s%s" % (first_name[0], last_name)).lower()
    params['Passphrase'] = passphrase
    cmd = gpg.gen_key_input(**params)
    return gpg.gen_key(cmd)

def init_logging():
    logging.basicConfig(level=logging.DEBUG, filename="gpg.log",
                        filemode="w", format="%(asctime)s %(levelname)-5s %(name)-10s %(threadName)-10s %(message)s")

def print_info(decrypted):
    print('User name: %s' % decrypted.username)
    print('Key id: %s' % decrypted.key_id)
    print('Signature id: %s' % decrypted.signature_id)
    #print('Signature timestamp: %s' % decrypted.sig_timestamp)
    print('Fingerprint: %s' % decrypted.fingerprint)

def main():
    init_logging()
    if os.path.exists('keys'):
        shutil.rmtree('keys')
    gpg = gnupg.GPG(gnupghome='keys')
    key = generate_key(gpg, "Andrew", "Able", "alpha.com",
                            passphrase="andy")
    andrew = key.fingerprint
    key = generate_key(gpg, "Barbara", "Brown", "beta.com")
    barbara = key.fingerprint
    #First - without signing
    data = 'Top secret'
    encrypted = gpg.encrypt_file(StringIO(data), barbara,
                                 #sign=andrew, passphrase='andy',
                                 output='encrypted.txt')
    assert encrypted.status == 'encryption ok'
    # Data is in encrypted.txt. Read it in and verify/decrypt it.
    data = open('encrypted.txt', 'r').read()
    decrypted = gpg.decrypt(data, passphrase='bbrown', output='decrypted.txt')
    print_info(decrypted)
    #Now with signing
    data = 'Top secret'
    encrypted = gpg.encrypt_file(StringIO(data), barbara,
                                 sign=andrew, passphrase='andy',
                                 output='encrypted.txt')
    assert encrypted.status == 'encryption ok'
    # Data is in encrypted.txt. Read it in and verify/decrypt it.
    data = open('encrypted.txt', 'r').read()
    decrypted = gpg.decrypt(data, passphrase='bbrown', output='decrypted.txt')
    print_info(decrypted)

if __name__ == '__main__':
    main()

关于python - 如何使用 Python gnupg 模块验证 gnupg 签名?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5673255/

26 4 0
文章推荐: python - M2crypto 签名 "algorithm"
文章推荐: c# - 在 ASP.NET 5 (MVC 6) 中使用 session
文章推荐: python - 使用客户端证书的自定义 urllib 开启器
文章推荐: Python 代码缩短
太空狗
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com