daklib.gpg

Utilities for signed files

@contact: Debian FTP Master <ftpmaster@debian.org> @copyright: 2011-2018 Ansgar Burchardt <ansgar@debian.org> @license: GNU General Public License version 2 or later

Functions

sign(infile[, outfile, keyids, inline, ...])
waitstatus_to_exitcode(status)

Classes

SignedFile(data, keyrings[, ...])

handle files signed with PGP

Exceptions

GpgException

exception daklib.gpg.GpgException

class daklib.gpg.SignedFile(data: bytes, keyrings: Iterable[str], require_signature: bool = True, gpg: str = '/usr/bin/gpg')

handle files signed with PGP

The following attributes are available:

contents - byte-string with the content (after removing PGP armor) valid - Boolean indicating a valid signature was found weak_signature - signature uses a weak algorithm (e.g. SHA-1) fingerprint - fingerprint of the key used for signing primary_fingerprint - fingerprint of the primary key associated to the key used for signing

_do_io(read, write)

_exec_gpg(stdin, stdout, stderr, statusfd)

_parse_status(line)

_parse_timestamp(timestamp, datestring=None) → datetime

parse timestamp in GnuPG’s format

Returns:

datetime object for the given timestamp

_verify(data, require_signature)

property contents_sha1: str

property fingerprint: str

fingerprint of the (sub)key used for the signature

property primary_fingerprint: str

fingerprint of the primary key used for the signature

property signature_id

valid: bool

valid signature

class daklib.gpg._Pipe

context manager for pipes

Note: When the pipe is closed by other means than the close_r and close_w methods, you have to set self.r (self.w) to None.

close_r()

close reading side of the pipe

close_w()

close writing part of the pipe

daklib.gpg.sign(infile, outfile=None, keyids=[], inline=False, pubring=None, secring=None, homedir=None, passphrase_file=None, *, digest_algorithm='SHA256')

daklib.gpg.waitstatus_to_exitcode(status)