gpg-verify c api
Neal H. Walfield
neal at walfield.org
Fri Dec 4 13:41:46 CET 2015
At Fri, 4 Dec 2015 13:23:06 +0100,
Jeroen Ooms wrote:
> I've been working on a package with gpgme bindings for the R
> programming language to make gpg encryption and signature
> functionality available to R users. The ultimate goal is to implement
> native support in the R for verifying gpg signatures in the package
Meik Michalke was working on creating an R package for working with
GnuPG a while ago. I don't know what the status is. (I've add him to
> However because R itself has to work out of the box on Linux, Mac and
> Windows, it cannot have a runtime dependency on gpg executables. Hence
> I was wondering if there pure C API for verifying gpg signatures,
> which depends only on libgcrypt (or other c libraries) but does not
> require a full gpg installation. That way we can statically link
> libgcrypt into the R binary on mac and windows, and have a portable
There is no such library as far as I know. The closest that I'm aware
of is gpgv, which just verifies signatures (it part of the GnuPG).
> The client would not need any of gpg's advanced features, it only
> needs to verify if a given signature is valid for a given message and
> pubkey, similar to the openssl EVP_Verify api .
A signature is not much more use than a checksum if you don't also
check the key's validity. How were you planning on doing this? Were
you just going to hard code a few keys?
> I was unable to figure out how to implement signature verification
> with libgcrypt alone. Has somebody worked on something similar?
At the very least, you need to parse the OpenPGP message, which is
what gpg does.
More information about the Gnupg-devel