git.tremily.us Git - gpg-migrate.git/commit

author	W. Trevor King <wking@tremily.us>
	Tue, 7 Jan 2014 17:33:19 +0000 (09:33 -0800)
committer	W. Trevor King <wking@tremily.us>
	Tue, 7 Jan 2014 21:17:45 +0000 (13:17 -0800)
commit	f5e936a32fc016c24eabac90ce3b638acb7eafe4
tree	68bcd65f5ac80517365b56f0635b50bc541b5926	tree \| snapshot
parent	1664f3b4ed402b51187191215233d8d5900f9a85	commit \| diff

Add signature verification to PGPPacket and PGPKey

From RFC 4880 [1]:

  With RSA signatures, the hash value is encoded using PKCS#1 encoding
  type EMSA-PKCS1-v1_5 as described in Section 9.2 of RFC 3447.  This
  requires inserting the hash value as an octet string into an ASN.1
  structure.  The object identifier for the type of hash being used is
  included in the structure.  The hexadecimal representations for the
  currently defined hash algorithms are as follows: ...

Rather than coding all these object identifiers in myself, I'm
piggybacking on PyCrypto [2,3,4] which already sets up
per-hash-algarithm OIDs.  However, older versions of PyCrypto attached
the OIDs to the PyCrypto-specific hash implementations, and we're
using hashlib's implementations.  Since 59018ff (Hash: Remove "oid"
attributes; add "name" attribute, 2013-02-17, released in PyCrypto
v2.7a1), PyCrypto has been able to handle hashlib hashes, so you'll
need a fairly modern installation to work with this script.

[1]: https://tools.ietf.org/html/rfc4880#section-5.2.2
[2]: http://www.pycrypto.org/
[3]: https://www.dlitz.net/software/pycrypto/
[4]: https://github.com/dlitz/pycrypto/