1#ifndef GPG_INTERFACE_H 2#define GPG_INTERFACE_H 3 4#define GPG_VERIFY_VERBOSE 1 5#define GPG_VERIFY_RAW 2 6#define GPG_VERIFY_OMIT_STATUS 4 7 8struct signature_check { 9 char *payload; 10 char *gpg_output; 11 char *gpg_status; 12 13 /* 14 * possible "result": 15 * 0 (not checked) 16 * N (checked but no further result) 17 * U (untrusted good) 18 * G (good) 19 * B (bad) 20 */ 21 char result; 22 char *signer; 23 char *key; 24}; 25 26void signature_check_clear(struct signature_check *sigc); 27 28/* 29 * Look at GPG signed content (e.g. a signed tag object), whose 30 * payload is followed by a detached signature on it. Return the 31 * offset where the embedded detached signature begins, or the end of 32 * the data when there is no such signature. 33 */ 34size_t parse_signature(const char *buf, size_t size); 35 36void parse_gpg_output(struct signature_check *); 37 38/* 39 * Create a detached signature for the contents of "buffer" and append 40 * it after "signature"; "buffer" and "signature" can be the same 41 * strbuf instance, which would cause the detached signature appended 42 * at the end. 43 */ 44int sign_buffer(struct strbuf *buffer, struct strbuf *signature, 45 const char *signing_key); 46 47/* 48 * Run "gpg" to see if the payload matches the detached signature. 49 * gpg_output, when set, receives the diagnostic output from GPG. 50 * gpg_status, when set, receives the status output from GPG. 51 */ 52int verify_signed_buffer(const char *payload, size_t payload_size, 53 const char *signature, size_t signature_size, 54 struct strbuf *gpg_output, struct strbuf *gpg_status); 55 56int git_gpg_config(const char *, const char *, void *); 57void set_signing_key(const char *); 58const char *get_signing_key(void); 59int check_signature(const char *payload, size_t plen, 60 const char *signature, size_t slen, 61 struct signature_check *sigc); 62void print_signature_buffer(const struct signature_check *sigc, 63 unsigned flags); 64 65#endif