Verify problem with gpgme

Wed May 4 09:48:59 CEST 2011

Am Donnerstag, 28. April 2011 22:56:44 schrieb dabicho:
> I am trying to write a small application whose task is to execute a
> script only if it is signed by a specific key.

> I thought I could use gpgme to verify it and check if the signature's
> key has the right name, comment and mail address, 

I'd also start with gpgme. 

> but I have not found 
> a way to read the key data.

Here is an older example in pyme that shows
how you get the key data of the signatures via gpgme in principle:

http://pyme.cvs.sourceforge.net/viewvc/pyme/pyme/examples/verifydetails.py?revision=1.2&view=markup
  c.op_verify(sig2, file2, plain2)
  result = c.op_verify_result()

  index = 0
  for sign in result.signatures:
    index += 1
    print "signature", index, ":"
    print "  summary:     %#0x" % (sign.summary)
    print "  status:      %#0x" % (sign.status)
    print "  timestamp:  ", sign.timestamp
    print "  fingerprint:", sign.fpr
    print "  uid:        ", c.get_key(sign.fpr, 0).uids[0].uid

There are other examples that show how to get details about an certificate. 
The gpgme documentation is your friend. 

The certificates should be in your gnupg store already.

Hope this helps,
Bernhard

-- 
Managing Director - Owner: www.intevation.net       (Free Software Company)
Deputy Coordinator Germany: fsfe.org. Board member: www.kolabsys.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110504/6fbf9934/attachment.pgp>