2005-10-07 18:59:50 +00:00
|
|
|
|
Installation
|
|
|
|
|
------------
|
|
|
|
|
tar xvzf gnupg-x.y.tgz
|
2005-10-18 13:50:56 +00:00
|
|
|
|
cd gnupg-x-y
|
2005-10-07 18:59:50 +00:00
|
|
|
|
phpize
|
|
|
|
|
make
|
|
|
|
|
make install
|
|
|
|
|
|
|
|
|
|
This extension requires the gpgme library, which is available at http://www.gnupg.org/(en)/download/index.html#gpgme
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Notes
|
|
|
|
|
-----
|
2005-10-18 12:40:03 +00:00
|
|
|
|
- This extension requires at least PHP 4.3.0
|
2005-10-18 13:50:56 +00:00
|
|
|
|
To use this extension in an OO style, PHP 5 is required
|
2005-10-07 18:59:50 +00:00
|
|
|
|
|
|
|
|
|
- This is a beta version.
|
|
|
|
|
Don<6F>t use it on production systems.
|
|
|
|
|
|
|
|
|
|
- Only the Open_PGP protocol is currently supported.
|
|
|
|
|
This shouldn<64>t be a problem for the most people.
|
|
|
|
|
|
|
|
|
|
- only 1 key per operation is currently supported.
|
|
|
|
|
so you can<61>t add x keys for encryption.
|
|
|
|
|
|
|
|
|
|
- Whenever you provide a key to a method, you should make sure, that your given pattern is unique.
|
|
|
|
|
Otherwise it could happen, that the wrong key is selected from the keyring.
|
|
|
|
|
The best would be to provide the fingerprint, whenever needed.
|
|
|
|
|
|
|
|
|
|
- The underlying lib checks for the presence of the gpg-agent.
|
|
|
|
|
If a passphrase is required for an operation, this agent is asked first.
|
|
|
|
|
To avoid this, clear the enviroment-variable GPG_AGENT_INFO (see http://de3.php.net/manual/en/function.putenv.php)
|
|
|
|
|
|
2005-10-10 17:37:19 +00:00
|
|
|
|
- To specify a custom location of you keyring, simply store the path in the enviroment-variable GNUPGHOME
|
|
|
|
|
This should make it easy, to use this extension with the apache-user.
|
|
|
|
|
|
2005-10-18 13:50:56 +00:00
|
|
|
|
- Constants:
|
2005-10-07 18:59:50 +00:00
|
|
|
|
|
2005-10-18 13:50:56 +00:00
|
|
|
|
GNUPG_SIG_MODE_NORMAL
|
|
|
|
|
GNUPG_SIG_MODE_DETACH
|
|
|
|
|
GNUPG_SIG_MODE_CLEAR
|
2005-10-07 18:59:50 +00:00
|
|
|
|
|
2005-10-18 13:50:56 +00:00
|
|
|
|
GNUPG_VALIDITY_UNKNOWN
|
|
|
|
|
GNUPG_VALIDITY_UNDEFINED
|
|
|
|
|
GNUPG_VALIDITY_NEVER
|
|
|
|
|
GNUPG_VALIDITY_MARGINAL
|
|
|
|
|
GNUPG_VALIDITY_FULL
|
|
|
|
|
GNUPG_VALIDITY_ULTIMATE
|
|
|
|
|
|
|
|
|
|
GNUPG_PROTOCOL_OpenPGP
|
|
|
|
|
GNUPG_PROTOCOL_CMS
|
2005-10-07 18:59:50 +00:00
|
|
|
|
|
2005-10-18 13:50:56 +00:00
|
|
|
|
GNUPG_SIGSUM_VALID
|
|
|
|
|
GNUPG_SIGSUM_GREEN
|
|
|
|
|
GNUPG_SIGSUM_RED
|
|
|
|
|
GNUPG_SIGSUM_KEY_REVOKED
|
|
|
|
|
GNUPG_SIGSUM_KEY_EXPIRED
|
|
|
|
|
GNUPG_SIGSUM_SIG_EXPIRED
|
|
|
|
|
GNUPG_SIGSUM_KEY_MISSING
|
|
|
|
|
GNUPG_SIGSUM_CRL_MISSING
|
|
|
|
|
GNUPG_SIGSUM_CRL_TOO_OLD
|
|
|
|
|
GNUPG_SIGSUM_BAD_POLICY
|
|
|
|
|
GNUPG_SIGSUM_SYS_ERROR
|
2005-10-07 18:59:50 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Methods
|
|
|
|
|
-------
|
2005-10-18 13:50:56 +00:00
|
|
|
|
Note: the following explanations are describing the usage of this extension in the OO style, which is only
|
2005-10-18 12:40:03 +00:00
|
|
|
|
available in PHP 5
|
|
|
|
|
To use this extension in a procedural style, simply call "gnupg_init", which returns a resource.
|
|
|
|
|
Pass this resource as the first parameter to each function.
|
|
|
|
|
In procedural style, all methods gets "gnupg_" prefixed. (setarmor becomes gnupg_setarmor)
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
|
|
$res = gnupg_init();
|
|
|
|
|
gnupg_setarmor($res,1);
|
|
|
|
|
|
|
|
|
|
|
2005-10-07 18:59:50 +00:00
|
|
|
|
- __construct()
|
|
|
|
|
sets up a new gnupg object
|
|
|
|
|
( new gnupg() )
|
|
|
|
|
|
2005-10-18 12:40:03 +00:00
|
|
|
|
- resource gnupg_init()
|
|
|
|
|
sets up a new gnupg object for procedural use and returns a resource identifier
|
|
|
|
|
|
2005-10-07 18:59:50 +00:00
|
|
|
|
- bool setarmor(int armor)
|
|
|
|
|
turn on/off armor mode
|
|
|
|
|
0 = off
|
|
|
|
|
>0 = on (default)
|
|
|
|
|
|
|
|
|
|
- bool setsignmode(int signmode)
|
|
|
|
|
sets the mode for signing operations
|
2005-10-18 13:50:56 +00:00
|
|
|
|
see the GNUPG_SIG_MODE_* constants
|
|
|
|
|
default is GNUPG_SIG_MODE_CLEAR
|
2005-10-07 18:59:50 +00:00
|
|
|
|
|
|
|
|
|
- bool setpassphrase(string passphrase)
|
|
|
|
|
sets the passphrase for all next operations
|
|
|
|
|
|
|
|
|
|
- string geterror(void)
|
|
|
|
|
returns the last errormessage
|
|
|
|
|
|
|
|
|
|
- int getprotocol(void)
|
|
|
|
|
returns the currently used pgp-protocol.
|
2005-10-18 13:50:56 +00:00
|
|
|
|
atm only GNUPG_PROTOCOL_OpenPGP is supported
|
2005-10-07 18:59:50 +00:00
|
|
|
|
|
|
|
|
|
- array keyinfo(string pattern)
|
|
|
|
|
returns an array with informations about all keys, that matches the given pattern
|
|
|
|
|
|
|
|
|
|
- bool setsignerkey(string key)
|
|
|
|
|
sets the private key for the next sign operation.
|
|
|
|
|
please note, that the given key must return only 1 result from the keyring
|
|
|
|
|
it should be the best to provide a fingerprint here
|
|
|
|
|
|
|
|
|
|
- bool setencryptkey(string key)
|
|
|
|
|
sets the public key for next encrypt operation.
|
|
|
|
|
please note, that the given key must return only 1 result from the keyring
|
|
|
|
|
it should be the best to provide a fingerprint here
|
|
|
|
|
|
|
|
|
|
- bool clearsignerkey(void)
|
|
|
|
|
removes all keys which are set for signing
|
|
|
|
|
|
|
|
|
|
- bool clearencryptkey(void)
|
|
|
|
|
removes all keys which are set for encryption
|
|
|
|
|
|
|
|
|
|
- string sign(string text)
|
|
|
|
|
signs the given test with the key, which was set with setsignerkey before
|
|
|
|
|
and returns the signed text
|
|
|
|
|
the signmode depends on gnupg_setsignmode
|
|
|
|
|
|
|
|
|
|
- string encrypt(string text)
|
|
|
|
|
encrypts the given text with the key, which was set with setencryptkey before
|
|
|
|
|
and returns the encrypted text
|
|
|
|
|
|
|
|
|
|
- array verify(string text [, string &plaintext])
|
|
|
|
|
verifies the given clearsigned text and returns information about the result in an array
|
|
|
|
|
if plaintext is passed, it is filled with the plaintext (the text without signature)
|
2005-10-10 17:37:19 +00:00
|
|
|
|
currently only cleartext-signatures are supported
|
2005-10-07 18:59:50 +00:00
|
|
|
|
|
|
|
|
|
- string decrypt(string enctext)
|
|
|
|
|
decrypts the given enctext
|
2005-10-09 15:55:02 +00:00
|
|
|
|
|
|
|
|
|
- string encryptsign(string text)
|
2005-10-10 17:37:19 +00:00
|
|
|
|
encrypts and signs the given text with the keys, which are set with setencryptkey and setsignerkey
|
2005-10-09 15:55:02 +00:00
|
|
|
|
|
|
|
|
|
- array decryptverify(string text, string &plaintext)
|
|
|
|
|
verifies the given clearsigned text and returns information about the result in an array
|
|
|
|
|
the plaintext is passed into $plaintext
|
|
|
|
|
|
2005-10-15 14:44:33 +00:00
|
|
|
|
- string export(string key)
|
|
|
|
|
returns the given key
|
|
|
|
|
|
|
|
|
|
- array import(string key)
|
|
|
|
|
imports the given key and returns an array with informations about the import-process
|
|
|
|
|
|
2005-10-09 15:55:02 +00:00
|
|
|
|
|
|
|
|
|
gnupg_keylistiterator
|
|
|
|
|
---------------------
|
|
|
|
|
This extension comes with an iterator for looping through the keyring
|
|
|
|
|
see examples/keylistiterator.php
|
|
|
|
|
if an argument is passed in the constructor, only keys that are matching this argument gets returned
|