function verifyPGPKey($content, $email)
{
global $config;
//allow blank "keys" if this is set
//this means that encryption for $email will be disabled by the cron if it
// was enabled originally
if ($config['pgpverify_allowblank'] && trim($content) == '') {
return true;
}
require_once "Crypt/GPG.php";
//try to create a random subdirectory of $config['pgpverify_tmpdir']
do {
$path = $config['pgpverify_tmpdir'] . '/' . uid(16);
} while (file_exists($path));
$result = @mkdir($path);
if ($result === false) {
if ($config['debug']) {
die("Failed to create directory [" . $path . "] for PGP verification.");
} else {
return false;
}
}
$gpg = new Crypt_GPG(array('homedir' => $path));
//import the key to our GPG temp directory
try {
$gpg->importKey($content);
} catch (Crypt_GPG_NoDataException $e) {
//user supplied an invalid key!
recursiveDelete($path);
return false;
}
//verify the email address matches
$keys = $gpg->getKeys();
if (count($keys) != 1) {
if ($config['debug']) {
die("Error in PGP verification: key count is " . count($keys) . "!");
} else {
recursiveDelete($path);
return false;
}
}
$userIds = $keys[0]->getUserIds();
if (count($userIds) != 1 || strtolower($userIds[0]->getEmail()) != strtolower($email)) {
recursiveDelete($path);
return false;
}
recursiveDelete($path);
return true;
}
public function verifyGPG($id = false)
{
require_once 'Crypt/GPG.php';
$this->Behaviors->detach('Trim');
$results = array();
$conditions = array('not' => array('gpgkey' => ''));
if ($id !== false) {
$conditions['User.id'] = $id;
}
$users = $this->find('all', array('conditions' => $conditions, 'recursive' => -1));
if (empty($users)) {
return results;
}
$currentTimestamp = time();
$gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir'), 'binary' => Configure::read('GnuPG.binary') ? Configure::read('GnuPG.binary') : '/usr/bin/gpg'));
foreach ($users as $k => $user) {
try {
$temp = $gpg->importKey($user['User']['gpgkey']);
$key = $gpg->getKeys($temp['fingerprint']);
$subKeys = $key[0]->getSubKeys();
$sortedKeys = array('valid' => 0, 'expired' => 0, 'noEncrypt' => 0);
foreach ($subKeys as $subKey) {
$issue = false;
$expiration = $subKey->getExpirationDate();
if ($expiration != 0 && $currentTimestamp > $expiration) {
$sortedKeys['expired']++;
continue;
}
if (!$subKey->canEncrypt()) {
$sortedKeys['noEncrypt']++;
continue;
}
$sortedKeys['valid']++;
}
if (!$sortedKeys['valid']) {
$results[$user['User']['id']][2] = 'The user\'s PGP key does not include a valid subkey that could be used for encryption.';
if ($sortedKeys['expired']) {
$results[$user['User']['id']][2] .= ' Found ' . $sortedKeys['expired'] . ' subkey(s) that have expired.';
}
if ($sortedKeys['noEncrypt']) {
$results[$user['User']['id']][2] .= ' Found ' . $sortedKeys['noEncrypt'] . ' subkey(s) that are sign only.';
}
$results[$user['User']['id']][0] = true;
}
} catch (Exception $e) {
$results[$user['User']['id']][2] = $e->getMessage();
$results[$user['User']['id']][0] = true;
}
$results[$user['User']['id']][1] = $user['User']['email'];
}
return $results;
}
$raw = $raw . fgets($in, 4096);
}
$params['include_bodies'] = true;
$params['decode_bodies'] = true;
$params['decode_headers'] = true;
$decoder = new Mail_mimeDecode($raw);
$structure = $decoder->decode($params);
foreach ($argv as $recipient) {
$encrypted = strpos($structure->body, '-----BEGIN PGP');
if ($structure->ctype_secondary === 'encrypted' || $encrypted !== false) {
/* Already encrypted. We don't touch. */
$newBody = getBody($raw);
} else {
$gpg = new Crypt_GPG(array('homedir' => $config['gpg']['home']));
$userKeyId = getUserKeyId($dbh, $recipient);
$availableKeys = $gpg->getKeys($userKeyId);
if (sizeof($availableKeys) == 1) {
$gpg->addEncryptKey($userKeyId);
/* Step 1. Change content type. */
$structure->headers['content-type'] = 'multipart/encrypted; protocol="application/pgp-encrypted"; boundary="MfFXiAuoTsnnDAfX"';
/*Step 1.5. Remove headers we don't need. */
unset($structure->headers['content-transfer-encoding']);
unset($structure->headers['x-google-sender-auth']);
/* Step 2. Encrypt. */
$newBody = 'This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)' . "\n";
$newBody .= '--MfFXiAuoTsnnDAfX' . "\n";
$newBody .= 'Content-Type: application/pgp-encrypted' . "\n";
$newBody .= 'Content-Disposition: attachment' . "\n";
$newBody .= '' . "\n";
$newBody .= 'Version: 1' . "\n";
$newBody .= '' . "\n";
