Пример #1
0
 /**
  * Gets a list of keys in the GPG keyring that match the search criteria
  * @param string $search A search string to be matched. Can be a fingerprint, email, or partial name
  * @throws Exception
  * @return Numerically indexed array of associative arrays, each describing a key in the keyring. @see php.net/manual/en/function.gnupg-keyinfo.php 
  */
 public function get_key_list($search = "")
 {
     $this->set_env();
     try {
         $gpg = new gnupg();
         // throw exception if error occurs
         $gpg->seterrormode(gnupg::ERROR_EXCEPTION);
         $keys = $gpg->keyinfo($search);
         $this->restore_env();
         return $keys;
     } catch (Exception $e) {
         // restore the envelope
         $this->restore_env();
         // re-throw the exception
         throw $e;
     }
 }
Пример #2
0
 public function downloadPackageWithValidation(SignatureStruct $signatureStruct)
 {
     $result = $this->fetchUrl($signatureStruct->getDownloadUrl());
     $fileContent = $result->getBody()->getContents();
     $sha256 = hash('sha256', $fileContent);
     if ($sha256 !== $signatureStruct->getSha256()) {
         throw new \Exception("sha256 hash does not match. download has '{$sha256}', storage has '{$signatureStruct->getSha256()}'");
     }
     $gpg = new \gnupg();
     $result = $gpg->verify($fileContent, $signatureStruct->getSignature());
     var_dump($result);
     if ($result !== false) {
         echo "\nResult is not false, so signature seems to be valid\n";
         $keyinfo = $gpg->keyinfo($result[0]['fingerprint'])[0];
         var_dump($keyinfo['uids'][0]);
         if ($keyinfo['disabled'] || $keyinfo['expired'] || $keyinfo['revoked']) {
             echo PHP_EOL . 'WARNING';
             echo PHP_EOL . '$keyinfo[\'disabled\'] || $keyinfo[\'expired\'] || $keyinfo[\'revoked\']' . PHP_EOL . PHP_EOL;
         }
     } else {
         echo "\n################## ERROR ################\nomething went wrong\n";
     }
     /*
     $process = new Process('gpg --verify --batch -a');
     $process->setInput(
         "-----BEGIN PGP SIGNED MESSAGE-----
     Hash: SHA256
     
     ".
         $fileContent.
         PHP_EOL.
         $signatureStruct->getSignature()
     );
     $process->run();
     $error = $process->getErrorOutput();
     $output = $process->getOutput();
     echo $error;
     echo $output;
     */
 }
Пример #3
0
/**
 * Sets the opengpg_publickey for users having a public key
 *
 * @param ElggObject $item
 * @return bool
 */
function elggpg_2012022501($user)
{
    // it is necessary to load the gpg library to make sure gpg path is set.
    global $MIGRATED;
    $MIGRATED += 1;
    if ($MIGRATED % 100 == 0) {
        error_log(" * elggpg {$user->guid}");
    }
    elgg_load_library('elggpg');
    $user_fp = current(elgg_get_metadata(array('guid' => $user->guid, 'metadata_name' => 'openpgp_publickey')));
    $gnupg = new gnupg();
    if (!$user_fp && $user->email) {
        try {
            $info = $gnupg->keyinfo($user->email);
            $fingerprint = $info[0]['subkeys'][0]['fingerprint'];
            if ($fingerprint) {
                create_metadata($user->guid, "openpgp_publickey", $fingerprint, 'text', $user->guid, ACCESS_LOGGEDIN);
            }
        } catch (Exception $e) {
            // no encryption key
        }
    }
    return true;
}
Пример #4
0
function elggpg_keyinfo($user)
{
    $gnupg = new gnupg();
    $fingerprint = $user->openpgp_publickey;
    if (!$fingerprint) {
        return false;
    }
    try {
        $info = $gnupg->keyinfo($fingerprint);
    } catch (Exception $e) {
        return false;
    }
    $simple_info = array('name' => $info[0]['uids'][0]['name'], 'comment' => $info[0]['uids'][0]['comment'], 'email' => $info[0]['uids'][0]['email'], 'fingerprint' => $info[0]['subkeys'][0]['fingerprint'], 'subkeys' => array());
    if (strlen($simple_info['fingerprint']) < 1) {
        return false;
    }
    foreach ($info[0]['subkeys'] as $subkey) {
        if ($subkey['can_encrypt']) {
            $type = 'encrypt';
        }
        if ($subkey['can_sign']) {
            $type .= 'sign';
        }
        $simple_info['subkeys'][] = array('keyid' => $subkey['keyid'], 'type' => $type, 'created' => $subkey['timestamp'], 'expires' => $subkey['expires']);
    }
    return $simple_info;
}
Пример #5
0
 /**
  * GnuPG decrypt and verify a message using the recipient private key
  * Returns an array in the format: array (0 => $message, 1 => $signatures)
  * http://devzone.zend.com/article/3753-Using-GnuPG-with-PHP
  * NOTE: GnuPG must be installed and configured with PHP.
  *       The recipient must be in your private key ring
  * @param string $recipient Recipient Indentity (e.g. email address)
  * @param string $recipientKey Recipient Secret Key
  * @param string $message Message to decrypt
  * @return array
  */
 public static function _verifyGnuPG($recipient, $recipientKey, $message)
 {
     // Create new GnuPG object
     $gpg = new \gnupg();
     // Set error mode
     $gpg->seterrormode(\gnupg::ERROR_EXCEPTION);
     // Add the recipient decryption key
     $gpg->adddecryptkey($recipient, $recipientKey);
     // Set decrpyted string
     $decrypted = '';
     // Set decrypted and verification data
     $return[1] = $gpg->decryptverify($message, $decrypted);
     // For each signature
     foreach ($return[1] as $key => &$signature) {
         // Get further user data
         $signature['user'] = $gpg->keyinfo($signature['fingerprint']);
     }
     // Add decrypted data to return array
     $return[0] = $decrypted;
     // Return decryption data
     return $return;
 }