Mailing List Archive

python GPGME bindings and key signatures
i frequently do work with the GPGME bindings for python (is this still
referred to as "pyME" after the merge into mainline?), and i really must
start by saying thank you to whomever maintains it!

i do have a quick question as i'm not sure it's something expected or not.

it seems the signatures interface is obsolete[0].

it seems that the non-obsolete way of accessing this is in
gpgme_user_id_t's `signatures` member[1] (or
<key>.uids[<idx>].signatures per the bindings).

however, this is empty in python's bindings:

_________________________________________________________________
>>> import os
>>> os.environ['GNUPGHOME']
'/var/tmp/python_testing/gpg/homedir'
>>> import gpg
>>> ctx = gpg.Context()
>>> k = ctx.get_key('C548200C7F6AA9541F6EDFF65A6D013706B6BE26')
>>> k.uids[0].signatures
[]
>>>
_________________________________________________________________


whereas signatures most definitely do exist:


_________________________________________________________________
[bts@cylon gpg]$ echo $GNUPGHOME
/var/tmp/python_testing/gpg/homedir
[bts@cylon gpg]$ gpg --list-keys --with-sig-check
C548200C7F6AA9541F6EDFF65A6D013706B6BE26
pub rsa4096 2012-10-30 [SC]
C548200C7F6AA9541F6EDFF65A6D013706B6BE26
uid [ full ] A Test Key for Expiring, delete when done
(1351649839.474725) <test2@test.com>
sig!3 5A6D013706B6BE26 2012-10-30 A Test Key for Expiring,
delete when done (1351649839.474725) <test2@test.com>
sig! 33F7494F9AF6E3D1 2018-11-04 A Test Key (a comment)
<test@test.com>
sig! 2 33F7494F9AF6E3D1 2018-11-05 A Test Key (a comment)
<test@test.com>
sub rsa4096 2012-10-30 [S]
sig! 5A6D013706B6BE26 2012-10-30 A Test Key for Expiring,
delete when done (1351649839.474725) <test2@test.com>

gpg: 4 good signatures
_________________________________________________________________


is this intentional/known behaviour? did i do a goof?

if the former, is there an expected ETA on support for this?
if the latter, is there a certain constant that needs to be set for the
context first or something; how can i implement key signature listing?

thanks!


[0] https://gnupg.org/documentation/manuals/gpgme/Key-Signatures.html
[1]
https://www.gnupg.org/documentation/manuals/gpgme/Key-objects.html#index-gpgme_005fuser_005fid_005ft


--
brent saner
https://square-r00t.net/
GPG info: https://square-r00t.net/gpg-info
Re: python GPGME bindings and key signatures [ In reply to ]
Hi,

On Mon, 2018-11-05 at 00:20 -0500, brent s. wrote:
>
> however, this is empty in python's bindings:
>
> _________________________________________________________________
> > > > import os
> > > > os.environ['GNUPGHOME']
>
> '/var/tmp/python_testing/gpg/homedir'
> > > > import gpg
> > > > ctx = gpg.Context()
> > > > k = ctx.get_key('C548200C7F6AA9541F6EDFF65A6D013706B6BE26')
> > > > k.uids[0].signatures
>
> []
> > > >
>
> _________________________________________________________________
>
>

yeah, this is one of the peculiarities of the gpgme interface.
You have to request the key list with signatures.
I'd link to the documentation, but as there is still no full HTML
version I cannot easily press Ctrl+F and search.

I have the following in my code:

# *sigh* gpgme is killing me. With gpgme 1.8 we have to
# set_keylist_mode before we can call keylist. With gpgme 1.9
# keylist takes a mode argument and overrides whatever has been
# set before. In order to come with something compatible with both
# 1.8 and 1.9 we have to set_keylist_mode and NOT call ctx.keylist
# but rather the bare op_keylist_all. In 1.8 that requires two
# arguments.
mode = gpg.constants.keylist.mode.LOCAL | gpg.constants.keylist.mode.SIGS
secret = False
ctx.set_keylist_mode(mode)
keys = list(ctx.op_keylist_all(key.fpr, secret))
# With gpgme 1.9 we can simply do:
# keys = list(ctx.keylist(key.fpr), mode=mode)


HTH,
Tobi


_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: python GPGME bindings and key signatures [ In reply to ]
On 11/5/18 6:14 AM, Tobias Mueller wrote:
> yeah, this is one of the peculiarities of the gpgme interface.
> You have to request the key list with signatures.
> I'd link to the documentation, but as there is still no full HTML
> version I cannot easily press Ctrl+F and search.
>
> I have the following in my code:
>
> # *sigh* gpgme is killing me. With gpgme 1.8 we have to
> # set_keylist_mode before we can call keylist. With gpgme 1.9
> # keylist takes a mode argument and overrides whatever has been
> # set before. In order to come with something compatible with both
> # 1.8 and 1.9 we have to set_keylist_mode and NOT call ctx.keylist
> # but rather the bare op_keylist_all. In 1.8 that requires two
> # arguments.
> mode = gpg.constants.keylist.mode.LOCAL | gpg.constants.keylist.mode.SIGS
> secret = False
> ctx.set_keylist_mode(mode)
> keys = list(ctx.op_keylist_all(key.fpr, secret))
> # With gpgme 1.9 we can simply do:
> # keys = list(ctx.keylist(key.fpr), mode=mode)
>
>
> HTH,
> Tobi
>


Tobi -

This helps a TON. Thank you so much!

Something else I just ran into last night is it seems
gpg.constants.import is unusable due to the :

>>> import gpg
>>> gpg.constants.import.NEW
File "<stdin>", line 1
gpg.constants.import.NEW
^
SyntaxError: invalid syntax
>>> sys.version
'3.7.1 (default, Oct 22 2018, 10:41:28) \n[GCC 8.2.1 20180831]'

I presume that's something I'll need a bug report for.

Thanks again, Tobi!

--
brent saner
https://square-r00t.net/
GPG info: https://square-r00t.net/gpg-info
Re: python GPGME bindings and key signatures [ In reply to ]
On Mon, Nov 05, 2018 at 12:14:45PM +0100, Tobias Mueller wrote:
> Hi,
>
> # With gpgme 1.9 we can simply do:
> # keys = list(ctx.keylist(key.fpr), mode=mode)

A minor correction of a typo here, that last line should be:

keys = list(ctx.keylist(key.fpr, mode=mode))

Then the signature data will be in accessible via things like this:

for key in keys:
for uid in key.uids:
for sig in uid.signatures:
print(sig.keyid, sig.uid, sig.timestamp)

And so on.

Also, this needs more documentation, soI'll add it to the HOWTO,
thanks for the reminder.


Regards,
Ben