[[!meta  title="pyassuan"]]
[[!template id=gitrepo repo=pyassuan]]

I've been trying to come up with a clean way to verify detached
[[PGP]] signatures from [[Python]].  There are [a number of existing
approaches to this problem][wrappers].  Many of them call [gpg][]
using Python's `multiprocessing` module, but to verify detached
signatures, you need to send the signature in [on a separate file
descriptor][enable-special-filenames], and handling that in a way safe
from deadlocks is difficult.  The other approach, taken by [PyMe][] is
to wrap [GPGME][] using [[SWIG]], which is great as far as it goes,
but development seems to have stalled, and I find the raw GPGME
interface excessively complicated.

The GnuPG tools themselves often communicate over sockets using the
[Assuan protocol][assuan], and I'd already written an Assuan server to
handle pinentry (originally for my [[gpg-agent]] post, not [part of
pyassuan][pinentry.py]).  I though it would be natural if there was a
[[gpgme-agent]] which would handle cryptographic tasks over this
protocol, which would make the [[pgp-mime]] implementation easier.  In
order to talk to this (currently hypothetical) agent, I turned my
pinentry script into the more general pyassuan package.  Now using
Assuan from Python should be as easy (or easier?) than using it from C
via [libassuan][].

The `README` is posted on the [PyPI page][pypi].

[wrappers]: http://wiki.python.org/moin/GnuPrivacyGuard
[gpg]: http://www.gnupg.org/
[enable-special-filenames]: http://lists.gnupg.org/pipermail/gnupg-devel/2002-November/019343.html
[PyMe]: http://pyme.sourceforge.net/
[GPGME]: http://www.gnupg.org/related_software/gpgme/
[assuan]: http://www.gnupg.org/documentation/manuals/assuan/
[pinentry.py]: http://git.tremily.us/?p=pyassuan.git;a=blob;f=bin/pinentry.py;hb=HEAD
[libassuan]: http://www.gnupg.org/related_software/libassuan/
[pypi]: http://pypi.python.org/pypi/pyassuan/

[[!tag tags/code]]
[[!tag tags/linux]]
[[!tag tags/programming]]
[[!tag tags/pypi]]
[[!tag tags/python]]