Detached signatures in GpgMe

Egil Moeller redhog at redhog.org
Sun Sep 22 14:51:01 CEST 2002 

Hi!
I'm trying to use detached signatures in GpgMe, but I can not get it to
work. Norrmal and cleartext signatures works fine. Is this a bug, or is it
jut me not understunding the API?

  if ((gpgmeError = gpgme_data_new(&sigObj)) != GPGME_No_Error)
   frideThrowGpgmeError("fride-gpgme-sign", gpgmeError);
  if ((gpgmeError = gpgme_op_sign(ctxObj, plainObj, sigObj, GPGME_SIG_MODE_DETACH)) != GPGME_No_Error)
   frideThrowGpgmeError("fride-gpgme-sign", gpgmeError);

  fprintf(stderr, "Sign info: %s\n", gpgme_get_op_info(ctxObj, 0));

  if ((gpgmeError = gpgme_op_verify(ctxObj, sigObj, plainObj, &statusObj)) != GPGME_No_Error)
   frideThrowGpgmeError("fride-gpgme-verify", gpgmeError);

  fprintf(stderr, "Verify status: %s\n", strGpgmeSigStat(statusObj));
  fprintf(stderr, "Verify info: %s\n", gpgme_get_op_info(ctxObj, 0));

gives me

Sign info: <GnupgOperationInfo>
  <signature>
    <detached/>
    <algo>17</algo>
    <hashalgo>2</hashalgo>
    <micalg>pgp-sha1</micalg>
    <sigclass>00</sigclass>
    <created>1032695269</created>
    <fpr>DE532235128A1EDDF3A422B71DE43A1D2009954C</fpr>
  </signature>
</GnupgOperationInfo>

Verify status: This status indicates that the signature is invalid. For the combined result this status means that all signatures are invalid.
Verify info: <GnupgOperationInfo>
  <signature>
    <detached/>
    <algo>17</algo>
    <hashalgo>2</hashalgo>
    <micalg>pgp-sha1</micalg>
    <sigclass>00</sigclass>
    <created>1032695269</created>
    <fpr>DE532235128A1EDDF3A422B71DE43A1D2009954C</fpr>
  </signature>
</GnupgOperationInfo>

but if I save the signature data to a file and test by hand with gpg, gpg
tells me it is an OK ssignature...

The strangest thing, if I try to verify the sig another time, I get "This
status indicates that the signature data provided was not a real
signature." (but still, if I save the sig to a file, gpg says its an OK
sig!)...

Thanks in advance,
Egil

-- 
http://redhog.org
GPG Public key: http://redhog.org/PGP%20Public%20key.asc
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!

More information about the Gnupg-devel mailing list