/**
* Gets a list of keys in the GPG keyring that match the search criteria
* @param string $search A search string to be matched. Can be a fingerprint, email, or partial name
* @throws Exception
* @return Numerically indexed array of associative arrays, each describing a key in the keyring. @see php.net/manual/en/function.gnupg-keyinfo.php
*/
public function get_key_list($search = "")
{
$this->set_env();
try {
$gpg = new gnupg();
// throw exception if error occurs
$gpg->seterrormode(gnupg::ERROR_EXCEPTION);
$keys = $gpg->keyinfo($search);
$this->restore_env();
return $keys;
} catch (Exception $e) {
// restore the envelope
$this->restore_env();
// re-throw the exception
throw $e;
}
}
public function downloadPackageWithValidation(SignatureStruct $signatureStruct)
{
$result = $this->fetchUrl($signatureStruct->getDownloadUrl());
$fileContent = $result->getBody()->getContents();
$sha256 = hash('sha256', $fileContent);
if ($sha256 !== $signatureStruct->getSha256()) {
throw new \Exception("sha256 hash does not match. download has '{$sha256}', storage has '{$signatureStruct->getSha256()}'");
}
$gpg = new \gnupg();
$result = $gpg->verify($fileContent, $signatureStruct->getSignature());
var_dump($result);
if ($result !== false) {
echo "\nResult is not false, so signature seems to be valid\n";
$keyinfo = $gpg->keyinfo($result[0]['fingerprint'])[0];
var_dump($keyinfo['uids'][0]);
if ($keyinfo['disabled'] || $keyinfo['expired'] || $keyinfo['revoked']) {
echo PHP_EOL . 'WARNING';
echo PHP_EOL . '$keyinfo[\'disabled\'] || $keyinfo[\'expired\'] || $keyinfo[\'revoked\']' . PHP_EOL . PHP_EOL;
}
} else {
echo "\n################## ERROR ################\nomething went wrong\n";
}
/*
$process = new Process('gpg --verify --batch -a');
$process->setInput(
"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
".
$fileContent.
PHP_EOL.
$signatureStruct->getSignature()
);
$process->run();
$error = $process->getErrorOutput();
$output = $process->getOutput();
echo $error;
echo $output;
*/
}
/**
* Sets the opengpg_publickey for users having a public key
*
* @param ElggObject $item
* @return bool
*/
function elggpg_2012022501($user)
{
// it is necessary to load the gpg library to make sure gpg path is set.
global $MIGRATED;
$MIGRATED += 1;
if ($MIGRATED % 100 == 0) {
error_log(" * elggpg {$user->guid}");
}
elgg_load_library('elggpg');
$user_fp = current(elgg_get_metadata(array('guid' => $user->guid, 'metadata_name' => 'openpgp_publickey')));
$gnupg = new gnupg();
if (!$user_fp && $user->email) {
try {
$info = $gnupg->keyinfo($user->email);
$fingerprint = $info[0]['subkeys'][0]['fingerprint'];
if ($fingerprint) {
create_metadata($user->guid, "openpgp_publickey", $fingerprint, 'text', $user->guid, ACCESS_LOGGEDIN);
}
} catch (Exception $e) {
// no encryption key
}
}
return true;
}
function elggpg_keyinfo($user)
{
$gnupg = new gnupg();
$fingerprint = $user->openpgp_publickey;
if (!$fingerprint) {
return false;
}
try {
$info = $gnupg->keyinfo($fingerprint);
} catch (Exception $e) {
return false;
}
$simple_info = array('name' => $info[0]['uids'][0]['name'], 'comment' => $info[0]['uids'][0]['comment'], 'email' => $info[0]['uids'][0]['email'], 'fingerprint' => $info[0]['subkeys'][0]['fingerprint'], 'subkeys' => array());
if (strlen($simple_info['fingerprint']) < 1) {
return false;
}
foreach ($info[0]['subkeys'] as $subkey) {
if ($subkey['can_encrypt']) {
$type = 'encrypt';
}
if ($subkey['can_sign']) {
$type .= 'sign';
}
$simple_info['subkeys'][] = array('keyid' => $subkey['keyid'], 'type' => $type, 'created' => $subkey['timestamp'], 'expires' => $subkey['expires']);
}
return $simple_info;
}
/**
* GnuPG decrypt and verify a message using the recipient private key
* Returns an array in the format: array (0 => $message, 1 => $signatures)
* http://devzone.zend.com/article/3753-Using-GnuPG-with-PHP
* NOTE: GnuPG must be installed and configured with PHP.
* The recipient must be in your private key ring
* @param string $recipient Recipient Indentity (e.g. email address)
* @param string $recipientKey Recipient Secret Key
* @param string $message Message to decrypt
* @return array
*/
public static function _verifyGnuPG($recipient, $recipientKey, $message)
{
// Create new GnuPG object
$gpg = new \gnupg();
// Set error mode
$gpg->seterrormode(\gnupg::ERROR_EXCEPTION);
// Add the recipient decryption key
$gpg->adddecryptkey($recipient, $recipientKey);
// Set decrpyted string
$decrypted = '';
// Set decrypted and verification data
$return[1] = $gpg->decryptverify($message, $decrypted);
// For each signature
foreach ($return[1] as $key => &$signature) {
// Get further user data
$signature['user'] = $gpg->keyinfo($signature['fingerprint']);
}
// Add decrypted data to return array
$return[0] = $decrypted;
// Return decryption data
return $return;
}
