Werner Koch via Gnupg-devel <[email protected]> writes:
> There might be a bug in the code. We have not touched it in the last
> 20 years, though.
Thank you, I hope it's a simple as a bug.
> […] there are cases - depending on the signature validity and the
> error code when SUM might still be zero. A new error code emitted by
> gpg could result in this behaviour.
>
> Do you have an example?
Included in this message is a Python program ‘verify_test.py’. That
program makes use of the ‘python-gpg’ library, the Python wrapper of
GPGME.
The program includes inline a clear-signed message, and when run it will
use ‘gpg.Context.verify’ to verify the message. It then reports the
result of that call.
Here is the session where I run the program:
=====
$ python3 verify_test.py
GnuPG verify message from file ‘<inline literal text>’:
‘gpg.Context.verify’ returned result: VerifyResult(file_name=None,
is_mime=0, signatures=[Signature(chain_model=False, exp_timestamp=0,
fpr='6159E0F29E2FA412E0795C73F9B46AAC84420C82', hash_algo=8,
is_de_vs=False, key=None, notations=[], pka_address=None, pka_trust=0,
pubkey_algo=1, status=0, summary=0, timestamp=1713137533, validity=0,
validity_reason=0, wrong_key_usage=False)])
Signature at index 0: Signature(chain_model=False, exp_timestamp=0,
fpr='6159E0F29E2FA412E0795C73F9B46AAC84420C82', hash_algo=8,
is_de_vs=False, key=None, notations=[], pka_address=None, pka_trust=0,
pubkey_algo=1, status=0, summary=0, timestamp=1713137533, validity=0,
validity_reason=0, wrong_key_usage=False)
=====
You can see that the ‘verify’ call succeeds (no error is raised), and
there is a single attached Signature.
That Signature, though it has a valid timestamp and fingerprint, has ‘0’
for all of ‘pka_trust’, ‘status’, ‘summary’, ‘validity’, and
‘validity_reason’.
# verify_test.py
import io
import sys
import textwrap
import gpg
test_message = textwrap.dedent("""\
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Curabitur rutrum vulputate elementum. Integer porttitor, nulla in
vehicula tristique, diam nisl volutpat leo, ornare egestas lorem metus
rhoncus massa. Quisque sed libero odio. Fusce volutpat urna vel est
sagittis scelerisque. Pellentesque vehicula at felis a vulputate.
Nunc rutrum ligula ut sem pretium vulputate. Vestibulum feugiat ut mi
quis volutpat. Fusce vestibulum laoreet luctus. Sed vel sem ut massa
semper condimentum. Maecenas scelerisque, turpis non porta mollis,
libero massa ullamcorper diam, et porta massa purus eget est. Morbi
eros nunc, lacinia nec sollicitudin ut, tempor at enim.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEYVng8p4vpBLgeVxz+bRqrIRCDIIFAmYcZ30ACgkQ+bRqrIRC
DILvbRAA0LLjuerb6Nt5fXYvMcRj5C1i59bUrEQiMMx0qr/mQEczvIkWuUSRGTb6
PEVQOjlTIRW6gM1yn2Dz/Fn50j876pauiGU+LqEiuOtc21XSLA7SXFWPFsiUxH47
tYHKFtl9X1OnkH1CrSxq1KLRjJSVxqMwkM3wR6NFp5VbSLo4nM5EE3jqR8IT6AGP
/fttDpIo0+GJstr1llsv352QGcV43gOjJ1/7IFoalXQL5skJ9Idvz8mH9SBULcyV
GC1IRvRyEtqRTtU42w8k+FlPnD6syvMzzdgybpw0SBipiletOIIgCqWaLYsr69oT
WZJSKpwGBNkBB3VTn28jwbwp5ItbDr8mSUrNCzbY4g3i+FufvebNbc90yjmrmkEg
h2UmUV0RN2+M3KAwTHFtA54oWHfvGs3NdxCqTM3YctBPclS6LDrHDbzKV7ek5QbX
YBWUiHFyt7r59FRpOoFrzxF2bXJxX1zkrjOnHkzRLuA31PPSWAyXJL6XNqhW9a0B
zrzbfOC/T94DknCgGgVK/jxw0Hh682LgzzTU59vKjXFiL2YJzL4nqF7F2Jpj+nIk
y1ayiwOrXzK9wq88ym1PJost7mZr+ZQQ2xGykPSXZFcaA4ZlE2TTZKUHo38rg892
tyK2ot3yYzOMUhmtO4fYZ1QhGWMjAeFJQkGpdsfcSKyKwlljhps=
=WgD/
-----END PGP SIGNATURE-----
""")
def main():
infile_path = "<inline literal text>"
infile_data = test_message
infile = io.BytesIO(infile_data.encode('utf-8'))
context = gpg.Context()
sys.stderr.write(
"GnuPG verify message from file ‘{}’:\n".format(infile_path))
with infile:
(__, verify_result) = context.verify(infile)
sys.stderr.write(
"‘gpg.Context.verify’ returned result: {!r}\n".format(
verify_result))
try:
signatures = verify_result.signatures
except AttributeError as exc:
sys.stderr.write(
"Verify result has no ‘signatures’ attribute\n")
for (signature_index, signature) in enumerate(signatures):
sys.stderr.write(
"Signature at index {signature_index:d}:"
" {signature!r}\n".format(**vars()))
if __name__ == '__main__':
exit_status = main()
sys.exit(exit_status)
--
\ “When I was born I was so surprised I couldn't talk for a year |
`\ and a half.” —Gracie Allen |
_o__) |
Ben Finney
_______________________________________________
Gnupg-devel mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-devel
