pka_address
Arturo 'Buanzo' Busleiman
buanzo at buanzo.com.ar
Thu Apr 19 03:25:23 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi group!
For my module mod_auth_openpgp I'm currently adding X-Auth-OpenPGP headers such as Fingerprint,
Trust, etc, but I definitely need to be able to provide the email-address (which I guess would be
pka_address). My operation is a simple verify_op against a message+signature.
So, at the end of this message you'll find the function I've written, but although I've tried
different approaches (deprecated and current ones), I've not had luck.
If I verify the same message|signature with gpgv, I get no mail address:
apache at bbs ~ $ gpgv < request.limpio.txt.asc
gpgv: keyblock resource `/var/www/.gnupg/trustedkeys.gpg': general error
gpgv: Signature made Fri Oct 20 08:46:27 2006 ART using DSA key ID 6857704D
gpgv: Can't check signature: public key not found
So I tried this:
apache at bbs ~/.gnupg $ cp pubring.gpg trustedkeys.gpg
apache at bbs ~ $ gpgv < request.limpio.txt.asc
gpgv: Signature made Fri Oct 20 08:46:27 2006 ART using DSA key ID 6857704D
gpgv: Good signature from "Arturo Alberto Busleiman (aka Buanzo) <buanzo at buanzo.com.ar>"
So I thought: "ok, this was my problem, let's try again". But no, my module still does not get a
pka_address that's different from NULL.
So, I although I've spent this week trying to figure this out (even reading the gpgme source) I
couldn't get a hold on the correct way of getting pka_address filled, or even find my mistake, or
whatever.
The fingerprint is correctly obtained, and matches what gpg --list-keys --fingerprint shows me.
Any ideas? Even one word might probably help me. :)
This is the code:
== cut here ==
int
gpg_verification (char *message, char *signature, int msgSize, char **fpr, char
**key_address,request_rec * r) {
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t sign, text;
gpgme_verify_result_t result;
int retval = 1;
if (msgSize < 0) return 1;
err = gpgme_new (&ctx);
if (msgSize == 0)
err = gpgme_data_new_from_mem (&text, message, strlen(message), 0);
else
err = gpgme_data_new_from_mem (&text, message, msgSize, 0);
err = gpgme_data_new_from_mem (&sign, signature, strlen (signature), 0);
err = gpgme_op_verify (ctx, sign, text, NULL);
result = gpgme_op_verify_result (ctx);
switch (gpg_err_code (result->signatures->status)) {
case GPG_ERR_NO_ERROR: {
/* copy fingerprint */
*fpr = apr_pcalloc (r->pool, strlen(result->signatures->fpr) + 1);
memcpy ((char *) *fpr, result->signatures->fpr, strlen(result->signatures->fpr));
/* pka_address can be null when address is unknown.. but WHY is it unknown?! */
if (result->signatures->pka_address != NULL) {
*key_address = apr_pcalloc (r->pool, strlen(result->signatures->pka_address) + 1);
memcpy ((char *) *key_address, result->signatures->pka_address,
strlen(result->signatures->pka_address));
}
retval = 0;
break;
}
default: {
retval = 1;
break;
}
}
gpgme_data_release (sign);
gpgme_data_release (text);
gpgme_release (ctx);
return (retval);
}
== cut here ==
PS: I even tried upgrading gnupg, libgpg-error, gpgme and everything to the latest available version
in Gentoo, which seemed fairly bleeding-edge / near cvs level. I can try CVS if needed.
Sincerely,
- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
Foros GNU/Buanzo: Respeto, Soluciones y Buena Onda: http://foros.buanzo.com.ar
Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGJsUDAlpOsGhXcE0RCnhGAJ9tHN01t948gNuDKrpX8cR34f/UPACggOGH
nucIIDK9gUSGxFUx/dBeoMc=
=Hr0X
-----END PGP SIGNATURE-----
More information about the Gnupg-devel
mailing list