gnupg_sign
If verification fails, the gnupg_verify() returns the key's id instead of fingerprint . It does not return FALSE as stated above (PHP4, have not tested PHP5). You can compare it with result of keyinfo:
<?php
$resultOfVerify = gnupg_verify($gpgresource, $message,FALSE,$key);
echo "<pre>\$resultOfVerify",print_r($resultOfVerify),"</pre>";
//Above will out put something like
?>
$resultOfVerify Array
(
[0] => Array
(
[fingerprint] => xxxxxxxxx (IF MESSAGE IS VERIFIED, THEN THIS MATCHES THE KEY FINGERPRINT OF THE KEY, IF UNVERIFIED, MATCHES THE KEY ID
[validity] => 0
[timestamp] => 0
[status] => NNNNNN
[summary] => 4
)
)
<?php
$keyinfo = gnupg_keyinfo($gpgresource,$key);
echo "<pre>\$keyinfo ",print_r($keyinfo),"</pre>";
//Above will out put something like
?>
$keyinfo Array
(
[0] => Array
(
[disabled] =>
[expired] =>
[revoked] =>
[is_secret] =>
[can_sign] => 1
[can_encrypt] => 1
[uids] => Array
(
[0] => Array
(
[name] => WHATEVER
[comment] =>
[email] =>
[uid] => WHATEVER
[revoked] =>
[invalid] =>
)
)
[subkeys] => Array
(
[0] => Array
(
[fingerprint] => xxxxxxxxxxxxxxxxxx
[keyid] => xxxxxxxxx
[timestamp] => xxxxxxxxx
[expires] => 0
[is_secret] =>
[invalid] =>
[can_encrypt] => 1
[can_sign] => 1
[disabled] =>
[expired] =>
[revoked] =>
)
)
)
<?php
//To test if a message/signature pair is verified
if($resultOfVerify[0]['fingerprint'] == $keyinfo[0]['subkeys'][0]['fingerprint']){
//Ok, verified
}else{
//Oops, NOT verified
}
?>
gnupg_verify
(PECL gnupg >= 0.1)
gnupg_verify — Verifies a signed text
Beschreibung
array gnupg_verify
( resource $identifier
, string $signed_text
, string $signature
[, string &$plaintext
] )
Verifies the given signed_text and returns information about the signature.
Parameter-Liste
- identifier
-
Eine von gnupg_init() oder der Klasse gnupg zurückgegebene GnuPG-Ressource.
- signed_text
-
The signed text.
- signature
-
The signature. To verify a clearsigned text, set signature to FALSE.
- plaintext
-
The plain text. If this optional parameter is passed, it is filled with the plain text.
Rückgabewerte
On success, this function returns information about the signature. On failure, this function returns FALSE.
Beispiele
Beispiel #1 Procedural gnupg_verify() example
<?php
$plaintext = "";
$res = gnupg_init();
// clearsigned
$info = gnupg_verify($res,$signed_text,false,$plaintext);
print_r($info);
// detached signature
$info = gnupg_verify($res,$signed_text,$signature);
print_r($info);
?>
Beispiel #2 OO gnupg_verify() example
<?php
$plaintext = "";
$gpg = new gnupg();
// clearsigned
$info = $gpg -> verify($signed_text,false,$plaintext);
print_r($info);
// detached signature
$info = $gpg -> verify($signed_text,$signature);
print_r($info);
?>
add a note
User Contributed Notesgnupg_verify
dd at hibm dot org
26-Feb-2009 01:48
26-Feb-2009 01:48
kae at verens dot com
19-Sep-2008 11:27
19-Sep-2008 11:27
You can see who made the signature by checking its fingerprint:
<?php
$res = gnupg_init();
$info = gnupg_verify($res,$signed_text,$signature);
if($info !== false){
$fingerprint = $info['fingerprint'];
var_dump(gnupg_keyinfo($res, $fingerprint));
}