gnupg_sign
You can see who made the signature by checking its fingerprint:
<?php
$res = gnupg_init();
$info = gnupg_verify($res,$signed_text,$signature);
if($info !== false){
$fingerprint = $info['fingerprint'];
var_dump(gnupg_keyinfo($res, $fingerprint));
}
gnupg_verify
(PECL gnupg >= 0.1)
gnupg_verify — Verifica un texto firmado
Descripción
array gnupg_verify
( resource
$identifier
, string $signed_text
, string $signature
[, string &$plaintext
] )
Verifica el texto dado en signed_text y retorna
información sobre la firma.
Parámetros
-
identifier -
El identificador gnupg, desde una llamada a gnupg_init() o gnupg.
-
signed_text -
El texto firmado.
-
signature -
La firma. Para verificar un texto firmado, indicar el valor
FALSE. -
plaintext -
El texto plano. Si se indica este parámetro opcional, se rellena con el texto.
Valores devueltos
En caso de éxito, esta función retorna información sobre la firma.
En caso de fallo, esta función retorna FALSE.
Ejemplos
Ejemplo #1 Ejemplo de gnupg_verify() mediante funciones
<?php
$plaintext = "";
$res = gnupg_init();
// firmado
$info = gnupg_verify($res,$signed_text,false,$plaintext);
print_r($info);
// firma separada
$info = gnupg_verify($res,$signed_text,$signature);
print_r($info);
?>
Ejemplo #2 Ejemplo de gnupg_verify() mediante OO
<?php
$plaintext = "";
$gpg = new gnupg();
// firmado
$info = $gpg -> verify($signed_text,false,$plaintext);
print_r($info);
// firma separada
$info = $gpg -> verify($signed_text,$signature);
print_r($info);
?>
add a note
User Contributed Notes
gnupg_verify - [2 notes]
kae at verens dot com ¶
4 years ago
dd at hibm dot org ¶
4 years ago
If verification fails, the gnupg_verify() returns the key's id instead of fingerprint . It does not return FALSE as stated above (PHP4, have not tested PHP5). You can compare it with result of keyinfo:
<?php
$resultOfVerify = gnupg_verify($gpgresource, $message,FALSE,$key);
echo "<pre>\$resultOfVerify",print_r($resultOfVerify),"</pre>";
//Above will out put something like
?>
$resultOfVerify Array
(
[0] => Array
(
[fingerprint] => xxxxxxxxx (IF MESSAGE IS VERIFIED, THEN THIS MATCHES THE KEY FINGERPRINT OF THE KEY, IF UNVERIFIED, MATCHES THE KEY ID
[validity] => 0
[timestamp] => 0
[status] => NNNNNN
[summary] => 4
)
)
<?php
$keyinfo = gnupg_keyinfo($gpgresource,$key);
echo "<pre>\$keyinfo ",print_r($keyinfo),"</pre>";
//Above will out put something like
?>
$keyinfo Array
(
[0] => Array
(
[disabled] =>
[expired] =>
[revoked] =>
[is_secret] =>
[can_sign] => 1
[can_encrypt] => 1
[uids] => Array
(
[0] => Array
(
[name] => WHATEVER
[comment] =>
[email] =>
[uid] => WHATEVER
[revoked] =>
[invalid] =>
)
)
[subkeys] => Array
(
[0] => Array
(
[fingerprint] => xxxxxxxxxxxxxxxxxx
[keyid] => xxxxxxxxx
[timestamp] => xxxxxxxxx
[expires] => 0
[is_secret] =>
[invalid] =>
[can_encrypt] => 1
[can_sign] => 1
[disabled] =>
[expired] =>
[revoked] =>
)
)
)
<?php
//To test if a message/signature pair is verified
if($resultOfVerify[0]['fingerprint'] == $keyinfo[0]['subkeys'][0]['fingerprint']){
//Ok, verified
}else{
//Oops, NOT verified
}
?>