def verify_gpg_signature(f):
gpg = GPG(homedir='~/.gnupg')
# search public key 0x90C8019E36C2E964
bitcoin_core_pgp_key_found = False
keys = gpg.list_keys()
for key in keys:
if key['keyid'] == '90C8019E36C2E964':
bitcoin_core_pgp_key_found = True
if not bitcoin_core_pgp_key_found == True:
print(
'* Warning: bitcoin-core GPG key not found, trying to find and import...'
)
import_key = gpg.recv_keys('90C8019E36C2E964',
keyserver='hkp://pool.sks-keyservers.net')
print('* Status: ' + import_key.summary())
print('* Fingerprint: ' + import_key.fingerprints[0])
with open(f) as fi:
verif = gpg.verify_file(fi)
print('* Verifying ' + f + ': ' + verif.status)
if not verif.valid:
print('* Impossible to compare checksums, quitting!')
return verif.valid
def gpg_verify(gpg_signature, filename):
""" Verify that the signature is valid for the content of the filename """
gpg_sign_stream = BytesIO(gpg_signature)
gpg_keyring_fn = join(realpath(dirname(__file__)), "trusted",
"keyring.gpg")
gpg = GPG(keyring=gpg_keyring_fn)
return gpg.verify_file(gpg_sign_stream, filename)
def _verify(self, message):
log.debug(str(message))
datafile = mkstemp()[1]
sigfile = datafile + ".asc"
try:
with open(datafile, 'w') as data:
signed_part = message.get_payload(0)
data.write(
"\r\n".join(str(signed_part).splitlines()[1:]) + "\r\n")
with open(sigfile, 'w') as signature:
signature_part = message.get_payload(1)
signature.write(
"\r\n".join(str(signature_part).splitlines()[1:]) + "\r\n")
gpg = GPG(gnupghome=settings.GNUPG_HOMEDIR)
with open(sigfile, 'rb') as signature_data:
verified = gpg.verify_file(
signature_data, data_filename=datafile)
self.assertTrue(verified.valid)
finally:
os.unlink(datafile)
os.unlink(sigfile)
def _verify_gpg(gpg: GPG, datafile, signature_file):
# this requires gnupg installed in the system
with open(signature_file, "rb") as fh:
return gpg.verify_file(fh, data_filename=datafile)
