質問
I would like to know the public key of the user that generates an encrypted/signed PGP message.
I looked at the python-gnupg API but I just found how to check that the signature is OK
https://stackoverflow.com/questions/14278325
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianGPG().verify(data)
If the signature can be verified, it means that the public key is in the keyring. How can I found which one it is?
解決
You want to have a look at the fingerprint attribute of the gnupg.Verify object returned by the verify method. For example:
>>> gpg = gnupg.GPG()
>>> v = gpg.verify(data)
>>> v.fingerprint
u'3D2822FCA7D73D07F65B1514C9A99684DEDF97D5'
You can then filter list_keys to find the key in question:
>>> [k for k in gpg.list_keys(v.fingerprint)
if k['fingerprint'] == v.fingerprint]
他のヒント
PGP doesn't store public keys inside of signed/encrypted messages, it stores key identifier (8-byte part of the hash of the public-key fields). So you should look for something called 'key id' in the documentation. Here it is:
When a signature is verified, signer information is held in attributes of verified: username, key_id, signature_id, fingerprint, trust_level and trust_text.
