[imp] PATCH - PGP question
Chris Hastie
lists at oak-wood.co.uk
Fri Jan 17 09:02:00 PST 2003
On Thu, 16 Jan 2003, Chris Hastie <lists at oak-wood.co.uk> wrote
>On Wed, 15 Jan 2003, Rick Emery <rick at emery.homelinux.net> wrote
>>When I receive a PGP signed email from someone not in my addressbook (from a
>>mailing list, for example), the signature is not verified. I have tried
>>pgp.mit.edu and search.keyserver.net for the public keyserver. Before
>>tonight's
>>cvs update, I was getting
>>
>>"Invalid email"
>>
>>Now, I'm getting
>>
>>"No pgpPublickey entry found for" followed by the person's email address
>>
>I did some work on a patch to get Key IDs of signing keys yesterday. It
>needs a bit more work yet but should solve the problem
OK, here it is, usual I'm-not-a-programmer-I'm-a-jumped-up-tree-surgeon
caveats apply.
Basically a new function in imp/lib/PGP.php, clumsily called
getSignersFingerprint(), will take as input a PGP signed text block (not
a detached signature) and returns the short fingerprint.
This is called from verifySignature() if the value of $signature is
empty. At the same time a pointless call to pgpPacketInformation() with
an empty string as argument is avoided.
The process means that a getPublicKey() is given a fingerprint as
argument and is thus able to retrieve the key from the key server.
--
Chris Hastie
-------------- next part --------------
--- imp/lib/PGP.php, v1.53
+++ imp/lib/PGP.php Fri Jan 17 08:46:30 2003
@@ -479,6 +479,38 @@
}
/**
+ * Gets the short fingerprint (Key ID) of the key used to sign
+ * a block of PGP data
+ *
+ * @access public
+ *
+ * @param string $text The PGP signed text block.
+ *
+ * @return string The short fingerprint of the key used to sign $text
+ */
+ function getSignersFingerprint($text)
+ {
+ $fingerprint = null;
+
+ $input = $this->_createTempFile('horde-pgp');
+
+ $fp = fopen($input, 'w+');
+ fputs($fp, $text);
+ fclose($fp);
+
+ $fp = popen($this->_gnupg . '--verify ' . $input . ' 2>&1', 'r');
+ while (!feof($fp)) {
+ $gpg_op = fgets($fp, 1024);
+ if (preg_match("/gpg:\sSignature\smade.*ID\s+([A-F0-9]{8})$/", $gpg_op, $matches)) {
+ $fingerprint = $matches[1];
+ break;
+ }
+ }
+ pclose($fp);
+ return $fingerprint;
+ }
+
+ /**
* Verifies a signed message with a given public key.
*
* @access public
@@ -496,9 +528,13 @@
$fingerprint = null;
/* Get fingerprint of key. */
- $packet_info = $this->pgpPacketInformation($signature);
- if (array_key_exists('fingerprint', $packet_info)) {
- $fingerprint = $packet_info['fingerprint'];
+ if (!empty($signature)){
+ $packet_info = $this->pgpPacketInformation($signature);
+ if (array_key_exists('fingerprint', $packet_info)) {
+ $fingerprint = $packet_info['fingerprint'];
+ }
+ } else {
+ $fingerprint = $this->getSignersFingerprint($text);
}
$public_key = $this->getPublicKey($address, $fingerprint);
More information about the imp
mailing list