playing with pygpgme

July 3, 2007

After a bit of pain and suffering trying to find some docs/examples for pygpgme I found the unittests which helped me know what it was I should be passing around to the various methods. Here is a simple verification script I put together to check detached and attached signatures:

import gpgme
import sys
import StringIO


sig = open(sys.argv[1], 'r')
if len(sys.argv) > 2:
    signed_text = open(sys.argv[2], 'r')
    plaintext = None
else:
    signed_text = None
    plaintext = StringIO.StringIO()
    
ctx = gpgme.Context()

try:
    sigs = ctx.verify(sig, signed_text, plaintext)
except gpgme.GpgmeError, e:
    print 'INVALID SIGNATURE - AWOOOOOOOOOGA'
else:    
    thissig = sigs[0]
    if thissig:
        print thissig.fpr
        if thissig.validity in (gpgme.VALIDITY_FULL, 
                            gpgme.VALIDITY_MARGINAL,
                            gpgme.VALIDITY_ULTIMATE):
            print 'trusted signature'                        
        else:
            print 'unsigned signature'
    

not too bad after a bit. Now to sort out imports and maybe even key handling.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: