问题
Has anyone written any tutorials or have any documentation on how to use GnuPGME so I would be able to write a function such as gpgSign(std::string fileToBeSigned, std::string outPutFileName) in C++?
回答1:
Below is a C example with verbose comments that does what you are looking for - it is not the most direct approach, but should illustrate the how to accomplish signing a file. It does not handle selection of signers, but the GPGME docs should help you there.
You can save the file and make edits and test directly from the command line. To compile, just save as "gpgsign.c", and execute gcc gpgsign.c -lgpgme -o gpgsign (NOTE: you must have libgpgme installed). Then you can execute the using gpgsign <input file> <output file>
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdlib.h>
#include <errno.h>
#include <locale.h>
#include <gpgme.h>
#define fail_if_err(err) \
do { \
if (err) { \
fprintf (stderr, "%s:%d: %s: %s\n", \
__FILE__, __LINE__, gpgme_strsource (err), \
gpgme_strerror (err)); \
exit (1); \
} \
} \
while (0)
void gpgSign(const char *fileToBeSigned, const char *outputFileName) {
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t in, out;
FILE *outputFile;
int BUF_SIZE = 512;
char buf[BUF_SIZE + 1];
int ret;
/* Set the GPGME signature mode
GPGME_SIG_MODE_NORMAL : Signature with data
GPGME_SIG_MODE_CLEAR : Clear signed text
GPGME_SIG_MODE_DETACH : Detached signature */
gpgme_sig_mode_t sigMode = GPGME_SIG_MODE_CLEAR;
/* Begin setup of GPGME */
gpgme_check_version (NULL);
setlocale (LC_ALL, "");
gpgme_set_locale (NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL));
#ifndef HAVE_W32_SYSTEM
gpgme_set_locale (NULL, LC_MESSAGES, setlocale (LC_MESSAGES, NULL));
#endif
/* End setup of GPGME */
// Create the GPGME Context
err = gpgme_new (&ctx);
// Error handling
fail_if_err (err);
// Set the context to textmode
gpgme_set_textmode (ctx, 1);
// Enable ASCII armor on the context
gpgme_set_armor (ctx, 1);
// Create a data object pointing to the input file
err = gpgme_data_new_from_file (&in, fileToBeSigned, 1);
// Error handling
fail_if_err (err);
// Create a data object pointing to the out buffer
err = gpgme_data_new (&out);
// Error handling
fail_if_err (err);
// Sign the contents of "in" using the defined mode and place it into "out"
err = gpgme_op_sign (ctx, in, out, sigMode);
// Error handling
fail_if_err (err);
// Open the output file
outputFile = fopen (outputFileName, "w+");
// Rewind the "out" data object
ret = gpgme_data_seek (out, 0, SEEK_SET);
// Error handling
if (ret)
fail_if_err (gpgme_err_code_from_errno (errno));
// Read the contents of "out" and place it into buf
while ((ret = gpgme_data_read (out, buf, BUF_SIZE)) > 0) {
// Write the contents of "buf" to "outputFile"
fwrite (buf, ret, 1, outputFile);
}
// Error handling
if (ret < 0)
fail_if_err (gpgme_err_code_from_errno (errno));
// Close "outputFile"
fclose(outputFile);
// Release the "in" data object
gpgme_data_release (in);
// Release the "out" data object
gpgme_data_release (out);
// Release the context
gpgme_release (ctx);
}
int
main (int argc, char **argv) {
if (argc != 3) {
printf("Usage: gpgsign <input file> <output file>\n");
exit (1);
}
printf("Signing %s and placing the result into %s\n", argv[1], argv[2]);
gpgSign(argv[1], argv[2]);
return 0;
}
回答2:
This answer probably comes too late, but if I were you I'd rather use Keyczar which is a high-level crypto toolkit with a simple API. Java, C++, Python bindings are available.
GPGME is still quite low-level IMO for someone who needs crypto functionality without too much tweaking. Of course a crypto expert needs this type of complexity.
Personally, I try to avoid libraries that require me to set up this engine and that context in 100 lines of boilerplate code before I can do something basic... but I am no expert at anything.
来源:https://stackoverflow.com/questions/9596856/gnupgme-gpg-signature-c