def verify(self, signature, item):
if self.key_id not in signature.issuer_key_ids:
raise exceptions.SignatureVerificationFailed(
'Signature not made by this key.')
if self.public_key_algorithm != signature.public_key_algorithm:
raise exceptions.SignatureVerificationFailed(
'Signature not made by this key.')
signature_values = signature.signature_values
key_obj = self._get_key_obj()
hash_ = utils.get_hash_instance(signature.hash_algorithm)
hash_.update(item.to_signable_data(signature.signature_type,
signature.version))
hash_.update(signature.to_signable_data(signature.signature_type,
signature.version))
if hash_.digest()[:2] != signature.hash2:
raise exceptions.SignatureVerificationFailed()
if not utils.verify_hash(signature.public_key_algorithm, key_obj,
hash_, signature_values):
raise exceptions.SignatureVerificationFailed()
return True
def verify(self, signature, item):
if self.key_id not in signature.issuer_key_ids:
raise exceptions.SignatureVerificationFailed(
'Signature not made by this key.')
if self.public_key_algorithm != signature.public_key_algorithm:
raise exceptions.SignatureVerificationFailed(
'Signature not made by this key.')
signature_values = signature.signature_values
key_obj = self._get_key_obj()
hash_ = utils.get_hash_instance(signature.hash_algorithm)
hash_.update(
item.to_signable_data(signature.signature_type, signature.version))
hash_.update(
signature.to_signable_data(signature.signature_type,
signature.version))
if hash_.digest()[:2] != signature.hash2:
raise exceptions.SignatureVerificationFailed()
if not utils.verify_hash(signature.public_key_algorithm, key_obj,
hash_, signature_values):
raise exceptions.SignatureVerificationFailed()
return True
def sign(self, item, version, signature_type, hash_algorithm,
hashed_subpackets=None):
if self.is_locked():
raise RuntimeError('Secret key must be unlocked before signing.')
key_obj = self._get_key_obj()
hash_ = utils.get_hash_instance(hash_algorithm)
if isinstance(item, str):
hash_.update(item.encode('utf8'))
elif isinstance(item, bytes):
hash_.update(item)
else:
hash_.update(item.to_signable_data(signature_type, version))
if isinstance(item, (BasePublicKey, UserID, UserAttribute)):
SigClass = KeySignature
else:
SigClass = BaseSignature
creation_time = int(time.time())
issuer_key_id = self.key_id
hashed_subpackets = hashed_subpackets or []
unhashed_subpackets = []
creation_time_arg = None
issuer_key_id_arg = None
if version in (2, 3):
creation_time_arg = creation_time
issuer_key_id_arg = issuer_key_id
elif version == 4:
creation_time_subpacket = \
signature_subpackets.CreationTimeSubpacket(False,
creation_time)
issuer_subpacket = signature_subpackets.IssuerSubpacket(
False, issuer_key_id)
hashed_subpackets.insert(0, creation_time_subpacket)
hashed_subpackets.insert(0, issuer_subpacket)
sig = SigClass(item, version, signature_type,
self.public_key_algorithm, hash_algorithm, hash2=b'',
signature_values=(), creation_time=creation_time_arg,
issuer_key_id=issuer_key_id_arg,
hashed_subpackets=hashed_subpackets,
unhashed_subpackets=unhashed_subpackets
)
hash_.update(sig.to_signable_data(signature_type, version))
hash2 = bytearray(hash_.digest()[:2])
sig.hash2 = hash2
signature_values = utils.sign_hash(self.public_key_algorithm, key_obj,
hash_)
sig.signature_values = signature_values
return sig
def sign(self,
item,
version,
signature_type,
hash_algorithm,
hashed_subpackets=None):
if self.is_locked():
raise RuntimeError('Secret key must be unlocked before signing.')
key_obj = self._get_key_obj()
hash_ = utils.get_hash_instance(hash_algorithm)
if isinstance(item, str):
hash_.update(item.encode('utf8'))
elif isinstance(item, bytes):
hash_.update(item)
else:
hash_.update(item.to_signable_data(signature_type, version))
if isinstance(item, (BasePublicKey, UserID, UserAttribute)):
SigClass = KeySignature
else:
SigClass = BaseSignature
creation_time = int(time.time())
issuer_key_id = self.key_id
hashed_subpackets = hashed_subpackets or []
unhashed_subpackets = []
creation_time_arg = None
issuer_key_id_arg = None
if version in (2, 3):
creation_time_arg = creation_time
issuer_key_id_arg = issuer_key_id
elif version == 4:
creation_time_subpacket = \
signature_subpackets.CreationTimeSubpacket(False,
creation_time)
issuer_subpacket = signature_subpackets.IssuerSubpacket(
False, issuer_key_id)
hashed_subpackets.insert(0, creation_time_subpacket)
hashed_subpackets.insert(0, issuer_subpacket)
sig = SigClass(item,
version,
signature_type,
self.public_key_algorithm,
hash_algorithm,
hash2=b'',
signature_values=(),
creation_time=creation_time_arg,
issuer_key_id=issuer_key_id_arg,
hashed_subpackets=hashed_subpackets,
unhashed_subpackets=unhashed_subpackets)
hash_.update(sig.to_signable_data(signature_type, version))
hash2 = bytearray(hash_.digest()[:2])
sig.hash2 = hash2
signature_values = utils.sign_hash(self.public_key_algorithm, key_obj,
hash_)
sig.signature_values = signature_values
return sig
