Crypt-GPG-1.52/0040755000076600007660000000000010207044622011622 5ustar hashhashCrypt-GPG-1.52/GPG.pm0100644000076600007660000011214710207044600012574 0ustar hashhash# -*-cperl-*- # # Crypt::GPG - An Object Oriented Interface to GnuPG. # Copyright (c) 2000-2005 Ashish Gulhati # # All rights reserved. This code is free software; you can # redistribute it and/or modify it under the same terms as Perl # itself. # # $Id: GPG.pm,v 1.52 2005/02/23 09:12:54 cvs Exp $ package Crypt::GPG; use Carp; use Fcntl; use strict; use English; use File::Path; use Date::Parse; use File::Temp qw( tempfile tempdir ); use IPC::Run qw( start pump finish timeout ); use vars qw( $VERSION $AUTOLOAD ); File::Temp->safe_level( File::Temp::STANDARD ); ( $VERSION ) = '$Revision: 1.52 $' =~ /\s+([\d\.]+)/; sub new { bless { GPGBIN => '/usr/local/bin/gpg', FORCEDOPTS => '--no-secmem-warning', GPGOPTS => '--lock-multiple --compress-algo 1 ' . '--cipher-algo cast5 --force-v3-sigs', VERSION => $VERSION, DELAY => 0, PASSPHRASE => '', COMMENT => "Crypt::GPG v$VERSION", ARMOR => 1, MARGINALS => 3, DETACH => 1, ENCRYPTSAFE => 1, TEXT => 1, SECRETKEY => '', DEBUG => 0, TMPFILES => 'fileXXXXXX', TMPDIRS => 'dirXXXXXX', TMPDIR => '/tmp', TMPSUFFIX => '.dat', VKEYID => '^.+$', VRCPT => '^.*$', VPASSPHRASE => '^.*$', VNAME => '^[a-zA-Z][\w\.\s\-\_]+$', VEXPIRE => '^\d+$', VKEYSZ => '^\d+$', VKEYTYPE => '^ELG-E$', VTRUSTLEVEL => '^[1-5]$', VEMAIL => '^[\w\.\-]+\@[\w\.\-]+\.[A-Za-z]{2,3}$' }, shift; } sub sign { my $self = shift; return unless $self->{SECRETKEY} =~ /$self->{VKEYID}/ and $self->{PASSPHRASE} =~ /$self->{VPASSPHRASE}/; my $detach = '-b' if $self->{DETACH}; my $armor = '-a' if $self->{ARMOR}; my @extras = grep { $_ } ($detach, $armor); my @secretkey = ('--default-key', ref($self->{SECRETKEY})?$self->{SECRETKEY}->{ID}:$self->{SECRETKEY}); my ($tmpfh, $tmpnam) = tempfile( $self->{TMPFILES}, DIR => $self->{TMPDIR}, SUFFIX => $self->{TMPSUFFIX}, UNLINK => 1); my $message = join ('', @_); $message .= "\n" unless $message =~ /\n$/s; $message =~ s/\n/\r\n/sg; print $tmpfh $message; close $tmpfh; my @opts = (split (/\s+/, "$self->{FORCEDOPTS} $self->{GPGOPTS}")); push (@opts, ('--comment', $self->{COMMENT})) if $self->{COMMENT}; local $SIG{CHLD} = 'IGNORE'; my ($in, $out, $err, $in_q, $out_q, $err_q); my $h = start ([$self->{GPGBIN}, @opts, @secretkey,'--no-tty', '--status-fd', '1', '--command-fd', 0, '-o-', '--sign', @extras, $tmpnam], \$in, \$out, \$err, timeout( 30 )); my $skip = 1; my $i = 0; local $SIG{CHLD} = 'IGNORE'; local $SIG{PIPE} = 'IGNORE'; while ($skip) { pump $h until ($out =~ /NEED_PASSPHRASE (.{16}) (.{16}).*\n/g or $out =~ /GOOD_PASSPHRASE/g); if ($2) { $in .= "$self->{PASSPHRASE}\n"; pump $h until $out =~ /(GOOD|BAD)_PASSPHRASE/g; if ($1 eq 'GOOD') { $skip = 0; } else { $skip = 0 if $i++ == 2; } } else { finish $h; last; } } finish $h; my $info; if ($detach) { $out =~ /(-----BEGIN PGP SIGNATURE-----.*-----END PGP SIGNATURE-----)/s; $info = $1; } else { $out =~ /(-----BEGIN PGP MESSAGE-----.*-----END PGP MESSAGE-----)/s; $info = $1; } unlink $tmpnam; return $info; } sub decrypt { shift->verify(@_); } sub verify { my $self = shift; my ($tmpfh3, $tmpnam3); return unless $self->{SECRETKEY} || $_[1]; return unless $self->{PASSPHRASE} =~ /$self->{VPASSPHRASE}/; my ($tf, $ts, $td) = ($self->{TMPFILES}, $self->{TMPSUFFIX}, $self->{TMPDIR}); my ($tmpfh, $tmpnam) = tempfile ($tf, DIR => $td, SUFFIX => $ts, UNLINK => 1); my ($tmpfh2, $tmpnam2) = tempfile ($tf, DIR => $td, SUFFIX => $ts, UNLINK => 1); my $ciphertext = ref($_[0]) ? join '', @{$_[0]} : $_[0]; $ciphertext .= "\n" unless $ciphertext =~ /\n$/s; print $tmpfh $ciphertext; close $tmpfh; my @opts = (split (/\s+/, "$self->{FORCEDOPTS} $self->{GPGOPTS}")); push (@opts, ('--comment', $self->{COMMENT})) if $self->{COMMENT} and !$_[1]; backtick ($self->{GPGBIN}, @opts, '--marginals-needed', $self->{MARGINALS}, '--check-trustdb'); local $SIG{CHLD} = 'IGNORE'; local $SIG{PIPE} = 'IGNORE'; my $x; if ($_[1]) { my $signature = ref($_[1]) ? join '', @{$_[1]} : $_[1]; ($tmpfh3, $tmpnam3) = tempfile ($tf, DIR => $td, SUFFIX => $ts, UNLINK => 1); print $tmpfh3 $signature; close $tmpfh3; my $y = "$self->{GPGBIN} @opts --marginals-needed $self->{MARGINALS} --status-fd 1 --command-fd 0 --no-tty --verify $tmpnam $tmpnam3"; $x = `$y`; } else { my ($in, $out, $err, $in_q, $out_q, $err_q); my $h = start ([$self->{GPGBIN}, @opts, '--marginals-needed', $self->{MARGINALS}, '--status-fd', '1', '--command-fd', 0, '--yes', '--no-tty', '--decrypt', '-o', $tmpnam2, $tmpnam], \$in, \$out, \$err, timeout( 30 )); my $success = 0; while (1) { pump $h until ($out =~ /NEED_PASSPHRASE (.{16}) (.{16}).*\n/g or $out =~ /(GOOD_PASSPHRASE)/g or $out =~ /(D)(E)(C)RYPTION_FAILED/g or $out =~ /(N)(O)(D)ATA/g or $out =~ /(SIG_ID)/g or $out =~ /detached_signature.filename/g ); if ($3) { finish $h; last; } elsif ($2) { if ($2 eq $self->{SECRETKEY}->{ID}) { $in .= "$self->{PASSPHRASE}\n"; pump $h until $out =~ /(GOOD|BAD)_PASSPHRASE/g; if ($1 eq 'GOOD') { $success = 1; pump $h; finish $h; $x = $out; last; } next; } else { $out = ''; $in .= "\n"; } } elsif ($1) { $success = 1; pump $h; finish $h; $x = $out; last; } } unless ($success || $_[1]) { close $tmpfh2; unlink ($tmpnam2); return undef; } } # Format of $out for signatures: # # [GNUPG:] SIG_ID DPkOkpATuFPWl2yUR9bw7G6SULk 2005-02-05 1107574559 # [GNUPG:] GOODSIG 48196CF147A781BD A 768 ELG-E <768ELG-E@test.com> # [GNUPG:] VALIDSIG 186D893EFEC3AF2F660CA2F548196CF147A781BD 2005-02-05 1107574559 0 3 0 17 2 00 186D893EFEC3AF2F660CA2F548196CF147A781BD # [GNUPG:] TRUST_ULTIMATE my $plaintext = join ('',<$tmpfh2>) || ''; close $tmpfh2; unlink ($tmpnam2); return ($plaintext) unless $x =~ /SIG_ID/s; my @signatures; $x =~ /SIG_ID \S+ (\S+ \S+).*(GOOD|BAD)SIG (\S{16}).*TRUST_(\S+)/sg; my $signature = {'Validity' => $2, 'KeyID' => $3, 'Time' => $1, 'Trusted' => $4}; $signature->{Time} = str2time ($signature->{Time}); bless $signature, 'Crypt::GPG::Signature'; return ($plaintext, $signature); } sub msginfo { my $self = shift; my @return; my ($tmpfh, $tmpnam) = tempfile( $self->{TMPFILES}, DIR => $self->{TMPDIR}, SUFFIX => $self->{TMPSUFFIX}, UNLINK => 1); warn join '',@{$_[0]}; print $tmpfh join '',@{$_[0]}; close $tmpfh; my @opts = (split (/\s+/, "$self->{FORCEDOPTS} $self->{GPGOPTS}")); my ($info) = backtick ($self->{GPGBIN}, @opts, '--status-fd', 1, '--no-tty', '--batch', $tmpnam); $info =~ s/ENC_TO (.{16})/{push @return, $1}/sge; unlink $tmpnam; return @return; } sub encrypt { my $self = shift; my ($message, $rcpts) = @_; my $info; my $sign = $_[2] && $_[2] eq '-sign' ? '--sign' : ''; my $armor = $self->{ARMOR} ? '-a' : ''; if ($sign) { return unless $self->{SECRETKEY} =~ /$self->{VKEYID}/ and $self->{PASSPHRASE} =~ /$self->{VPASSPHRASE}/; } my @rcpts; if (ref($rcpts) eq 'ARRAY') { @rcpts = map { return unless /$self->{VRCPT}/; ('-r', $_) } @$rcpts; } else { return unless $rcpts =~ /$self->{VRCPT}/; @rcpts = ('-r', $rcpts); } my ($tmpfh, $tmpnam) = tempfile( $self->{TMPFILES}, DIR => $self->{TMPDIR}, SUFFIX => $self->{TMPSUFFIX}, UNLINK => 1); my ($tmpfh2, $tmpnam2) = tempfile( $self->{TMPFILES}, DIR => $self->{TMPDIR}, SUFFIX => $self->{TMPSUFFIX}, UNLINK => 1); $message = join ('', @$message) if ref($message) eq 'ARRAY'; print $tmpfh $message; close $tmpfh; my @opts = (split (/\s+/, "$self->{FORCEDOPTS} $self->{GPGOPTS}")); push (@opts, '--default-key', ref($self->{SECRETKEY})?$self->{SECRETKEY}->{ID}:$self->{SECRETKEY}) if $sign; push (@opts, $sign) if $sign; push (@opts, $armor) if $armor; push (@opts, ('--comment', $self->{COMMENT})) if $self->{COMMENT}; my ($in, $out, $err, $in_q, $out_q, $err_q); my $h = start ([$self->{GPGBIN}, @opts, '--no-tty', '--status-fd', '1', '--command-fd', 0, '-o', $tmpnam2, @rcpts, '--encrypt', $tmpnam], \$in, \$out, \$err, timeout( 30 )); local $SIG{CHLD} = 'IGNORE'; local $SIG{PIPE} = 'IGNORE'; my $pos; eval { pump $h until ($out =~ /(o)penfile.overwrite.okay/g or $out =~ /(u)(n)trusted_key.override/g #! Test or $out =~ /(k)(e)(y) not found/g #! Test or $out =~ /(p)(a)(s)(s)phrase.enter/g); $pos = 1 if $1; $pos = 2 if $2; $pos = 3 if $3; $pos = 4 if $4; }; return if $@; if ($pos == 4) { undef $pos; $out = ''; $in .= "$self->{PASSPHRASE}\n"; pump $h until ($out =~ /(o)penfile.overwrite.okay/g or $out =~ /(u)(n)trusted_key.override/g #! Test or $out =~ /(I)(N)(V)_RECP/g #! Test or $out =~ /(p)(a)(s)(s)phrase.enter/g); #! Test $pos = 1 if $1; $pos = 2 if $2; $pos = 3 if $3; $pos = 4 if $4; finish $h, return undef if $pos == 4; #! Test } # while (1) { # unless ($pos) { # ($pos, $err, $matched, $before, $after) = $expect->expect # (undef, 'Overwrite', # '-re', '-----BEGIN PGP', # 'Use this key anyway?', 'key not found'); # } # return if $err; if ($pos == 2) { if ($self->{ENCRYPTSAFE}) { $in .= "N\n"; finish $h; unlink $tmpnam; return; } else { $in .= "Y\n"; # finish $h; pump $h until ($out =~ /(o)penfile.overwrite.okay/g or $out =~ /(o)(p)enfile.askoutname/g); #! Test # or $out =~ /(I)(N)(V)_RECP/g #! Test # or $out =~ /(p)(a)(s)(s)phrase.enter/g); #! Test $pos = 1 if $1; $pos = 2 if $2; } } elsif ($pos == 3) { finish $h; unlink $tmpnam; return; } # else { # last; # } # } if ($pos == 1) { $in .= "Y\n"; finish $h; } my @info = <$tmpfh2>; close $tmpfh2; unlink $tmpnam2; $info = join '', @info; unlink $tmpnam; return $info; } sub addkey { my $self = shift; my ($key, $pretend, @keyids) = @_; $key = join ('', @$key) if ref($key) eq 'ARRAY'; return if grep { $_ !~ /^[a-f0-9]+$/i } @keyids; my $tmpdir = tempdir( $self->{TMPDIRS}, DIR => $self->{TMPDIR}, CLEANUP => 1); my ($tmpfh, $tmpnam) = tempfile( $self->{TMPFILES}, DIR => $self->{TMPDIR}, SUFFIX => $self->{TMPSUFFIX}, UNLINK => 1); print $tmpfh $key; my @pret1 = ('--options', '/dev/null', '--homedir', $tmpdir); my @pret2 = ('--keyring', "$tmpdir/pubring.gpg", '--secret-keyring', "$tmpdir/secring.gpg"); my @opts = (split (/\s+/, "$self->{FORCEDOPTS} $self->{GPGOPTS}")); my @listopts = qw(--fingerprint --fingerprint --with-colons); backtick($self->{GPGBIN}, @opts, @pret1, '-v', '--import', $tmpnam); backtick ($self->{GPGBIN}, @opts, '--marginals-needed', $self->{MARGINALS}, '--check-trustdb'); my ($keylist) = backtick($self->{GPGBIN}, @opts, @pret1, '--marginals-needed', $self->{MARGINALS}, '--check-sigs', @listopts, @keyids); my ($seclist) = backtick($self->{GPGBIN}, @opts, @pret1, '--list-secret-keys', @listopts); my @seckeys = grep { my $id = $_->{ID}; (grep { $id eq $_ } @keyids) ? $_ : '' } $self->parsekeys(split /\n/,$seclist); my @ret = ($self->parsekeys(split /\n/,$keylist), @seckeys); if ($pretend) { #! This hack needed to get real calc trusts for to-import keys. Test! backtick ($self->{GPGBIN}, @opts, '--marginals-needed', $self->{MARGINALS}, '--check-trustdb'); ($keylist) = backtick($self->{GPGBIN}, @opts, @pret2, '--marginals-needed', $self->{MARGINALS}, '--check-sigs', @listopts); my @realkeylist = grep { my $id = $_->{ID} if $_; $id and grep { $id eq $_->{ID} } @ret } # map { ($_->{Keyring} eq "$tmpdir/secring.gpg" # or $_->{Keyring} eq "$tmpdir/pubring.gpg") ? $_ : 0 } $self->parsekeys(split /\n/,$keylist); @ret = (@realkeylist, @seckeys); } else { if (@keyids) { my ($out) = backtick($self->{GPGBIN}, @opts, @pret1, "--export", '-a', @keyids); print $tmpfh $out; close $tmpfh; } backtick($self->{GPGBIN}, @opts, '-v', '--import', $tmpnam); } rmtree($tmpdir, 0, 1); unlink($tmpnam); return @ret; } sub export { my $self = shift; my $key = shift; my $id = $key->{ID}; return unless $id =~ /$self->{VKEYID}/; my $armor = $self->{ARMOR} ? '-a' : ''; my $secret = $key->{Type} eq 'sec' ? '-secret-keys' : ''; my @opts = (split (/\s+/, "$self->{FORCEDOPTS} $self->{GPGOPTS}")); push (@opts, ('--comment', $self->{COMMENT})) if $self->{COMMENT}; push (@opts, '--status-fd', '1'); my ($out) = backtick($self->{GPGBIN}, @opts, "--export$secret", $armor, $id); $out; } sub keygen { my $self = shift; my ($name, $email, $keytype, $keysize, $expire, $pass) = @_; return unless $keysize =~ /$self->{VKEYSZ}/ and $keysize > 767 and $keysize < 4097 and $pass =~ /$self->{VPASSPHRASE}/ and $keytype =~ /$self->{VKEYTYPE}/ and $expire =~ /$self->{VEXPIRE}/ and $email =~ /$self->{VEMAIL}/ and $name =~ /$self->{VNAME}/ and length ($name) > 4; my $bigkey = ($keysize > 1536); my @opts = (split (/\s+/, "$self->{FORCEDOPTS} $self->{GPGOPTS}")); for (0..1) { backtick ($self->{GPGBIN}, @opts, '--status-fd', '1', '--no-tty', '--gen-random', 0, 1); } my $pid = open(GPG, "-|"); return undef unless (defined $pid); if ($pid) { $SIG{CHLD} = 'IGNORE'; return \*GPG; } else { my ($in, $out, $err, $in_q, $out_q, $err_q); my $h = start ([$self->{GPGBIN}, @opts, '--no-tty', '--status-fd', '1', '--command-fd', 0, '--gen-key'], \$in, \$out, \$err); local $SIG{CHLD} = 'IGNORE'; local $SIG{PIPE} = 'IGNORE'; pump $h until $out =~ /keygen\.algo/g; $in .= "1\n"; pump $h until $out =~ /keygen\.size/g; $in .= "$keysize\n"; pump $h until $out =~ /keygen\.valid/g; $in .= "$expire\n"; pump $h until $out =~ /keygen\.name/g; $in .= "$name\n"; pump $h until $out =~ /keygen\.email/g; $in .= "$email\n"; pump $h until $out =~ /keygen.comment/g; $in .= "\n"; pump $h until $out =~ /passphrase\.enter/g; $out = ''; $in .= "$pass\n"; pump $h until $out =~ /(PROGRESS primegen [\+\.\>\<\^]|KEY_CREATED)/g; $out = ''; my $x = ''; my $y = $1; while ($y !~ /KEY_CREATED/g) { print "$x\n"; pump $h until $out =~ /(PROGRESS primegen [\+\.\>\<\^]|KEY_CREATED)/g; my $o = $out; $out = ''; $y .= $o; my @progress = ($o =~ /[\+\.\>\<\^]/g); $x = join "\n",@progress; } print "|\n"; finish $h; exit(); } } sub keydb { my $self = shift; my @ids = map { return unless /$self->{VKEYID}/; $_ } @_; my @moreopts = qw(--fingerprint --fingerprint --with-colons); my @opts = (split (/\s+/, "$self->{FORCEDOPTS} $self->{GPGOPTS}")); backtick ($self->{GPGBIN}, @opts, '--marginals-needed', $self->{MARGINALS}, '--check-trustdb'); my ($keylist) = backtick($self->{GPGBIN}, @opts, '--marginals-needed', $self->{MARGINALS}, '--no-tty', '--check-sigs', @moreopts, @ids); my ($seclist) = backtick($self->{GPGBIN}, @opts, '--no-tty', '--list-secret-keys', @moreopts, @ids); my @keylist = split /\n(\s*\n)?/, $keylist; my @seclist = split /\n(\s*\n)?/, $seclist; $self->parsekeys (@keylist, @seclist); } sub keyinfo { shift->keydb(@_); } sub parsekeys { my $self=shift; my @keylist = @_; my @keys; my ($i, $subkey, $subnum, $uidnum) = (-1); my $keyring = ''; $^W = 0; foreach (@keylist) { next if /^\-/; next if /^(gpg|tru):/; if (/^\//) { $keyring = $_; chomp $keyring; next; } if (/^(pub|sec)/) { $uidnum=-1; $subnum=-1; $subkey=0; my ($type, $trust, $size, $algorithm, $id, $created, $expires, $u2, $ownertrust, $uid) = split (':'); $keys[++$i] = { Keyring => $keyring, Type => $type, Ownertrust => $ownertrust, Bits => $size, ID => $id, Created => $created, Expires => $expires, Algorithm => $algorithm, Use => '' }; push (@{$keys[$i]->{UIDs}}, { 'UID' => $uid, 'Calctrust' => $trust }), $uidnum++ if $uid; } else { if (/^fpr:::::::::([^:]+):/) { my $fingerprint = $1; my $l = length $fingerprint; if ($l == 32) { my @f = $fingerprint =~ /(..)/g; $fingerprint = (join ' ', @f[0..7]) . ' ' . (join ' ', @f[8..15]); } elsif ($l == 40) { my @f = $fingerprint =~ /(....)/g; $fingerprint = (join ' ', @f[0..4]) . ' ' . (join ' ', @f[5..9]); } $subkey ? $keys[$i]->{Subkeys}->[$subnum]->{Fingerprint} : $keys[$i]->{Fingerprint} = $fingerprint; } elsif (/^sub/) { $subnum++; $subkey = 1; my ($type, $u1, $size, $algorithm, $id, $created, $expires) = split (':'); $keys[$i]->{Subkeys}->[$subnum] = { Bits => $size, ID => $id, Created => $created, Expires => $expires, Algorithm => $algorithm }; } elsif (/^sig/) { my ($sig, $valid, $u2, $u3, $id, $date, $u4, $u5, $u6, $uid) = split (':'); my ($pushto, $pushnum) = $subkey ? ('Subkeys',$subnum) : ('UIDs',$uidnum); push (@{$keys[$i]->{$pushto}->[$pushnum]->{Signatures}}, { ID => $id, Date => $date, UID => $uid, Valid => $valid } ); } elsif (/^uid:(.?):.*:([^:]+):$/) { $subkey = 0; $uidnum++; push (@{$keys[$i]->{UIDs}}, { UID => $2, Calctrust => $1 }); } } } $^W = 1; return map {bless $_, 'Crypt::GPG::Key'} @keys; } sub keypass { my $self = shift; my ($key, $oldpass, $newpass) = @_; return unless $oldpass =~ /$self->{VPASSPHRASE}/ and $newpass =~ /$self->{VPASSPHRASE}/ and $key->{Type} eq 'sec'; my @opts = (split (/\s+/, "$self->{FORCEDOPTS} $self->{GPGOPTS}")); my ($in, $out, $err, $in_q, $out_q, $err_q); my $h = start ([$self->{GPGBIN}, @opts, '--no-tty', '--status-fd', '1', '--command-fd', 0, '--edit-key', $key->{ID}], \$in, \$out, \$err, timeout( 30 )); local $SIG{CHLD} = 'IGNORE'; local $SIG{PIPE} = 'IGNORE'; pump $h until $out =~ /keyedit\.prompt/g; $in .= "passwd\n"; pump $h until ($out =~ /GOOD_PASSPHRASE/g or $out =~ /(passphrase\.enter)/g); unless ($1) { finish $h, return if $oldpass; } else { $^W = 0; /()/; $^W = 1; $out = ''; $in .= "$oldpass\n"; pump $h until ($out =~ /BAD_PASSPHRASE/g #! Test or $out =~ /(passphrase\.enter)/g); unless ($1) { finish $h; return; } } $^W = 0; /()/; $^W = 1; $out = ''; $in .= "$newpass\n"; pump $h until ($out =~ /change_passwd\.empty\.okay/g or $out =~ /(keyedit\.prompt)/g); unless ($1) { $in .= "Y\n"; pump $h until $out =~ /keyedit\.prompt/g; } $in .= "quit\n"; pump $h until $out =~ /keyedit\.save\.okay/g; $in .= "Y\n"; finish $h; return 1; } sub keytrust { my $self = shift; my ($key, $trustlevel) = @_; return unless $trustlevel =~ /$self->{VTRUSTLEVEL}/; my @opts = (split (/\s+/, "$self->{FORCEDOPTS} $self->{GPGOPTS}")); my ($in, $out, $err, $in_q, $out_q, $err_q); my $h = start ([$self->{GPGBIN}, @opts, '--no-tty', '--status-fd', '1', '--command-fd', 0, '--edit-key', $key->{ID}], \$in, \$out, \$err, timeout( 30 )); local $SIG{CHLD} = 'IGNORE'; local $SIG{PIPE} = 'IGNORE'; pump $h until $out =~ /keyedit\.prompt/g; $in .= "trust\n"; pump $h until $out =~ /edit_ownertrust\.value/g; $in .= "$trustlevel\n"; if ($trustlevel == 5) { pump $h until $out =~ /edit_ownertrust\.set_ultimate\.okay/g; $in .= "Y\n"; } pump $h until $out =~ /keyedit\.prompt/g; $in .= "quit\n"; finish $h; return 1; } sub keyprimary { } sub certify { my $self = shift; my ($key, $local, $class, @uids) = @_; return unless $self->{SECRETKEY} =~ /$self->{VKEYID}/ and $self->{PASSPHRASE} =~ /$self->{VPASSPHRASE}/; return unless @uids and !grep { $_ =~ /\D/; } @uids; my $i = 0; my $ret = 0; ($key) = $self->keydb($key); my $signingkey = ($self->keydb($self->{SECRETKEY}))[0]->{ID}; # Check if already signed. return 1 unless grep { !grep { $signingkey eq $_->{ID} } @{$_->{Signatures}} } (@{$key->{UIDs}})[@uids]; my @opts = (split (/\s+/, "$self->{FORCEDOPTS} $self->{GPGOPTS}")); push (@opts, '--default-key', $self->{SECRETKEY}); my ($in, $out, $err, $in_q, $out_q, $err_q); my $h = start ([$self->{GPGBIN}, @opts, '--status-fd', '1', '--command-fd', 0, '--no-tty', '--edit-key', $key->{ID}], \$in, \$out, \$err, timeout( 30 )); local $SIG{CHLD} = 'IGNORE'; local $SIG{PIPE} = 'IGNORE'; for (@uids) { my $uid = $_+1; pump $h until ($out =~ /keyedit\.prompt/g); # Old hack to make UID numbers correspond correctly. # my $info = $out; $out = ''; # $info =~ /\((\d+)\)\./; my $primary = $1; # unless ($primary == 1) { # if ($uid == 1) { # $uid = $primary; # } # elsif ($uid <= $primary) { # $uid--; # } # } $in .= "uid $uid\n"; } pump $h until ($out =~ /keyedit\.prompt/g); $out = ''; $in .= $local ? "lsign\n" : "sign\n"; pump $h until ($out =~ /(s)ign_uid\.class/g or $out =~ /keyedit\.prompt/g); my $fix = $1; unless ($1) { $out = ''; $in .= "\n"; pump $h until ($out =~ /(s)ign_uid\.class/g or $out =~ /keyedit\.prompt/g); $fix = $1; } if ($fix) { $in .= "$class\n"; pump $h until ($out =~ /sign_uid\.okay/g); $^W = 0; /()/; $^W = 1; $out = ''; $in .= "Y\n"; pump $h until ($out =~ /passphrase\.enter/g or $out =~ /(keyedit.prompt)/g); $ret=1; unless ($1) { $out = ''; $^W = 0; /()/; $^W = 1; $in .= "$self->{PASSPHRASE}\n"; pump $h until ($out =~ /keyedit\.prompt/g or $out =~ /(BAD_PASSPHRASE)/g); $ret=0 if $1; } } $in .= "quit\n"; if ($ret) { pump $h until ($out =~ /save\.okay/g or $out =~ /(k)eyedit\.prompt/g); $in .= "Y\n" unless $1; } finish $h; $ret; } sub delkey { my $self = shift; my $key = shift; return unless $key->{ID} =~ /$self->{VKEYID}/; my $del = $key->{Type} eq 'sec' ? '--delete-secret-and-public-key':'--delete-key'; my @opts = (split (/\s+/, "$self->{FORCEDOPTS} $self->{GPGOPTS}")); my ($in, $out, $err, $in_q, $out_q, $err_q); my $h = start ([$self->{GPGBIN}, @opts, '--no-tty', '--status-fd', '1', '--command-fd', 0, $del, $key->{ID}], \$in, \$out, \$err, timeout( 30 )); local $SIG{CHLD} = 'IGNORE'; local $SIG{PIPE} = 'IGNORE'; pump $h until ($out =~ /delete it first\./g or $out =~ /(delete_key)(.secret)?.okay/g); #! ^^^^^^^^^^^^^^^^^ to-fix. finish $h, return undef unless $1; $in .= "Y\n"; if ($key->{Type} eq 'sec') { pump $h until $out =~ /delete_key.okay/g; $in .= "Y\n"; } finish $h; return 1; } sub disablekey { my $self = shift; my $key = shift; return unless $key->{ID} =~ /$self->{VKEYID}/; my @opts = (split (/\s+/, "$self->{FORCEDOPTS} $self->{GPGOPTS}")); my ($in, $out, $err, $in_q, $out_q, $err_q); my $h = start ([$self->{GPGBIN}, @opts, '--no-tty', '--status-fd', '1', '--command-fd', 0, '--edit-key', $key->{ID}], \$in, \$out, \$err, timeout( 30 )); local $SIG{CHLD} = 'IGNORE'; local $SIG{PIPE} = 'IGNORE'; pump $h until ($out =~ /been disabled/g or $out =~ /(keyedit\.prompt)/g); #! ^^^^^^^^^^^^^ to-fix. finish $h, return undef unless $1; $in .= "disable\n"; pump $h until $out =~ /keyedit\.prompt/g; $in .= "quit\n"; finish $h; return 1; } sub enablekey { my $self = shift; my $key = shift; return unless $key->{ID} =~ /$self->{VKEYID}/; my @opts = (split (/\s+/, "$self->{FORCEDOPTS} $self->{GPGOPTS}")); my ($in, $out, $err, $in_q, $out_q, $err_q); my $h = start ([$self->{GPGBIN}, @opts, '--no-tty', '--status-fd', '1', '--command-fd', 0, '--edit-key', $key->{ID}], \$in, \$out, \$err, timeout( 30 )); local $SIG{CHLD} = 'IGNORE'; local $SIG{PIPE} = 'IGNORE'; pump $h until ($out =~ /been disabled/g or $out =~ /(keyedit\.prompt)/g); #! ^^^^^^^^^^^^^ to-fix. finish $h, return undef unless $1; $in .= "enable\n"; pump $h until $out =~ /keyedit\.prompt/g; $in .= "quit\n"; finish $h; return 1; } sub backtick { my ($in, $out, $err, $in_q, $out_q, $err_q); my $h = start ([@_], \$in, \$out, \$err, timeout( 10 )); local $SIG{CHLD} = 'IGNORE'; local $SIG{PIPE} = 'IGNORE'; finish $h; return ($out, $err); } sub AUTOLOAD { my $self = shift; (my $auto = $AUTOLOAD) =~ s/.*:://; # warn "FOO $auto $_[0]\n"; if ($auto =~ /^(passphrase|secretkey|armor|gpgbin|gpgopts|delay|marginals| detach|encryptsafe|version|comment|debug|tmpdir)$/x) { return $self->{"\U$auto"} unless defined $_[0]; $self->{"\U$auto"} = shift; } elsif ($auto eq 'DESTROY') { } else { croak "Could not AUTOLOAD method $auto."; } } package Crypt::GPG::Signature; use vars qw( $AUTOLOAD ); use Carp; sub AUTOLOAD { my $self = shift; (my $auto = $AUTOLOAD) =~ s/.*:://; if ($auto =~ /^(validity|keyid|time|trusted)$/) { return $self->{"KeyID"} if ( $auto eq "keyid" ); return $self->{"\u$auto"}; } elsif ($auto eq 'DESTROY') { } else { croak "Could not AUTOLOAD method $auto."; } } 'True Value'; __END__ =head1 NAME Crypt::GPG - An Object Oriented Interface to GnuPG. =head1 VERSION $Revision: 1.52 $ $Date: 2005/02/23 09:12:54 $ =head1 SYNOPSIS use Crypt::GPG; my $gpg = new Crypt::GPG; $gpg->gpgbin('/usr/bin/gpg'); # The GnuPG executable. $gpg->secretkey('0x2B59D29E'); # Set ID of default secret key. $gpg->passphrase('just testing'); # Set passphrase. # Sign a message: my $sign = $gpg->sign('testing again'); # Encrypt a message: my @encrypted = $gpg->encrypt ('top secret', 'test@bar.com'); # Get message info: my @recipients = $gpg->msginfo($encrypted); # Decrypt a message. my ($plaintext, $signature) = $gpg->verify($encrypted); # Key generation: $status = $gpg->keygen ('Test', 'test@foo.com', 'ELG-E', 2048, 0, 'test passphrase'); print while (<$status>); close $status; # Key database manipulation: $gpg->addkey($key, @ids); @keys = $gpg->keydb(@ids); # Key manipulation: $key = $keys[0]; $gpg->delkey($key); $gpg->disablekey($key); $gpg->enablekey($key); $gpg->keypass($key, $oldpassphrase, $newpassphrase); $keystring = $gpg->export($key); =head1 DESCRIPTION The Crypt::GPG module provides access to the functionality of the GnuPG (www.gnupg.org) encryption tool through an object oriented interface. It provides methods for encryption, decryption, signing, signature verification, key generation, key certification, export and import. Key-server access is on the todo list. This release of the module may create compatibility issues with previous versions. If you find any such problems, or any bugs or documentation errors, please do report them to crypt-gpg at neomailbox.com. =head1 CONSTRUCTOR =over 2 =item B Creates and returns a new Crypt::GPG object. =back =head1 DATA METHODS =over 2 =item B Sets the B instance variable which gives the path to the GnuPG binary. =item B Sets the B instance variable which may be used to pass additional options to the GnuPG binary. For proper functioning of this module, it is advisable to always include '--lock-multiple' in the GPGOPTS string. =item B Sets the B instance variable. This is no longer necessary (nor used) in the current version of the module, but remains so existing scripts don't break. =item B Sets the B instance variable which may be a KeyID or a username. This is the ID of the default key to use for signing. =item B Sets the B instance variable, required for signing and decryption. =item B Sets the B instance variable. If set true, GnuPG will use network-compatible line endings for proper cross-platform compatibility and the plaintext will gain a newline at the end, if it does not already have one. =item B Sets the B instance variable, controlling the ASCII armoring of output. The default is to use ascii-armoring. The module has not been tested with this option turned off, and most likely will not work if you switch this off. =item B Sets the B instance variable. If set true, the sign method will produce detached signature certificates, else it won't. The default is to produce detached signatures. =item B Sets the B instance variable. If set true, encryption will fail if trying to encrypt to a key which is not trusted. This is the default. Turn this off if you want to encrypt to untrusted keys. =item B Sets the B instance variable which can be used to change the Version: string on the GnuPG output to whatever you like. =item B Sets the B instance variable which can be used to change the Comment: string on the GnuPG output to whatever you like. =item B Sets the B instance variable which causes the raw output of Crypt::GPG's interaction with the GnuPG binary to be dumped to STDOUT. By default, debugging is off. =back =head1 OBJECT METHODS =over 2 =item B Signs B<@message> with the secret key specified with B and returns the result as a string. =item B This is just an alias for B =item B Decrypts and/or verifies the message in B<@message>, optionally using the detached signature in B<@signature>, and returns a list whose first element is plaintext message as a string. If the message was signed, a Crypt::GPG::Signature object is returned as the second element of the list. The Crypt::GPG::Signature object can be queried with the following methods: $sig->validity(); # 'Good', 'BAD', or 'Unknown' $sig->keyid(); # ID of signing key $sig->time(); # Time the signature was made $sig->trusted(); # True or false depending on whether the signing key is trusted =item B Returns a list of the recipient key IDs that B<@ciphertext> is encrypted to. =item B Encrypts B<$plaintext> with the public keys of the recipients listed in B<$keylist> and returns the result in a string, or B if there was an error while processing. Returns undef if any of the keys are not found. Either $plaintext or $keylist may be specified as either an arrayref or a simple scalar. If $plaintext is a an arrayref, it will be join()ed without newlines. If you want to encrypt to multiple recipients, you must use the arrayref version of $keylist. A scalar $keylist works for only a single key ID. If the -sign option is provided, the message will be signed before encryption. The secret key and passphrase must be set for signing to work. They can be set with the secretkey() and passphrase() methods. =item B Adds the keys given in B<$key> to the user's key ring and returns a list of Crypt::GPG::Key objects corresponding to the keys that were added. $key may be a string or an array reference. If B<$pretend> is true, it pretends to add the key and creates the key object, but doesn't actually perform the key addition. Optionally, a list of key IDs may be specified. If a list of key IDs is specified, only keys that match those IDs will be imported. The rest will be ignored. =item B Exports the key specified by the Crypt::GPG::Key object B<$key> and returns the result as a string. =item B Creates a new keypair with the parameters specified. The only supported B<$keytype> currently is 'ELG-E'. B<$keysize> can be any of 768, 1024, 2048, 3072 or 4096. Returns undef if there was an error, otherwise returns a filehandle that reports the progress of the key generation process similar to the way GnuPG does. The key generation is not complete till you read an EOF from the returned filehandle. =item B Certifies to the authenticity of UIDs of the key with ID $keyid. If $local is true, the certification will be non-exportable. The @uids parameter should contain the list of UIDs to certify (the first UID of a key is 0). =item B Returns an array of Crypt::GPG::Key objects corresponding to the Key IDs listed in B<@keyids>. This method used to be called B and that is still an alias to this method. =item B Parses a raw GnuPG formatted key listing in B<@keylist> and returns an array of Crypt::GPG::Key objects. =item B Change the passphrase for a key. Returns true if the passphrase change succeeded, false if not, or undef if there was an error. =item B Deletes the key specified by the Crypt::GPG::Key object B<$key> from the user's key ring. Returns undef if there was an error, or 1 if the key was successfully deleted. =item B Disables the key specified by the Crypt::GPG::Key object B<$key>. =item B Enables the key specified by the Crypt::GPG::Key object B<$key>. =back =head1 Crypt::GPG::Signature =over 2 Documentation coming soon. =back =head1 Crypt::GPG::Key =over 2 Documentation coming soon. =back =head1 TODO =over 2 =item * Key server access. =item * More complete key manipulation interface. =item * Filehandle interface to handle large messages. =back =head1 BUGS =over 2 =item * Error checking needs work. =item * Some key manipulation functions are missing. =item * The method call interface is subject to change in future versions. =item * The current implementation will probably eat up all your RAM if you try to operate on huge messages. In future versions, this will be addressed by reading from and returning filehandles, rather than using in-core data. =item * Methods may break if you don't use ASCII armoring. =back =head1 CHANGELOG =over 2 $Log: GPG.pm,v $ Revision 1.52 2005/02/23 09:12:54 cvs - Overhauled to use IPC::Run instead of Expect. - Test suite split up into multiple scripts. Revision 1.42 2002/12/11 03:33:19 cvs - Fixed bug in certify() when trying to certify revoked a key. - Applied dharris\x40drh.net's patch to allow for varying date formats between gpg versions, and fix time parsing and the Crypt::GPG::Signature autoloaded accessor functions. Revision 1.40 2002/09/23 23:01:53 cvs - Fixed a bug in keypass() - Documentation fixes. Revision 1.37 2002/09/21 02:37:49 cvs - Fixed signing option in encrypt. Revision 1.36 2002/09/21 00:03:29 cvs - Added many tests and fixed a bunch of bugs. Revision 1.34 2002/09/20 19:07:11 cvs - Extensively modified formatting to make the code easier to read. All lines are now < 80 chars. - Removed all instances of invoking a shell. - Misc. other stuff. Revision 1.31 2002/09/20 16:38:45 cvs - Cleaned up export and addkey. Fixed(?) addkey clobbering trustdb problem (thanks to jrray\x40spacemeat.com for the patch). Added support for signature verification on addkey pretend. - No calls to POSIX::tmpnam remain (thanks to radek\x40karnet.pl and jrray\x40spacemeat.com for suggesting File::Temp). Revision 1.30 2002/09/20 15:25:47 cvs - Fixed up tempfile handling and eliminated calls to the shell in encrypt(), sign() and msginfo(). Passing all currently defined tests. - Hopefully also fixed signing during encryption and verification of detached signatures. Not tested this yet. Revision 1.29 2002/09/20 11:19:02 cvs - Removed hack to Version: string. Only the Comment: string in GPG output is now modified by Crypt::GPG. (Thanks to eisen\x40schlund.de for pointing out the bug here) - Removed code that incorrectly replaced 'PGP MESSAGE' with 'PGP SIGNATURE' on detached signatures. (Thanks to ddcc\x40mit.edu for pointing this out). - Fixed up addkey() to properly handle pretend mode and to selectively import only requested key IDs from a key block. - parsekeys() now also figures out which keyring a key belongs to. - Added certify() method, to enable certifying keys. - Added Crypt::GPG::Signature methods - validity(), keyid(), time() and trusted(). =back =head1 AUTHOR Crypt::GPG is Copyright (c) 2000-2005 Ashish Gulhati . All Rights Reserved. =head1 ACKNOWLEDGEMENTS Thanks to Barkha, my sunshine. And to the GnuPG team and everyone who writes free software. =head1 LICENSE This code is free software; you can redistribute it and/or modify it under the same terms as Perl itself. =head1 BUGS REPORTS, PATCHES, FEATURE REQUESTS Are very welcome. Email crypt-gpg at neomailbox.com. =cut Crypt-GPG-1.52/Makefile.PL0100644000076600007660000000107010202626442013570 0ustar hashhashuse ExtUtils::MakeMaker; # See lib/ExtUtils/MakeMaker.pm for details of how to influence # the contents of the Makefile that is written. WriteMakefile ( 'NAME' => 'Crypt::GPG', 'AUTHOR' => 'Ashish Gulhati ', 'ABSTRACT_FROM' => 'GPG.pm', 'VERSION_FROM' => 'GPG.pm', 'PREREQ_PM' => { 'Carp' => 0, 'Fcntl' => 0, 'IPC::Run' => 0, 'File::Path' => 0, 'File::Temp' => 0, 'Date::Parse' => 0, }, ); Crypt-GPG-1.52/MANIFEST0100644000076600007660000000030610202625323012745 0ustar hashhashMANIFEST Makefile.PL GPG.pm README t/01-keygen.t t/02-import.t t/03-export.t t/04-encdec.t t/05-sigver.t t/06-keyops.t META.yml Module meta-data (added by MakeMaker) Crypt-GPG-1.52/META.yml0100644000076600007660000000100210207044620013057 0ustar hashhash# http://module-build.sourceforge.net/META-spec.html #XXXXXXX This is a prototype!!! It will change in the future!!! XXXXX# name: Crypt-GPG version: 1.52 version_from: GPG.pm installdirs: site requires: Carp: 0 Date::Parse: 0 Fcntl: 0 File::Path: 0 File::Temp: 0 IPC::Run: 0 distribution_type: module generated_by: ExtUtils::MakeMaker version 6.17 Crypt-GPG-1.52/README0100644000076600007660000002777710207044527012527 0ustar hashhashNAME Crypt::GPG - An Object Oriented Interface to GnuPG. VERSION $Revision: 1.52 $ $Date: 2005/02/23 09:12:54 $ SYNOPSIS use Crypt::GPG; my $gpg = new Crypt::GPG; $gpg->gpgbin('/usr/bin/gpg'); # The GnuPG executable. $gpg->secretkey('0x2B59D29E'); # Set ID of default secret key. $gpg->passphrase('just testing'); # Set passphrase. # Sign a message: my $sign = $gpg->sign('testing again'); # Encrypt a message: my @encrypted = $gpg->encrypt ('top secret', 'test@bar.com'); # Get message info: my @recipients = $gpg->msginfo($encrypted); # Decrypt a message. my ($plaintext, $signature) = $gpg->verify($encrypted); # Key generation: $status = $gpg->keygen ('Test', 'test@foo.com', 'ELG-E', 2048, 0, 'test passphrase'); print while (<$status>); close $status; # Key database manipulation: $gpg->addkey($key, @ids); @keys = $gpg->keydb(@ids); # Key manipulation: $key = $keys[0]; $gpg->delkey($key); $gpg->disablekey($key); $gpg->enablekey($key); $gpg->keypass($key, $oldpassphrase, $newpassphrase); $keystring = $gpg->export($key); DESCRIPTION The Crypt::GPG module provides access to the functionality of the GnuPG (www.gnupg.org) encryption tool through an object oriented interface. It provides methods for encryption, decryption, signing, signature verification, key generation, key certification, export and import. Key-server access is on the todo list. This release of the module may create compatibility issues with previous versions. If you find any such problems, or any bugs or documentation errors, please do report them to crypt-gpg at neomailbox.com. CONSTRUCTOR new() Creates and returns a new Crypt::GPG object. DATA METHODS gpgbin($path) Sets the GPGBIN instance variable which gives the path to the GnuPG binary. gpgopts($opts) Sets the GPGOPTS instance variable which may be used to pass additional options to the GnuPG binary. For proper functioning of this module, it is advisable to always include '--lock-multiple' in the GPGOPTS string. delay($seconds) Sets the DELAY instance variable. This is no longer necessary (nor used) in the current version of the module, but remains so existing scripts don't break. secretkey($keyid) Sets the SECRETKEY instance variable which may be a KeyID or a username. This is the ID of the default key to use for signing. passphrase($passphrase) Sets the PASSPHRASE instance variable, required for signing and decryption. text($boolean) Sets the TEXT instance variable. If set true, GnuPG will use network-compatible line endings for proper cross-platform compatibility and the plaintext will gain a newline at the end, if it does not already have one. armor($boolean) Sets the ARMOR instance variable, controlling the ASCII armoring of output. The default is to use ascii-armoring. The module has not been tested with this option turned off, and most likely will not work if you switch this off. detach($boolean) Sets the DETACH instance variable. If set true, the sign method will produce detached signature certificates, else it won't. The default is to produce detached signatures. encryptsafe($boolean) Sets the ENCRYPTSAFE instance variable. If set true, encryption will fail if trying to encrypt to a key which is not trusted. This is the default. Turn this off if you want to encrypt to untrusted keys. version($versionstring) Sets the VERSION instance variable which can be used to change the Version: string on the GnuPG output to whatever you like. comment($commentstring) Sets the COMMENT instance variable which can be used to change the Comment: string on the GnuPG output to whatever you like. debug($boolean) Sets the DEBUG instance variable which causes the raw output of Crypt::GPG's interaction with the GnuPG binary to be dumped to STDOUT. By default, debugging is off. OBJECT METHODS sign(@message) Signs @message with the secret key specified with secretkey() and returns the result as a string. decrypt(\@message, [\@signature]) This is just an alias for verify() verify(\@message, [\@signature]) Decrypts and/or verifies the message in @message, optionally using the detached signature in @signature, and returns a list whose first element is plaintext message as a string. If the message was signed, a Crypt::GPG::Signature object is returned as the second element of the list. The Crypt::GPG::Signature object can be queried with the following methods: $sig->validity(); # 'Good', 'BAD', or 'Unknown' $sig->keyid(); # ID of signing key $sig->time(); # Time the signature was made $sig->trusted(); # True or false depending on whether the signing key is trusted msginfo(@ciphertext) Returns a list of the recipient key IDs that @ciphertext is encrypted to. encrypt($plaintext, $keylist, [-sign] ) Encrypts $plaintext with the public keys of the recipients listed in $keylist and returns the result in a string, or undef if there was an error while processing. Returns undef if any of the keys are not found. Either $plaintext or $keylist may be specified as either an arrayref or a simple scalar. If $plaintext is a an arrayref, it will be join()ed without newlines. If you want to encrypt to multiple recipients, you must use the arrayref version of $keylist. A scalar $keylist works for only a single key ID. If the -sign option is provided, the message will be signed before encryption. The secret key and passphrase must be set for signing to work. They can be set with the secretkey() and passphrase() methods. addkey($key, $pretend, @keyids) Adds the keys given in $key to the user's key ring and returns a list of Crypt::GPG::Key objects corresponding to the keys that were added. $key may be a string or an array reference. If $pretend is true, it pretends to add the key and creates the key object, but doesn't actually perform the key addition. Optionally, a list of key IDs may be specified. If a list of key IDs is specified, only keys that match those IDs will be imported. The rest will be ignored. export($key) Exports the key specified by the Crypt::GPG::Key object $key and returns the result as a string. keygen($name, $email, $keytype, $keysize, $expire, $passphrase) Creates a new keypair with the parameters specified. The only supported $keytype currently is 'ELG-E'. $keysize can be any of 768, 1024, 2048, 3072 or 4096. Returns undef if there was an error, otherwise returns a filehandle that reports the progress of the key generation process similar to the way GnuPG does. The key generation is not complete till you read an EOF from the returned filehandle. certify($keyid, $local, @uids) Certifies to the authenticity of UIDs of the key with ID $keyid. If $local is true, the certification will be non-exportable. The @uids parameter should contain the list of UIDs to certify (the first UID of a key is 0). keydb(@keyids) Returns an array of Crypt::GPG::Key objects corresponding to the Key IDs listed in @keyids. This method used to be called keyinfo and that is still an alias to this method. parsekeys(@keylist) Parses a raw GnuPG formatted key listing in @keylist and returns an array of Crypt::GPG::Key objects. keypass($key, $oldpass, $newpass) Change the passphrase for a key. Returns true if the passphrase change succeeded, false if not, or undef if there was an error. delkey($keyid) Deletes the key specified by the Crypt::GPG::Key object $key from the user's key ring. Returns undef if there was an error, or 1 if the key was successfully deleted. disablekey($keyid) Disables the key specified by the Crypt::GPG::Key object $key. enablekey($keyid) Enables the key specified by the Crypt::GPG::Key object $key. Crypt::GPG::Signature Documentation coming soon. Crypt::GPG::Key Documentation coming soon. TODO * Key server access. * More complete key manipulation interface. * Filehandle interface to handle large messages. BUGS * Error checking needs work. * Some key manipulation functions are missing. * The method call interface is subject to change in future versions. * The current implementation will probably eat up all your RAM if you try to operate on huge messages. In future versions, this will be addressed by reading from and returning filehandles, rather than using in-core data. * Methods may break if you don't use ASCII armoring. CHANGELOG $Log: GPG.pm,v $ Revision 1.52 2005/02/23 09:12:54 cvs - Overhauled to use IPC::Run instead of Expect. - Test suite split up into multiple scripts. Revision 1.42 2002/12/11 03:33:19 cvs - Fixed bug in certify() when trying to certify revoked a key. - Applied dharris\x40drh.net's patch to allow for varying date formats between gpg versions, and fix time parsing and the Crypt::GPG::Signature autoloaded accessor functions. Revision 1.40 2002/09/23 23:01:53 cvs - Fixed a bug in keypass() - Documentation fixes. Revision 1.37 2002/09/21 02:37:49 cvs - Fixed signing option in encrypt. Revision 1.36 2002/09/21 00:03:29 cvs - Added many tests and fixed a bunch of bugs. Revision 1.34 2002/09/20 19:07:11 cvs - Extensively modified formatting to make the code easier to read. All lines are now < 80 chars. - Removed all instances of invoking a shell. - Misc. other stuff. Revision 1.31 2002/09/20 16:38:45 cvs - Cleaned up export and addkey. Fixed(?) addkey clobbering trustdb problem (thanks to jrray\x40spacemeat.com for the patch). Added support for signature verification on addkey pretend. - No calls to POSIX::tmpnam remain (thanks to radek\x40karnet.pl and jrray\x40spacemeat.com for suggesting File::Temp). Revision 1.30 2002/09/20 15:25:47 cvs - Fixed up tempfile handling and eliminated calls to the shell in encrypt(), sign() and msginfo(). Passing all currently defined tests. - Hopefully also fixed signing during encryption and verification of detached signatures. Not tested this yet. Revision 1.29 2002/09/20 11:19:02 cvs - Removed hack to Version: string. Only the Comment: string in GPG output is now modified by Crypt::GPG. (Thanks to eisen\x40schlund.de for pointing out the bug here) - Removed code that incorrectly replaced 'PGP MESSAGE' with 'PGP SIGNATURE' on detached signatures. (Thanks to ddcc\x40mit.edu for pointing this out). - Fixed up addkey() to properly handle pretend mode and to selectively import only requested key IDs from a key block. - parsekeys() now also figures out which keyring a key belongs to. - Added certify() method, to enable certifying keys. - Added Crypt::GPG::Signature methods - validity(), keyid(), time() and trusted(). AUTHOR Crypt::GPG is Copyright (c) 2000-2005 Ashish Gulhati . All Rights Reserved. ACKNOWLEDGEMENTS Thanks to Barkha, my sunshine. And to the GnuPG team and everyone who writes free software. LICENSE This code is free software; you can redistribute it and/or modify it under the same terms as Perl itself. BUGS REPORTS, PATCHES, FEATURE REQUESTS Are very welcome. Email crypt-gpg at neomailbox.com. Crypt-GPG-1.52/t/0040755000076600007660000000000010207044622012065 5ustar hashhashCrypt-GPG-1.52/t/01-keygen.t0100644000076600007660000000272610207044427013761 0ustar hashhash# -*-cperl-*- # # keygen.t - Crypt::GPG key generation tests. # Copyright (c) 2005 Ashish Gulhati # # All rights reserved. This code is free software; you can # redistribute it and/or modify it under the same terms as Perl # itself. # # $Id: 01-keygen.t,v 1.6 2005/02/23 09:12:55 cvs Exp $ use strict; use Test; use Crypt::GPG; BEGIN { plan tests => 3 } print STDERR <<__ENDMSG; NOTE: Key generation tests can take quite a long time. If the tests fail, you may not have GPG installed. Or you may need to generate more randomness on your computer (by running a recursive directory listing in the background, for example). __ENDMSG my $debug = 0; my $dir = $0 =~ /^\// ? $0 : $ENV{PWD} . '/' . $0; $dir =~ s/\/[^\/]*$//; $ENV{HOME} = $dir; # Create new Crypt::GPG object my $gpg = new Crypt::GPG; $ENV{GPGBIN} and $gpg->gpgbin($ENV{GPGBIN}); $gpg->gpgopts('--compress-algo 1 --cipher-algo cast5 --force-v3-sigs --no-comment'); $gpg->debug($debug); # Start test loop with different key sizes/types ################################################ for my $bits qw(768 1024 2048) { for my $type ('ELG-E') { # Generate key pair ##################### ok(sub { my $status = $gpg->keygen("A $bits $type", "$bits$type\@test.com", $type, $bits, 0, "$bits Bit $type Test Key"); return 0 unless $status; $|=1; while (<$status>) { chomp; print; } close $status; print "\n"; $|=0; }, 0); } } Crypt-GPG-1.52/t/02-import.t0100644000076600007660000000652510207044427014013 0ustar hashhash# -*-cperl-*- # # import.t - Crypt::GPG key import tests. # Copyright (c) 2004 Ashish Gulhati # # All rights reserved. This code is free software; you can # redistribute it and/or modify it under the same terms as Perl # itself. # # $Id: 02-import.t,v 1.3 2005/02/23 09:12:55 cvs Exp $ use strict; use Test; use Crypt::GPG; BEGIN { plan tests => 1 } my $debug = 0; my $dir = $0 =~ /^\// ? $0 : $ENV{PWD} . '/' . $0; $dir =~ s/\/[^\/]*$//; $ENV{HOME} = $dir; # Create new Crypt::GPG object my $gpg = new Crypt::GPG; $ENV{GPGBIN} and $gpg->gpgbin($ENV{GPGBIN}); $gpg->gpgopts('--compress-algo 1 --cipher-algo cast5 --force-v3-sigs --no-comment'); $gpg->debug($debug); my @samplekeys; samplekeys(); # Import sample keys #################### ok( sub { for my $x (@samplekeys) { my ($imported) = $gpg->addkey($x->{Key}); return 0 unless $imported->{ID} eq $x->{ID}; } 1; } ); sub samplekeys { push (@samplekeys, {'ID' => 'D354E162BCA6DBD1', 'Key' => <<__ENDKEY -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQENAzbnXBAFcAEIAM6s/Yb/u3tcOxibrKNhyCsOa1VHQs/q81gryg761tVqTIO/ Ja0qdkxe2A3u2hwv1zvCPNYVbvFgYrc8zUcouC2vlbc3Hh1tth9l3dkAFmNBIukj kr5bg/x9oNUgrhUCugUxs2SjZV6ckzItMX09OkFPMpHp7HjJNEvI57lrZO1EAQAg zurenqTJxJd4XmJLimor7WOGB9QjVAyzggqUqfkCoabUhJRf3NKtz/3/yD8DC9dE J6fBa/1h2GEbTY6wCM3xJIMO8jLgzpO4vWQj/1Geo52k6O3U/UokhMdWCuXOrr2U hOHveVhZkXXvCD7TmQdzBMXpk/hL01ThYrym29EABRGJARUDBSA5jiAo01ThYrym 29EBAXbtB/0T4kQRlhYZXqTtVLcSw2A92S6LIHUDNLDg1/+B07t977LWjwJdzQaK 6lyibE4aaJpSz2ijf0g6k86ZtglwbwXpKZMoofa4Raw8390L3AuR/WaPjc9yk3e+ gudMqBXdSefArmnDDHSwKnGj/UOMbKeqhwMYkydCF9CToSiwipWXt64PxCPVH+Rx JljdLX35yOfWOV2RalqVZx9Ens4JKjlvxYvc7971yCnBACwC0ETVciykJ6zlkxiK /XFedgshOTdirkZLq/25rZTEOwxcssQLTYo8JpTWe0muBUPRnJ9MuvNQryTz6Bla 6IEvJ3EpLaIAWvg9M6uh0w/TMojs3HQrtCFMdWNreSBHcmVlbiA8c2hhbXJvY2tA bmV0Y29tLmNvbT6JARUDBRA251wQ01ThYrym29EBAQU+B/9VIhAoeC6wYYatVWk4 77fSWxx42d9qG2vx2PgTFJmUmsnunVJn3CRW4K5GihBI8gvE3tPK/X5rwqsi+1i1 GF85QvIWYHi7FPSf36unKR4JJ6HBFWjHUcCDmFFXvEdZZcV4/OehMiH5eAqrfA3n QPJFT7BE/xtx9YiyOYyTC0xlp++Jm5RP+16AemW7Sc36+E2dUqhT/VMDq6biF6jm 1TqU5k8glo301qHGquvUimaNbz/y489bw/oxDbAtb09noPgUAdFKBAnu6x7Di6s7 3Xdqpb3bXc610QMCdPUmCZ85j6YBGKYp7ut7P1OnQVjGq+wcjuoQqxs8KkexMoLL HffriEYEEBECAAYFAjbnXEkACgkQhQfEvNDUrse+AACgzSob20OCEMvKi1jWa74d bnTr0X8AoIzZde8sRxL3OHG6xJdbZ8bkRjYAiEYEEBECAAYFAjbnXGsACgkQ9dQ9 PDda2SRPCQCeOAzaxNzrBwMlUr1Zl93mnqwqxoEAnAlSe4bzpspFqov9c1W1Ut/B 63dPiQCVAwUQNukp4KRQkCwJ0+ZNAQGGtQP+IyDM2DSZLFjHrA/gOF/RwRJDpMTp MykLao3tnGf2txhrZcFfO9HcCjxrzTPW6WcJRo+Fd3paaXyzrkG66TewurP09jK+ uafyWAsM54PCSHTn5WWK9VQPaC0/aN6EctCiuzUhowvVT4sG7zYzdGNukbsQgTb2 n4L2l5OMcf3sB+qJAJUDBRA26SoB8uVlTOYOKm0BAU5UA/sHd1p9/7Y1Z4nzIEG0 wl6ztsM4/MT30z6veMmC9vyb5fLKsIRhkrcIx3j0uN8rAZyUPybFuQAFM2tc172l pgLvuHDUoKZgL5sijFJ2Ym8dO/EFZybLQvpQ+sZE2sxMLqgGjJmmr3PDL8mvMUtm V11a4GJwF5vFcX1GOVDf+iBlookAlQMFEDbpbmKwsXGDTboQkQEBzAsD/iHxI5Ay IcTfGjaBgU/jt34qfkcwO+HSiXh2GZtLqiHnzfVOj6gnsNvSWq8J8nbsU1YirzrM n2voGhGqJdxSqK98sNorC0vRQumtlVHCMSFGRQykSz+UaXDZzScQJPPNMO+PuV9T bn7bBZH3Mj+B7uqXTu8Of0kLmDhprP5yUTb/iQCVAwUQNxZnohUFu2vi9WZpAQF4 nwQAyxIGLVq4OFdOJ6/bR9fFikpSwptbnvQsUZWMEv1dakRJJ80dFQPChJFL0M+I EOTeAVQiXM9SmuQM/Hg60aGpCQCr4t/9vK/A13BCwc1uyBSwRbwyCo64+vhvg2JV kDmoqy9Z+rON9RAkQErFiYpGUeCV3NhF+c8KtCdDP4XvDrQ= =wE/r -----END PGP PUBLIC KEY BLOCK----- __ENDKEY }); } Crypt-GPG-1.52/t/03-export.t0100644000076600007660000000333210207044430014006 0ustar hashhash# -*-cperl-*- # # export.t - Crypt::GPG key export tests. # Copyright (c) 2004 Ashish Gulhati # # All rights reserved. This code is free software; you can # redistribute it and/or modify it under the same terms as Perl # itself. # # $Id: 03-export.t,v 1.3 2005/02/23 09:12:56 cvs Exp $ use strict; use Test; use Crypt::GPG; BEGIN { plan tests => 15 } my $debug = 0; my $dir = $0 =~ /^\// ? $0 : $ENV{PWD} . '/' . $0; $dir =~ s/\/[^\/]*$//; $ENV{HOME} = $dir; # Create new Crypt::GPG object my $gpg = new Crypt::GPG; $ENV{GPGBIN} and $gpg->gpgbin($ENV{GPGBIN}); $gpg->gpgopts('--compress-algo 1 --cipher-algo cast5 --force-v3-sigs --no-comment'); $gpg->debug($debug); # Start test loop with different key sizes/types ################################################ for my $bits qw(768 1024 2048) { for my $type ('ELG-E') { # Export our public key ####################### my $publickey; my $pub; ok(sub { ($publickey) = grep { $_->{Type} =~ /^pub[^\@]?/ } $gpg->keyinfo("A $bits $type"); $pub = $gpg->export($publickey); }); # Pretend import public key ########################### ok(sub { my ($imported) = $gpg->addkey($pub, 1); $publickey->{ID} eq $imported->{ID}; }); # Really import public key ########################## ok(sub { my ($imported) = $gpg->addkey($pub); $publickey->{ID} eq $imported->{ID}; }); # Export secret key ################### my $secretkey; my $sec; ok(sub { ($secretkey) = grep { $_->{Type} =~ /^sec[^\@]?/ } $gpg->keyinfo("A $bits $type"); $sec = $gpg->export($secretkey); }); # Import secret key ################### skip(1, sub { $gpg->addkey($sec); }); } } Crypt-GPG-1.52/t/04-encdec.t0100644000076600007660000000337710207044430013720 0ustar hashhash# -*-cperl-*- # # enc-dec.t - Crypt::GPG encryption / decryption tests. # Copyright (c) 2005 Ashish Gulhati # # All rights reserved. This code is free software; you can # redistribute it and/or modify it under the same terms as Perl # itself. # # $Id: 04-encdec.t,v 1.5 2005/02/23 09:12:56 cvs Exp $ use strict; use Test; use Crypt::GPG; BEGIN { plan tests => 15 } my $debug = 0; my $dir = $0 =~ /^\// ? $0 : $ENV{PWD} . '/' . $0; $dir =~ s/\/[^\/]*$//; $ENV{HOME} = $dir; # Create new Crypt::GPG object my @x; my $gpg = new Crypt::GPG; $ENV{GPGBIN} and $gpg->gpgbin($ENV{GPGBIN}); $gpg->gpgopts('--compress-algo 1 --cipher-algo cast5 --force-v3-sigs --no-comment'); $gpg->debug($debug); # Start test loop with different key sizes/types ################################################ for my $bits qw(768 1024 2048) { for my $type ('ELG-E') { my ($secretkey) = grep { $_->{Type} =~ /^sec[^\@]?/ } $gpg->keyinfo("A $bits $type"); $gpg->secretkey($secretkey); $gpg->encryptsafe(0); # Encrypt ######### ok(sub { @x = $gpg->encrypt("Test\n", "A $bits $type"); }); for my $nopass (0,1) { if ($nopass) { # Blank out the Key password and do another round of tests ########################################################## ok(sub { $gpg->passphrase(''); $gpg->keypass($secretkey, "$bits Bit $type Test Key", ''); }); } # Decrypt ######### ok(sub { $gpg->passphrase("$bits Bit $type Test Key") unless $nopass; my ($clear) = $gpg->decrypt(@x); $clear eq "Test\n"; }); } # Set passphrase back to original ################################# ok(sub { $gpg->keypass($secretkey, '', "$bits Bit $type Test Key"); }); } } Crypt-GPG-1.52/t/05-sigver.t0100644000076600007660000000531310207044431013770 0ustar hashhash# -*-cperl-*- # # sigver.t - Crypt::GPG signing / verification tests. # Copyright (c) 2005 Ashish Gulhati # # All rights reserved. This code is free software; you can # redistribute it and/or modify it under the same terms as Perl # itself. # # $Id: 05-sigver.t,v 1.4 2005/02/23 09:12:57 cvs Exp $ use strict; use Test; use Crypt::GPG; BEGIN { plan tests => 48 } my $debug = 0; my $dir = $0 =~ /^\// ? $0 : $ENV{PWD} . '/' . $0; $dir =~ s/\/[^\/]*$//; $ENV{HOME} = $dir; # Create new Crypt::GPG object my @x; my $gpg = new Crypt::GPG; $ENV{GPGBIN} and $gpg->gpgbin($ENV{GPGBIN}); $gpg->gpgopts('--compress-algo 1 --cipher-algo cast5 --force-v3-sigs --no-comment'); $gpg->debug($debug); # Start test loop with different key sizes/types ################################################ for my $bits qw(768 1024 2048) { for my $type ('ELG-E') { my ($secretkey) = grep { $_->{Type} =~ /^sec[^\@]?/ } $gpg->keyinfo("A $bits $type"); $gpg->secretkey($secretkey->{ID}); for my $nopass (0,1) { if ($nopass) { # Blank out the Key password and do another round of tests ########################################################## ok(sub { $gpg->passphrase(''); $gpg->keypass($secretkey, "$bits Bit $type Test Key", ''); }); } $gpg->passphrase("$bits Bit $type Test Key") unless $nopass; $gpg->encryptsafe(0); #! Must test with both trusted and untrusted keys. # Encrypt and sign with GPG ########################### my @xs; ok(sub { @xs = $gpg->encrypt("Test\n", "A $bits $type", '-sign'); }); # Sign with GPG ############### #! Need to check for hang when secret key not set. ok(sub { my $signed = $gpg->sign("Signing a test\nmessage, combining\nand\r\nline endings.\n"); $signed =~ /^-----BEGIN PGP SIGNATURE-----.*-----END PGP SIGNATURE-----$/s; }); #! Clearsign with GPG ##################### skip(sub {1}); #! Detached sign with GPG ######################### skip(sub {1}); # Decrypt & Verify GPG with GPG ############################### ok(sub { $gpg->secretkey($secretkey); my ($clear, $sign) = $gpg->decrypt(@xs); $clear eq "Test\n" and ref($sign) eq 'Crypt::GPG::Signature'; }); #! Verify Signature (GPG with GPG) ################################## skip(sub {1}); #! Verify detached signature (GPG with GPG) ################################################# skip(sub {1}); } # Set passphrase back to original ################################# ok(sub { $gpg->keypass($secretkey, '', "$bits Bit $type Test Key"); }); } } Crypt-GPG-1.52/t/06-keyops.t0100644000076600007660000001021310207044431013777 0ustar hashhash# -*-cperl-*- # # keyops.t - Crypt::GPG key manipulation tests. # Copyright (c) 2005 Ashish Gulhati # # All rights reserved. This code is free software; you can # redistribute it and/or modify it under the same terms as Perl # itself. # # $Id: 06-keyops.t,v 1.2 2005/02/23 09:12:57 cvs Exp $ use strict; use Test; use Crypt::GPG; BEGIN { plan tests => 45 } my $debug = 0; my $dir = $0 =~ /^\// ? $0 : $ENV{PWD} . '/' . $0; $dir =~ s/\/[^\/]*$//; $ENV{HOME} = $dir; my @samplekeys; samplekeys(); # Create new Crypt::GPG object my @x; my $gpg = new Crypt::GPG; $ENV{GPGBIN} and $gpg->gpgbin($ENV{GPGBIN}); $gpg->gpgopts('--compress-algo 1 --cipher-algo cast5 --force-v3-sigs --no-comment'); $gpg->debug($debug); for my $x (@samplekeys) { my ($imported) = $gpg->addkey($x->{Key}); return 0 unless $imported->{ID} eq $x->{ID}; } # Start test loop with different key sizes/types ################################################ for my $bits qw(768 1024 2048) { for my $type ('ELG-E') { my @mykeys = $gpg->keyinfo("A $bits $type"); my ($publickey) = grep { $_->{Type} =~ /^pub[^\@]?/ } @mykeys; my ($secretkey) = grep { $_->{Type} =~ /^sec[^\@]?/ } @mykeys; $gpg->secretkey($secretkey->{ID}); for my $nopass (0,1) { if ($nopass) { # Blank out the Key password and do another round of tests ########################################################## ok(sub { $gpg->passphrase(''); $gpg->keypass($secretkey, "$bits Bit $type Test Key", ''); }); } $gpg->passphrase("$bits Bit $type Test Key") unless $nopass; $gpg->encryptsafe(0); #! Must test with both trusted and untrusted keys. # Local-sign all sample public keys ################################### #! Test check for already signed. #! Test check for UID out of range. It's broken. ok(sub { for my $x (@samplekeys) { return unless $gpg->certify($x->{ID}, 1, 0, 0); } 1; }); # Sign all sample public keys ############################# ok(sub { for my $x (@samplekeys) { return unless $gpg->certify($x->{ID}, 0, 0, 0); } 1; }); #! Verify key signatures ######################## skip(sub {1}); # Change key trust ################## ok(sub { $gpg->keytrust($publickey, 3); }); # Disable key ############# ok(sub { $gpg->disablekey($publickey); }); # Enable key ############ ok(sub { $gpg->enablekey($publickey); }); } # Set passphrase back to original ################################# ok(sub { $gpg->keypass($secretkey, '', "$bits Bit $type Test Key"); }); # Delete GPG key pair ##################### ok(sub { $gpg->delkey($secretkey); }); } } sub samplekeys { push (@samplekeys, {'ID' => '143C9F41D8F056DD', 'Key' => <<__ENDKEY -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.4 mQENAzgus1wAAAEIAOZ707105iVS2aTDVIVzDg0gAm8//PzKiZFAuJLpI1IWG4AW LdGdQYvSR0z1Xn6BcZXvrDabN/TNlmqXuJXPgI9gTsEmfjgz2Zoyui556iaWt9Gq c+q9qz1PR7IawKbiuMP48j6ef+YUH5ju68w7YAnS9MjK+GidtXa7IHryuApRRWHC q8SWb+ipv/SizVt44R1RSshS6Oxsfddrz4jc+XTMFW73I8O5OGsopNUDWLTK+ncj /J0SaMbPJ1PkPEGwrGf0yl/XhZ/9VxcjgyNClmdH1SxkgEGBFQXU4ODqVuFu5Z1P X0qwe4JpGhuFhNxHM6zNnCQiS1x6FDyfQdjwVt0ABRG0IEFkYW0gQmFjayA8YWRh bUBjeXBoZXJzcGFjZS5vcmc+iQEVAwUQOC6zoD57yqgoskVRAQGL7gf7Bad9KKoc gWM6U3uwxoKql1sSwIGRzzzLl9LTTfVTDRXeCsCxHm37nF19kDMeRQp/LgVfIu02 pByNbdGf35ypvHZECqi9NdZJjP89HG0XhXSuzL9RgpUX9tw3ePUNyRZlRKOjkr/8 V4w2IHg0TcJiOQWFISmGXpNzVkQ+KnRoD6JpO9yAaV/SGtUQMgVCi82I0sLlxp/Q urEEX1dc1ZwoBEDqITR38sLLyQg3BvQbpdIf9Msgm5yo89/h9L4OjjKJ/z++vsJN 5LyDpEfck0XDoNDZmE8XrzC55hZ7p1nBj9cAxFXL6+auh2nCqGUS9f+i+ph1kBiI NiFbzPhq9EImrYkBFQMFEDgus1wUPJ9B2PBW3QEBK4UH/ApFtrRzOoUpBiZ6CKjT 8aMff7+qLXsIT1zlr1ZK4YCnY+ETS/WIMYhQE+sYjA4A+LyEDuhVOpuSk9nRPtK8 H7OhgPkp0X4u4hd3A3hsKtzAGgmHxMJVohPnfTH86OYjT7TAHVDGziQKwp76LW9t rvkAzeYESRXy1JubtY0rOwd0+Ql3MCHrZFLB7Si3TAVyhmimrxTUY8sYl6DvzaER uCwPNsBS319jcNEuDA5fyCEHbTNoMd+HMwTQ300qWXzMe4ZNOIrdelLW5QiYK/Rr BHprmDyhkHYCmBvdGnWiNvG5q+FhioIWd4DJbnx9E8dH6B51NcDL3zsb0xTVJ9ZL 0Ik= =LGiQ -----END PGP PUBLIC KEY BLOCK----- __ENDKEY }); }