GPGME - signing binary (PDF) files

Werner Koch wk at
Wed Sep 10 11:34:09 CEST 2008

On Wed, 10 Sep 2008 10:26, razvan at said:

> ---
> gpg --output doc.sig --detach-sig doc
> ---

We do this all the time with GPGME.  It is the basic operation you need

 -- Function: gpgme_error_t gpgme_op_sign (gpgme_ctx_t CTX,
          gpgme_data_t PLAIN, gpgme_data_t SIG, gpgme_sig_mode_t MODE)
     The function `gpgme_op_sign' creates a signature for the text in
     the data object PLAIN and returns it in the data object SIG.  The
     type of the signature created is determined by the ASCII armor
     (or, if that is not set, by the encoding specified for SIG), the
     text mode attributes set for the context CTX and the requested
     signature mode MODE.

     After the operation completed successfully, the result can be
     retrieved with `gpgme_op_sign_result'.

     If an S/MIME signed message is created using the CMS crypto engine,
     the number of certificates to include in the message can be
     specified with `gpgme_set_include_certs'.  *Note Included

     The function returns the error code `GPG_ERR_NO_ERROR' if the
     signature could be created successfully, `GPG_ERR_INV_VALUE' if
     CTX, PLAIN or SIG is not a valid pointer, `GPG_ERR_NO_DATA' if the
     signature could not be created, `GPG_ERR_BAD_PASSPHRASE' if the
     passphrase for the secret key could not be retrieved,
     `GPG_ERR_UNUSABLE_SECKEY' if there are invalid signers, and passes
     through any errors that are reported by the crypto engine support

Example on how to create PGP/MIME signed data:

   GpgmeCtx ctx;
   GpgmeData data, sig;

   gpgme_new (&ctx);
   gpgme_set_armor (ctx, 1);
   gpgme_set_textmode (ctx, 1);

   gpgme_data_new_from_mem (&data, mime_object,
                            mime_object_len, TRUE );
   gpgme_data_new ( &sig );
   gpgme_op_sign (ctx, data, sig, GPGME_SIG_MODE_DETACH );

   fputs ( "Content-Type: multipart/signed;\r\n"
           "              protocol=\"application/pgp-signature\";\r\n"
           "              boundary=\"42=.42=.42=.42\"\r\n"
           "\r\n--42=.42=.42=.42\r\n", stdout );

   gpgme_data_rewind (data);
   while ( !gpgme_data_read (data, buf, sizeof buf, &nread ) ) {
        fwrite (buf, nread, 1, stdout );
   fputs ( "\r\n--42=.42=.42=.42--\r\n"
           "Content-Type: application/pgp-signature\r\n\r\n", stdout);

   gpgme_data_rewind (sig);
   while ( !gpgme_data_read (sig, buf, sizeof buf, &nread ) ) {
        fwrite (buf, nread, 1, stdout );
   fputs ( "\r\n--42=.42=.42=.42--\r\n", stdout );
   gpgme_release (ctx);

If you want binary data, do nit call gpgme_set_armor and



Linux-Kongress 2008 + Hamburg + October 7-10 +

   Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-devel mailing list