Extract signature key ID with gpgme

Werner Koch wk at gnupg.org
Thu Jan 11 20:51:03 CET 2018

On Thu, 11 Jan 2018 07:19, allan at archlinux.org said:

> I am looking for a way to extract the issuer key ID from a signature
> file using gpgme without firstly having verified the signature.

There is no API for this and I am not sure how to do this best.  The
straightforward method would be to let gpgme run something gpg --dry-run
--verify but that might even need changes to gpg.

In case you want to do that for a lot of files it might be to slow
without changing gpg to be used as a co-process.  A dedicated API for
and a simple parser in GPGME might really be better.  Note that we
already have a limited OpenPGP parser in gpgme to implement

> My software current has a homemade sig file parser that extracts the key
> ID from a number of signature files, then it confirms all needed keys
> are in the keyring before going onto verify the files.  I'd like to

What is your assumptions on the number of files to test in one go?



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180111/8826bb8f/attachment.sig>

More information about the Gnupg-users mailing list