I would like to know the public key of the user that generates an encrypted/signed PGP message.
I looked at the python-gnupg API but I just found how to check that the signature is OK
GPG().verify(data)
If the signature can be verified, it means that the public key is in the keyring. How can I found which one it is?
You want to have a look at the fingerprint attribute of the gnupg.Verify object returned by the verify method. For example:
>>> gpg = gnupg.GPG()
>>> v = gpg.verify(data)
>>> v.fingerprint
u'3D2822FCA7D73D07F65B1514C9A99684DEDF97D5'
You can then filter list_keys to find the key in question:
>>> [k for k in gpg.list_keys(v.fingerprint)
if k['fingerprint'] == v.fingerprint]