From 16da8026fb3e4a4f3b9054b28016a76b8f964254 Mon Sep 17 00:00:00 2001
From: Andrew Engelbrecht <sudoman@ninthfloor.org>
Date: Sun, 27 Jul 2014 01:37:05 -0400
Subject: [PATCH] updated signature verification code

edward-bot now prints a helpful note about signature validity.

i've also added some caveats in comment form regarding the remaining
issues with the verification code i've written so far. there are more
important considerations that need to be made when verifying signatures.
---
 edward-bot | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/edward-bot b/edward-bot
index d83f70b..1ca0f9b 100755
--- a/edward-bot
+++ b/edward-bot
@@ -107,16 +107,17 @@ def print_decrypted (message):
 
 def print_sig (sig):
 
-        if sig.summary != 0:
-            print("bad sig: " + str(sig.summary))
-            #continue
-        
         fprint = sig.fpr
         timestamp = time.localtime(sig.timestamp)
 
         g = gpgme.Context()
         key = g.get_key(fprint)
 
+        # right now i'm just choosing the first user id, even if that id isn't
+        # signed by the user yet another is. if a user id is printed, it should
+        # at least be one that is signed, and/or correspond to the From:
+        # field's email address and full name.
+
         name = key.uids[0].name
         e_addr = key.uids[0].email
         comment = key.uids[0].comment
@@ -124,8 +125,21 @@ def print_sig (sig):
         date = time.strftime("%a %d %b %Y %I:%M:%S %p %Z", timestamp)
         fprint_short = re.search("[0-9A-Fa-f]{32}([0-9A-Fa-f]{8})", fprint).groups()[0]
 
-        print("Signature Made " + date + " using key " + fprint_short)
-        print("From " + name + " (" + comment + ") <" \
+        # this section needs some work. signature summary, validity, status,
+        # and wrong_key_usage all complicate the picture. their enum/#define
+        # values overlap, which makes things more complicated.
+
+        validity = sig.validity
+        if validity == gpgme.VALIDITY_ULTIMATE \
+                or validity == gpgme.VALIDITY_FULL:
+            status = "Good Signature "
+        elif validity == gpgme.VALIDITY_MARGINAL:
+            status = "Marginal Signature "
+        else:
+            status = "BAD Signature "
+
+        print("Signature Made " + date + " using key ID " + fprint_short)
+        print(status + "from " + name + " (" + comment + ") <" \
                 + e_addr + ">")
 
 
-- 
2.25.1