PGP/GPG Signature file Verification App

rob42 · December 7, 2023, 10:20am

I’ve created a GUI base app that reads a file and then generates a hash digest (any one from the four that I’ve coded in) which I use for verifying that a published hash value is a match against the one that my app generates, for the same file, after it’s been downloaded. My GUI app is a nicer way to do that, than using the command line.

While this kind of “file fingerprinting” is still used by some, it is beginning to be replaced by PGP/GPG signature files, so I’d like to create another app that works in the same way as my “Checksum” app, but checks the PGP/GPG signature files, rather than a hash digest.

Coding my “Checksum” app was fairly straightforward, not least because the hashlib functions, but what library would you use, for a project such as this?

For example, have you used the gpg-lite 0.12.3 library? Would you recommend that, or an alternate?

With thanks.

barry-scott · December 7, 2023, 5:32pm

I did a web search and this stood out: python-gnupg - A Python wrapper for GnuPG — Python Wrapper for GnuPG 0.5.2.dev0 documentation

rob42 · December 7, 2023, 6:04pm

That’s a nice find; thank you.

And it’s bang up-to-date, so there’s that. The libraries that I’ve discovered seem to be quite old, which suggest that they’re no longer being maintained.

The project is still very much at the research stage, but a maintained library base has to be front a centre, I feel.