1 """An extremely simple interface to the signing/verifying capabilities
4 You must already have the key in the keyring.
7 from subprocess import PIPE, Popen
8 from xmlrpc.client import dumps, loads
10 # see also myplc/plc.d/gpg
12 GPG = '/usr/bin/gpg1' if os.path.exists("/usr/bin/gpg1") else "/usr/bin/gpg"
14 def _popen_gpg(*args):
15 """Return a Popen object to GPG."""
16 return Popen((GPG, '--batch', '--no-tty') + args,
17 stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True)
20 """Return <data> signed with the default GPG key."""
21 msg = dumps((data,), methodresponse = True)
22 p = _popen_gpg('--armor', '--sign', '--keyring', '/etc/planetlab/secring.gpg', '--no-default-keyring')
25 signed_msg = p.stdout.read()
31 def verify(signed_msg):
32 """If <signed_msg> is a valid signed document, return its contents. Otherwise, return None."""
33 p = _popen_gpg('--decrypt', '--keyring', '/usr/boot/pubring.gpg', '--no-default-keyring')
34 p.stdin.write(signed_msg)
40 return None # verification failed