gnupg_sign
If verification fails, the gnupg_verify() returns the key's id instead of fingerprint . It does not return FALSE as stated above (PHP4, have not tested PHP5). You can compare it with result of keyinfo:
<?php
$resultOfVerify = gnupg_verify($gpgresource, $message,FALSE,$key);
echo "<pre>\$resultOfVerify",print_r($resultOfVerify),"</pre>";
//Above will out put something like
?>
$resultOfVerify Array
(
[0] => Array
(
[fingerprint] => xxxxxxxxx (IF MESSAGE IS VERIFIED, THEN THIS MATCHES THE KEY FINGERPRINT OF THE KEY, IF UNVERIFIED, MATCHES THE KEY ID
[validity] => 0
[timestamp] => 0
[status] => NNNNNN
[summary] => 4
)
)
<?php
$keyinfo = gnupg_keyinfo($gpgresource,$key);
echo "<pre>\$keyinfo ",print_r($keyinfo),"</pre>";
//Above will out put something like
?>
$keyinfo Array
(
[0] => Array
(
[disabled] =>
[expired] =>
[revoked] =>
[is_secret] =>
[can_sign] => 1
[can_encrypt] => 1
[uids] => Array
(
[0] => Array
(
[name] => WHATEVER
[comment] =>
[email] =>
[uid] => WHATEVER
[revoked] =>
[invalid] =>
)
)
[subkeys] => Array
(
[0] => Array
(
[fingerprint] => xxxxxxxxxxxxxxxxxx
[keyid] => xxxxxxxxx
[timestamp] => xxxxxxxxx
[expires] => 0
[is_secret] =>
[invalid] =>
[can_encrypt] => 1
[can_sign] => 1
[disabled] =>
[expired] =>
[revoked] =>
)
)
)
<?php
//To test if a message/signature pair is verified
if($resultOfVerify[0]['fingerprint'] == $keyinfo[0]['subkeys'][0]['fingerprint']){
//Ok, verified
}else{
//Oops, NOT verified
}
?>
gnupg_verify
(PECL gnupg >= 0.1)
gnupg_verify — 署名済みテキストを検証する
説明
array gnupg_verify
( resource $identifier
, string $signed_text
, string $signature
[, string &$plaintext
] )
指定した signed_text を検証し、署名についての情報を返します。
パラメータ
- identifier
-
gnupg_init() あるいは gnupg のコールで得られた gnupg ID。
- signed_text
-
The signed text.
- signature
-
署名。clearsign で署名されたテキストを検証するには、 signature に FALSE を設定します。
- plaintext
-
平文テキスト。 このオプションのパラメータを渡すと、 復号されたテキストがそこに保存されます。
返り値
成功した場合、この関数は署名についての情報を返します。 失敗した場合、この関数は FALSE を返します。
例
例1 手続き型の gnupg_verify() の例
<?php
$plaintext = "";
$res = gnupg_init();
// clearsigned
$info = gnupg_verify($res,$signed_text,false,$plaintext);
print_r($info);
// detached signature
$info = gnupg_verify($res,$signed_text,$signature);
print_r($info);
?>
例2 オブジェクト指向の gnupg_verify() の例
<?php
$plaintext = "";
$gpg = new gnupg();
// clearsigned
$info = $gpg -> verify($signed_text,false,$plaintext);
print_r($info);
// detached signature
$info = $gpg -> verify($signed_text,$signature);
print_r($info);
?>
add a note
User Contributed Notesgnupg_verify
dd at hibm dot org
26-Feb-2009 01:48
26-Feb-2009 01:48
kae at verens dot com
19-Sep-2008 11:27
19-Sep-2008 11:27
You can see who made the signature by checking its fingerprint:
<?php
$res = gnupg_init();
$info = gnupg_verify($res,$signed_text,$signature);
if($info !== false){
$fingerprint = $info['fingerprint'];
var_dump(gnupg_keyinfo($res, $fingerprint));
}