Help with python library

Werner Koch wk at gnupg.org
Thu Mar 8 17:15:35 CET 2018


On Tue,  6 Mar 2018 19:06, ben at adversary.org said:

> signature or decryption) read an OpenPGP file (either binary or ASCII
> armoured) and report the sort of things viewed with list-packets or

I don't think that it should be GPGME's goal to provide all internals of
an OpenPGP message or keyblock.  However, certain things which can
indeed be useful and are availabale in plaintext and without signature
verification can be added to gpgme_data_identify or a new alike
function.

> instance, via gpg.Context().keylist(); but even that doesn't get quite
> everything that list-packets does.  It doesn't for instance, obtain
> the digest algorithm with which the key certified itself.

I consider this an internal property of OpenPGP and not of general
interest for an API which should provide an mostly abstract view of the
underying crypto protocol.

If tehre is a policy or compliance need for this we can add this to gpg
proper and set a flag in the gpgme key object.

> In which case he might or might not have access to the key the data is
> encrypted to or supposed to be encrypted to, but still need to confirm
> whether or not the customer has actually done what they were told to
> do the right way.  In my experience that's rare enough in general
> without the additional complication cryptography brings to the party.

:-).  A dry-run feature for decryption would be best I think.

> scenarios where a security conscious IT department might need to check
> that employee generated keys all meet certain minimum key requirements
> and, depending on the size of the organisation, they might not want to

That is for what we have this pretty new compliance thing.  The code
allows to easily add other compliance policies than the current de-vs
policy.


Salam-Shalom,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180308/5939f439/attachment.sig>


More information about the Gnupg-devel mailing list