def verify_gpg_signature(f): gpg = GPG(homedir='~/.gnupg') # search public key 0x90C8019E36C2E964 bitcoin_core_pgp_key_found = False keys = gpg.list_keys() for key in keys: if key['keyid'] == '90C8019E36C2E964': bitcoin_core_pgp_key_found = True if not bitcoin_core_pgp_key_found == True: print( '* Warning: bitcoin-core GPG key not found, trying to find and import...' ) import_key = gpg.recv_keys('90C8019E36C2E964', keyserver='hkp://pool.sks-keyservers.net') print('* Status: ' + import_key.summary()) print('* Fingerprint: ' + import_key.fingerprints[0]) with open(f) as fi: verif = gpg.verify_file(fi) print('* Verifying ' + f + ': ' + verif.status) if not verif.valid: print('* Impossible to compare checksums, quitting!') return verif.valid
def gpg_verify(gpg_signature, filename): """ Verify that the signature is valid for the content of the filename """ gpg_sign_stream = BytesIO(gpg_signature) gpg_keyring_fn = join(realpath(dirname(__file__)), "trusted", "keyring.gpg") gpg = GPG(keyring=gpg_keyring_fn) return gpg.verify_file(gpg_sign_stream, filename)
def _verify(self, message): log.debug(str(message)) datafile = mkstemp()[1] sigfile = datafile + ".asc" try: with open(datafile, 'w') as data: signed_part = message.get_payload(0) data.write( "\r\n".join(str(signed_part).splitlines()[1:]) + "\r\n") with open(sigfile, 'w') as signature: signature_part = message.get_payload(1) signature.write( "\r\n".join(str(signature_part).splitlines()[1:]) + "\r\n") gpg = GPG(gnupghome=settings.GNUPG_HOMEDIR) with open(sigfile, 'rb') as signature_data: verified = gpg.verify_file( signature_data, data_filename=datafile) self.assertTrue(verified.valid) finally: os.unlink(datafile) os.unlink(sigfile)
def _verify_gpg(gpg: GPG, datafile, signature_file): # this requires gnupg installed in the system with open(signature_file, "rb") as fh: return gpg.verify_file(fh, data_filename=datafile)