function verifyPGPKey($content, $email) { global $config; //allow blank "keys" if this is set //this means that encryption for $email will be disabled by the cron if it // was enabled originally if ($config['pgpverify_allowblank'] && trim($content) == '') { return true; } require_once "Crypt/GPG.php"; //try to create a random subdirectory of $config['pgpverify_tmpdir'] do { $path = $config['pgpverify_tmpdir'] . '/' . uid(16); } while (file_exists($path)); $result = @mkdir($path); if ($result === false) { if ($config['debug']) { die("Failed to create directory [" . $path . "] for PGP verification."); } else { return false; } } $gpg = new Crypt_GPG(array('homedir' => $path)); //import the key to our GPG temp directory try { $gpg->importKey($content); } catch (Crypt_GPG_NoDataException $e) { //user supplied an invalid key! recursiveDelete($path); return false; } //verify the email address matches $keys = $gpg->getKeys(); if (count($keys) != 1) { if ($config['debug']) { die("Error in PGP verification: key count is " . count($keys) . "!"); } else { recursiveDelete($path); return false; } } $userIds = $keys[0]->getUserIds(); if (count($userIds) != 1 || strtolower($userIds[0]->getEmail()) != strtolower($email)) { recursiveDelete($path); return false; } recursiveDelete($path); return true; }
public function verifyGPG($id = false) { require_once 'Crypt/GPG.php'; $this->Behaviors->detach('Trim'); $results = array(); $conditions = array('not' => array('gpgkey' => '')); if ($id !== false) { $conditions['User.id'] = $id; } $users = $this->find('all', array('conditions' => $conditions, 'recursive' => -1)); if (empty($users)) { return results; } $currentTimestamp = time(); $gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir'), 'binary' => Configure::read('GnuPG.binary') ? Configure::read('GnuPG.binary') : '/usr/bin/gpg')); foreach ($users as $k => $user) { try { $temp = $gpg->importKey($user['User']['gpgkey']); $key = $gpg->getKeys($temp['fingerprint']); $subKeys = $key[0]->getSubKeys(); $sortedKeys = array('valid' => 0, 'expired' => 0, 'noEncrypt' => 0); foreach ($subKeys as $subKey) { $issue = false; $expiration = $subKey->getExpirationDate(); if ($expiration != 0 && $currentTimestamp > $expiration) { $sortedKeys['expired']++; continue; } if (!$subKey->canEncrypt()) { $sortedKeys['noEncrypt']++; continue; } $sortedKeys['valid']++; } if (!$sortedKeys['valid']) { $results[$user['User']['id']][2] = 'The user\'s PGP key does not include a valid subkey that could be used for encryption.'; if ($sortedKeys['expired']) { $results[$user['User']['id']][2] .= ' Found ' . $sortedKeys['expired'] . ' subkey(s) that have expired.'; } if ($sortedKeys['noEncrypt']) { $results[$user['User']['id']][2] .= ' Found ' . $sortedKeys['noEncrypt'] . ' subkey(s) that are sign only.'; } $results[$user['User']['id']][0] = true; } } catch (Exception $e) { $results[$user['User']['id']][2] = $e->getMessage(); $results[$user['User']['id']][0] = true; } $results[$user['User']['id']][1] = $user['User']['email']; } return $results; }
$raw = $raw . fgets($in, 4096); } $params['include_bodies'] = true; $params['decode_bodies'] = true; $params['decode_headers'] = true; $decoder = new Mail_mimeDecode($raw); $structure = $decoder->decode($params); foreach ($argv as $recipient) { $encrypted = strpos($structure->body, '-----BEGIN PGP'); if ($structure->ctype_secondary === 'encrypted' || $encrypted !== false) { /* Already encrypted. We don't touch. */ $newBody = getBody($raw); } else { $gpg = new Crypt_GPG(array('homedir' => $config['gpg']['home'])); $userKeyId = getUserKeyId($dbh, $recipient); $availableKeys = $gpg->getKeys($userKeyId); if (sizeof($availableKeys) == 1) { $gpg->addEncryptKey($userKeyId); /* Step 1. Change content type. */ $structure->headers['content-type'] = 'multipart/encrypted; protocol="application/pgp-encrypted"; boundary="MfFXiAuoTsnnDAfX"'; /*Step 1.5. Remove headers we don't need. */ unset($structure->headers['content-transfer-encoding']); unset($structure->headers['x-google-sender-auth']); /* Step 2. Encrypt. */ $newBody = 'This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)' . "\n"; $newBody .= '--MfFXiAuoTsnnDAfX' . "\n"; $newBody .= 'Content-Type: application/pgp-encrypted' . "\n"; $newBody .= 'Content-Disposition: attachment' . "\n"; $newBody .= '' . "\n"; $newBody .= 'Version: 1' . "\n"; $newBody .= '' . "\n";