堆栈内存溢出
  简体   繁体   English

使用 C/C++ 中的 GPGME 使用特定公钥验证 GPG 签名

[英]Verifying a GPG signature using a specific public key with GPGME in C / C++

 原文  2015-06-15 08:51:43       c++/ c/ cryptography/ gnupg/ gpgme

问题描述

I have a C++ program that needs to verify the signature of a file that has been signed with GPG using a specific private key.我有一个 C++ 程序,需要验证使用特定私钥使用 GPG 签名的文件的签名。 Using GPGME I have successfully written a program that verifies that the given file has been properly signed with a private key corresponding to one of the public keys in the GPG keyring.我使用 GPGME 成功编写了一个程序,该程序验证给定文件是否已使用与 GPG 密钥环中的公钥之一对应的私钥正确签名。

Now I would like my program to verify the file using a public key that is hard coded inside my program instead of just verifying the signature using one of the public keys available in the GPG keyring.现在我希望我的程序使用在我的程序中硬编码的公钥来验证文件,而不是仅仅使用 GPG 密钥环中可用的公钥之一来验证签名。

I want my program (that will be installed on someone else's computer) to be able to verify that the file really comes from me.我希望我的程序(将安装在其他人的计算机上)能够验证该文件是否确实来自我。 If it does the verify operation by using the list of public key in the GPG keyring of the user's computer, it seems like that user could just resign my file with his own private key and my program would validate the file's signature even though I didn't sign it.如果它通过使用用户计算机 GPG 密钥环中的公钥列表进行验证操作,似乎用户可以用他自己的私钥重新签署我的文件,即使我没有,我的程序也会验证文件的签名'签吧。

Is there any way of achieving this with GPGME?有没有办法通过 GPGME 实现这一目标? Any help is greatly appreciated.任何帮助是极大的赞赏。

1 个解决方案

解决方案1
 2  2015-06-15 11:34:14

While not exactly the solution to my problem, I solved this by checking the fingerprint of the public key that has been used to verify the signed file.虽然不是我的问题的完全解决方案,但我通过检查用于验证签名文件的公钥的指纹来解决这个问题。 I can hard code the fingerprint of my public key in my program and can use GPGME to import my public key into GPG if it isn't already there.我可以在我的程序中对我的公钥的指纹进行硬编码,并且可以使用 GPGME 将我的公钥导入到 GPG 中(如果它还没有的话)。

In GPGME the fingerprint can be gotten from a gpgme_signature_t gotten by a gpgme_op_verify_result(...) call (see documentation ).在GPGME指纹可以从被得到gpgme_signature_t由得到gpgme_op_verify_result(...)调用(请参阅 文档)。

GPG can display the fingerprint of your public key with the following command: gpg --fingerprint GPG 可以使用以下命令显示您的公钥指纹: gpg --fingerprint

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用gpgme在C ++中导出gpg公钥 - Export gpg Public Key in c++ using gpgme GnuPGME:GPG签名C ++ - GnuPGME: GPG Signature C++ 在Debian中为C ++应用程序使用GPGME - Using GPGME in Debian for C++ Application 如何使用 C++ 中的 RSA 公钥验证 JWT 签名 - How to verify JWT signature using RSA public key in C++ 分段在C ++中通过openSSL使用公钥验证JWT令牌时出错 - Segmentation Fault while verifying JWT token using a public key through openSSL in C++ OpenSAML C ++签名验证:从证书读取公共密钥时崩溃 - OpenSAML C++ signature validation : crash reading public key from certificate C / C ++使用公钥加密/解密 - C/C++ encrypt/decrypt with public key 使用Openssl和C ++从公钥中提取模数和指数 - Extracting modulus and exponent from public key using Openssl and C++ 具有特定签名的C ++重载模板 - C++ overload template with specific signature 使用X509证书中的公共密钥进行RSA公共加密 - RSA public encryption using public key from X509 certificate c++
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM