lili/amodem
1
0
Fork 0
mirror of https://github.com/romanz/amodem.git synced 2026-04-17 11:45:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

gpg: verify signature after signing

Browse Source
This commit is contained in:
Roman Zeyde
2016-04-23 22:41:43 +03:00
parent 76ce25fab1
commit 6f4f33bfa5
2 changed files with 20 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
trezor_agent/gpg/check.py
View File

@@ -17,7 +17,7 @@ def original_data(filename):
return open(parts[0], 'rb').read() return open(parts[0], 'rb').read()
def check(pubkey, sig_file): def verify(pubkey, sig_file):
d = open(sig_file, 'rb') d = open(sig_file, 'rb')
if d.name.endswith('.asc'): if d.name.endswith('.asc'):
lines = d.readlines()[3:-1] lines = d.readlines()[3:-1]
@@ -29,6 +29,7 @@ def check(pubkey, sig_file):
signature, = list(parser) signature, = list(parser)
decode.verify_digest(pubkey=pubkey, digest=signature['digest'], decode.verify_digest(pubkey=pubkey, digest=signature['digest'],
signature=signature['sig'], label='GPG signature') signature=signature['sig'], label='GPG signature')
log.info('%s OK', sig_file)
def main(): def main():
@@ -38,9 +39,8 @@ def main():
p.add_argument('pubkey') p.add_argument('pubkey')
p.add_argument('signature') p.add_argument('signature')
args = p.parse_args() args = p.parse_args()
check(pubkey=decode.load_public_key(open(args.pubkey, 'rb')), verify(pubkey=decode.load_public_key(open(args.pubkey, 'rb')),
sig_file=args.signature) sig_file=args.signature)
log.info('OK')
if __name__ == '__main__': if __name__ == '__main__':
main() main()

28
trezor_agent/gpg/signer.py
View File

@@ -9,9 +9,8 @@ import struct
import subprocess import subprocess
import time import time
from . import decode from . import decode, check
from .. import client, factory, formats from .. import client, factory, formats, util
from .. import util
log = logging.getLogger(__name__) log = logging.getLogger(__name__)
@@ -125,6 +124,15 @@ class Signer(object):
log.info('%s GPG public key %s created at %s', self.curve_name, log.info('%s GPG public key %s created at %s', self.curve_name,
self.hex_short_key_id(), time_format(self.created)) self.hex_short_key_id(), time_format(self.created))
@classmethod
def from_public_key(cls, pubkey, user_id):
s = Signer(user_id=user_id,
created=pubkey['created'],
curve_name=find_curve_by_algo_id(pubkey['algo']))
assert s.key_id() == pubkey['key_id']
return s
def _pubkey_data(self): def _pubkey_data(self):
curve_info = SUPPORTED_CURVES[self.curve_name] curve_info = SUPPORTED_CURVES[self.curve_name]
header = struct.pack('>BLB', header = struct.pack('>BLB',
@@ -237,12 +245,7 @@ def armor(blob, type_str):
def load_from_gpg(user_id): def load_from_gpg(user_id):
log.info('loading public key %r from local GPG keyring', user_id) log.info('loading public key %r from local GPG keyring', user_id)
pubkey_bytes = subprocess.check_output(['gpg2', '--export', user_id]) pubkey_bytes = subprocess.check_output(['gpg2', '--export', user_id])
pubkey = decode.load_public_key(io.BytesIO(pubkey_bytes)) return decode.load_public_key(io.BytesIO(pubkey_bytes))
s = Signer(user_id=user_id,
created=pubkey['created'],
curve_name=find_curve_by_algo_id(pubkey['algo']))
assert s.key_id() == pubkey['key_id']
return s
def main(): def main():
@@ -270,13 +273,16 @@ def main():
open(filename, 'wb').write(pubkey) open(filename, 'wb').write(pubkey)
log.info('import to local keyring using "gpg2 --import %s"', filename) log.info('import to local keyring using "gpg2 --import %s"', filename)
else: else:
s = load_from_gpg(user_id) pubkey = load_from_gpg(user_id)
s = Signer.from_public_key(pubkey=pubkey, user_id=user_id)
data = open(args.filename, 'rb').read() data = open(args.filename, 'rb').read()
sig, ext = s.sign(data), '.sig' sig, ext = s.sign(data), '.sig'
if args.armor: if args.armor:
sig = armor(sig, 'SIGNATURE') sig = armor(sig, 'SIGNATURE')
ext = '.asc' ext = '.asc'
open(args.filename + ext, 'wb').write(sig) filename = args.filename + ext
open(filename, 'wb').write(sig)
check.verify(pubkey=pubkey, sig_file=filename)
s.close() s.close()