[guardian-dev] gnupg-for-java verify function

Hans-Christoph Steiner hans at guardianproject.info
Tue Jan 27 05:55:11 EST 2015


Hey Marek,

I haven't had my head in that code for a while now, so I could only guess.
Try reading the gpgme docs on the verify function there.  gnupg-for-java
generally follows what gpgme does.

.hc

Marek Wrzosek:
> 
> Thanks for CC'ing this, it could be helpful. But what about my other questions? > How to use verify()? How to get anything from plain parametr?
>
> Dnia 27 stycznia 2015 10:07:11 CET, Hans-Christoph Steiner <hans at guardianproject.info> napisał(a):
> 
>> Hey Marek,
> 
>> I'm CC'ing the Guardian Dev list since this topic is of general
>> interest, and
>> others on that list might have contributions to this thread as well.
> 
>> gnupg-for-java currently requires gpgme 1.5.x, but it would probably
>> not be a
>> lot of work to get it working on older versions.  I only cared about
>> the
>> latest version of gpgme, since I was only using it on Android, where
>> all the
>> libs are embedded in the app.
> 
>> It would be quite useful to have gnupg-for-java work on older versions
>> of
>> gpgme so it'll be easy to deploy on platforms with older versions of
>> gpgme,
>> like RHEL, Debian/stable, Ubuntu/LTS, etc.
> 
>> Daniele has done some work towards that goal:
>> https://github.com/guardianproject/gnupg-for-java/pull/1
>> https://github.com/kontalk/gnupg-for-java
> 
>> .hc
> 
>> Marek Wrzosek:
>>> OK, I'm answering my own mail. I've figured out that verify needs
>>> signature, signed and plain GnuPGData objects, even empty ones. From
>>> howto of gpgme that if sig is clear text signature (I assume that
>>> creating signature from file will work), than signed_text should be
>>> null (in java empty GnuPGData?), but effect of verification is in
>>> plain. How to make writable GnuPGData for plain? How to extract text
>>> from GnuPGData or do something with it that make sense?
>>>
>>> W dniu 26.01.2015 o 16:20, Marek Wrzosek pisze:
>>>> Hello Hans!
>>>
>>>> I need help. Is gpgme 1.5.0 really necessary? The example program
>>>> is working with 1.4.3 version, but it only prints list of keys. But
>>>> it's not that important. The real question is: How to use verify
>>>> function? public void verify(GnuPGData signature, GnuPGData signed,
>>>> GnuPGData plain) I've found this in gpgme tutorial (about
>>>> underlying C function):
>>>> https://www.gnupg.org/documentation/manuals/gpgme/Verify.html#Verify
>>>
>>>
>>> But it isn't very helpful with java.
>>>> What is the easiest way to verify clear text signature from text
>>>> file or stdin? What about encoding? File is in ASCII (or UTF-8 - my
>>>> default system encoding), java uses Unicode. How gnupg-for-java
>>>> will handle it?
>>>
>>>> Bests
>>>
>>>
>>>
> 
>> --
>> PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
>> https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20150127/d1b3392b/attachment.sig>


More information about the guardian-dev mailing list