def verify(self, signature, item): if self.key_id not in signature.issuer_key_ids: raise exceptions.SignatureVerificationFailed( 'Signature not made by this key.') if self.public_key_algorithm != signature.public_key_algorithm: raise exceptions.SignatureVerificationFailed( 'Signature not made by this key.') signature_values = signature.signature_values key_obj = self._get_key_obj() hash_ = utils.get_hash_instance(signature.hash_algorithm) hash_.update(item.to_signable_data(signature.signature_type, signature.version)) hash_.update(signature.to_signable_data(signature.signature_type, signature.version)) if hash_.digest()[:2] != signature.hash2: raise exceptions.SignatureVerificationFailed() if not utils.verify_hash(signature.public_key_algorithm, key_obj, hash_, signature_values): raise exceptions.SignatureVerificationFailed() return True
def verify(self, signature, item): if self.key_id not in signature.issuer_key_ids: raise exceptions.SignatureVerificationFailed( 'Signature not made by this key.') if self.public_key_algorithm != signature.public_key_algorithm: raise exceptions.SignatureVerificationFailed( 'Signature not made by this key.') signature_values = signature.signature_values key_obj = self._get_key_obj() hash_ = utils.get_hash_instance(signature.hash_algorithm) hash_.update( item.to_signable_data(signature.signature_type, signature.version)) hash_.update( signature.to_signable_data(signature.signature_type, signature.version)) if hash_.digest()[:2] != signature.hash2: raise exceptions.SignatureVerificationFailed() if not utils.verify_hash(signature.public_key_algorithm, key_obj, hash_, signature_values): raise exceptions.SignatureVerificationFailed() return True
def sign(self, item, version, signature_type, hash_algorithm, hashed_subpackets=None): if self.is_locked(): raise RuntimeError('Secret key must be unlocked before signing.') key_obj = self._get_key_obj() hash_ = utils.get_hash_instance(hash_algorithm) if isinstance(item, str): hash_.update(item.encode('utf8')) elif isinstance(item, bytes): hash_.update(item) else: hash_.update(item.to_signable_data(signature_type, version)) if isinstance(item, (BasePublicKey, UserID, UserAttribute)): SigClass = KeySignature else: SigClass = BaseSignature creation_time = int(time.time()) issuer_key_id = self.key_id hashed_subpackets = hashed_subpackets or [] unhashed_subpackets = [] creation_time_arg = None issuer_key_id_arg = None if version in (2, 3): creation_time_arg = creation_time issuer_key_id_arg = issuer_key_id elif version == 4: creation_time_subpacket = \ signature_subpackets.CreationTimeSubpacket(False, creation_time) issuer_subpacket = signature_subpackets.IssuerSubpacket( False, issuer_key_id) hashed_subpackets.insert(0, creation_time_subpacket) hashed_subpackets.insert(0, issuer_subpacket) sig = SigClass(item, version, signature_type, self.public_key_algorithm, hash_algorithm, hash2=b'', signature_values=(), creation_time=creation_time_arg, issuer_key_id=issuer_key_id_arg, hashed_subpackets=hashed_subpackets, unhashed_subpackets=unhashed_subpackets ) hash_.update(sig.to_signable_data(signature_type, version)) hash2 = bytearray(hash_.digest()[:2]) sig.hash2 = hash2 signature_values = utils.sign_hash(self.public_key_algorithm, key_obj, hash_) sig.signature_values = signature_values return sig
def sign(self, item, version, signature_type, hash_algorithm, hashed_subpackets=None): if self.is_locked(): raise RuntimeError('Secret key must be unlocked before signing.') key_obj = self._get_key_obj() hash_ = utils.get_hash_instance(hash_algorithm) if isinstance(item, str): hash_.update(item.encode('utf8')) elif isinstance(item, bytes): hash_.update(item) else: hash_.update(item.to_signable_data(signature_type, version)) if isinstance(item, (BasePublicKey, UserID, UserAttribute)): SigClass = KeySignature else: SigClass = BaseSignature creation_time = int(time.time()) issuer_key_id = self.key_id hashed_subpackets = hashed_subpackets or [] unhashed_subpackets = [] creation_time_arg = None issuer_key_id_arg = None if version in (2, 3): creation_time_arg = creation_time issuer_key_id_arg = issuer_key_id elif version == 4: creation_time_subpacket = \ signature_subpackets.CreationTimeSubpacket(False, creation_time) issuer_subpacket = signature_subpackets.IssuerSubpacket( False, issuer_key_id) hashed_subpackets.insert(0, creation_time_subpacket) hashed_subpackets.insert(0, issuer_subpacket) sig = SigClass(item, version, signature_type, self.public_key_algorithm, hash_algorithm, hash2=b'', signature_values=(), creation_time=creation_time_arg, issuer_key_id=issuer_key_id_arg, hashed_subpackets=hashed_subpackets, unhashed_subpackets=unhashed_subpackets) hash_.update(sig.to_signable_data(signature_type, version)) hash2 = bytearray(hash_.digest()[:2]) sig.hash2 = hash2 signature_values = utils.sign_hash(self.public_key_algorithm, key_obj, hash_) sig.signature_values = signature_values return sig