.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{ . if \nF \{ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "GPG 3pm" .TH GPG 3pm "2015-08-31" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" Crypt::GPG \- An Object Oriented Interface to GnuPG. .SH "VERSION" .IX Header "VERSION" .Vb 2 \& $Revision: 1.52 $ \& $Date: 2005/02/23 09:12:54 $ .Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 2 \& use Crypt::GPG; \& my $gpg = new Crypt::GPG; \& \& $gpg\->gpgbin(\*(Aq/usr/bin/gpg\*(Aq); # The GnuPG executable. \& $gpg\->secretkey(\*(Aq0x2B59D29E\*(Aq); # Set ID of default secret key. \& $gpg\->passphrase(\*(Aqjust testing\*(Aq); # Set passphrase. \& \& # Sign a message: \& \& my $sign = $gpg\->sign(\*(Aqtesting again\*(Aq); \& \& # Encrypt a message: \& \& my @encrypted = $gpg\->encrypt (\*(Aqtop secret\*(Aq, \*(Aqtest@bar.com\*(Aq); \& \& # Get message info: \& \& my @recipients = $gpg\->msginfo($encrypted); \& \& # Decrypt a message. \& \& my ($plaintext, $signature) = $gpg\->verify($encrypted); \& \& # Key generation: \& \& $status = $gpg\->keygen \& (\*(AqTest\*(Aq, \*(Aqtest@foo.com\*(Aq, \*(AqELG\-E\*(Aq, 2048, 0, \*(Aqtest passphrase\*(Aq); \& print while (<$status>); close $status; \& \& # Key database manipulation: \& \& $gpg\->addkey($key, @ids); \& @keys = $gpg\->keydb(@ids); \& \& # Key manipulation: \& \& $key = $keys[0]; \& \& $gpg\->delkey($key); \& $gpg\->disablekey($key); \& $gpg\->enablekey($key); \& $gpg\->keypass($key, $oldpassphrase, $newpassphrase); \& $keystring = $gpg\->export($key); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The Crypt::GPG module provides access to the functionality of the GnuPG (www.gnupg.org) encryption tool through an object oriented interface. .PP It provides methods for encryption, decryption, signing, signature verification, key generation, key certification, export and import. Key-server access is on the todo list. .PP This release of the module may create compatibility issues with previous versions. If you find any such problems, or any bugs or documentation errors, please do report them to crypt-gpg at neomailbox.com. .SH "CONSTRUCTOR" .IX Header "CONSTRUCTOR" .IP "\fB\f(BInew()\fB\fR" 2 .IX Item "new()" Creates and returns a new Crypt::GPG object. .SH "DATA METHODS" .IX Header "DATA METHODS" .IP "\fBgpgbin($path)\fR" 2 .IX Item "gpgbin($path)" Sets the \fB\s-1GPGBIN\s0\fR instance variable which gives the path to the GnuPG binary. .IP "\fBgpgopts($opts)\fR" 2 .IX Item "gpgopts($opts)" Sets the \fB\s-1GPGOPTS\s0\fR instance variable which may be used to pass additional options to the GnuPG binary. For proper functioning of this module, it is advisable to always include '\-\-lock\-multiple' in the \&\s-1GPGOPTS\s0 string. .IP "\fBdelay($seconds)\fR" 2 .IX Item "delay($seconds)" Sets the \fB\s-1DELAY\s0\fR instance variable. This is no longer necessary (nor used) in the current version of the module, but remains so existing scripts don't break. .IP "\fBsecretkey($keyid)\fR" 2 .IX Item "secretkey($keyid)" Sets the \fB\s-1SECRETKEY\s0\fR instance variable which may be a KeyID or a username. This is the \s-1ID\s0 of the default key to use for signing. .IP "\fBpassphrase($passphrase)\fR" 2 .IX Item "passphrase($passphrase)" Sets the \fB\s-1PASSPHRASE\s0\fR instance variable, required for signing and decryption. .IP "\fBtext($boolean)\fR" 2 .IX Item "text($boolean)" Sets the \fB\s-1TEXT\s0\fR instance variable. If set true, GnuPG will use network-compatible line endings for proper cross-platform compatibility and the plaintext will gain a newline at the end, if it does not already have one. .IP "\fBarmor($boolean)\fR" 2 .IX Item "armor($boolean)" Sets the \fB\s-1ARMOR\s0\fR instance variable, controlling the \s-1ASCII\s0 armoring of output. The default is to use ascii-armoring. The module has not been tested with this option turned off, and most likely will not work if you switch this off. .IP "\fBdetach($boolean)\fR" 2 .IX Item "detach($boolean)" Sets the \fB\s-1DETACH\s0\fR instance variable. If set true, the sign method will produce detached signature certificates, else it won't. The default is to produce detached signatures. .IP "\fBencryptsafe($boolean)\fR" 2 .IX Item "encryptsafe($boolean)" Sets the \fB\s-1ENCRYPTSAFE\s0\fR instance variable. If set true, encryption will fail if trying to encrypt to a key which is not trusted. This is the default. Turn this off if you want to encrypt to untrusted keys. .IP "\fBdebug($boolean)\fR" 2 .IX Item "debug($boolean)" Sets the \fB\s-1DEBUG\s0\fR instance variable which causes the raw output of Crypt::GPG's interaction with the GnuPG binary to be dumped to \&\s-1STDOUT.\s0 By default, debugging is off. .SH "OBJECT METHODS" .IX Header "OBJECT METHODS" .IP "\fBsign(@message)\fR" 2 .IX Item "sign(@message)" Signs \fB\f(CB@message\fB\fR with the secret key specified with \fB\f(BIsecretkey()\fB\fR and returns the result as a string. .IP "\fBdecrypt(\e@message, [\e@signature])\fR" 2 .IX Item "decrypt(@message, [@signature])" This is just an alias for \fB\f(BIverify()\fB\fR .IP "\fBverify(\e@message, [\e@signature])\fR" 2 .IX Item "verify(@message, [@signature])" Decrypts and/or verifies the message in \fB\f(CB@message\fB\fR, optionally using the detached signature in \fB\f(CB@signature\fB\fR, and returns a list whose first element is plaintext message as a string. If the message was signed, a Crypt::GPG::Signature object is returned as the second element of the list. .Sp The Crypt::GPG::Signature object can be queried with the following methods: .Sp .Vb 4 \& $sig\->validity(); # \*(AqGOOD\*(Aq, \*(AqBAD\*(Aq, or \*(AqUNKNOWN\*(Aq \& $sig\->keyid(); # ID of signing key \& $sig\->time(); # Time the signature was made \& $sig\->trusted(); # Signature trust level .Ve .IP "\fBmsginfo(@ciphertext)\fR" 2 .IX Item "msginfo(@ciphertext)" Returns a list of the recipient key IDs that \fB\f(CB@ciphertext\fB\fR is encrypted to. .ie n .IP "\fBencrypt($plaintext, \fB$keylist\fB, [\-sign] )\fR" 2 .el .IP "\fBencrypt($plaintext, \f(CB$keylist\fB, [\-sign] )\fR" 2 .IX Item "encrypt($plaintext, $keylist, [-sign] )" Encrypts \fB\f(CB$plaintext\fB\fR with the public keys of the recipients listed in \fB\f(CB$keylist\fB\fR and returns the result in a string, or \fBundef\fR if there was an error while processing. Returns undef if any of the keys are not found. .Sp Either \f(CW$plaintext\fR or \f(CW$keylist\fR may be specified as either an arrayref or a simple scalar. .Sp If \f(CW$plaintext\fR is a an arrayref, it will be \fIjoin()\fRed without newlines. .Sp If you want to encrypt to multiple recipients, you must use the arrayref version of \f(CW$keylist\fR. A scalar \f(CW$keylist\fR works for only a single key \s-1ID.\s0 .Sp If the \-sign option is provided, the message will be signed before encryption. The secret key and passphrase must be set for signing to work. They can be set with the \fIsecretkey()\fR and \fIpassphrase()\fR methods. .ie n .IP "\fBaddkey($key, \fB$pretend\fB, \f(BI@keyids\fB)\fR" 2 .el .IP "\fBaddkey($key, \f(CB$pretend\fB, \f(CB@keyids\fB)\fR" 2 .IX Item "addkey($key, $pretend, @keyids)" Adds the keys given in \fB\f(CB$key\fB\fR to the user's key ring and returns a list of Crypt::GPG::Key objects corresponding to the keys that were added. \f(CW$key\fR may be a string or an array reference. .Sp If \fB\f(CB$pretend\fB\fR is true, it pretends to add the key and creates the key object, but doesn't actually perform the key addition. .Sp Optionally, a list of key IDs may be specified. If a list of key IDs is specified, only keys that match those IDs will be imported. The rest will be ignored. .IP "\fBexport($key)\fR" 2 .IX Item "export($key)" Exports the key specified by the Crypt::GPG::Key object \fB\f(CB$key\fB\fR and returns the result as a string. .ie n .IP "\fBkeygen($name, \fB$email\fB, \f(BI$keytype\fB, \f(CB$keysize\fB, \f(CB$expire\fB, \f(CB$passphrase\fB)\fR" 2 .el .IP "\fBkeygen($name, \f(CB$email\fB, \f(CB$keytype\fB, \f(CB$keysize\fB, \f(CB$expire\fB, \f(CB$passphrase\fB)\fR" 2 .IX Item "keygen($name, $email, $keytype, $keysize, $expire, $passphrase)" Creates a new keypair with the parameters specified. The only supported \fB\f(CB$keytype\fB\fR currently is '\s-1ELG\-E\s0'. \fB\f(CB$keysize\fB\fR can be any of 1024, 2048, 3072 or 4096. Returns undef if there was an error, otherwise returns a filehandle that reports the progress of the key generation process similar to the way GnuPG does. The key generation is not complete till you read an \s-1EOF\s0 from the returned filehandle. .ie n .IP "\fBcertify($keyid, \fB$local\fB, \f(BI@uids\fB)\fR" 2 .el .IP "\fBcertify($keyid, \f(CB$local\fB, \f(CB@uids\fB)\fR" 2 .IX Item "certify($keyid, $local, @uids)" Certifies to the authenticity of UIDs of the key with \s-1ID\s0 \f(CW$keyid\fR. If \&\f(CW$local\fR is true, the certification will be non-exportable. The \f(CW@uids\fR parameter should contain the list of UIDs to certify (the first \s-1UID\s0 of a key is 0). .IP "\fBkeydb(@keyids)\fR" 2 .IX Item "keydb(@keyids)" Returns an array of Crypt::GPG::Key objects corresponding to the Key IDs listed in \fB\f(CB@keyids\fB\fR. This method used to be called \fBkeyinfo\fR and that is still an alias to this method. .IP "\fBparsekeys(@keylist)\fR" 2 .IX Item "parsekeys(@keylist)" Parses a raw GnuPG formatted key listing in \fB\f(CB@keylist\fB\fR and returns an array of Crypt::GPG::Key objects. .ie n .IP "\fBkeypass($key, \fB$oldpass\fB, \f(BI$newpass\fB)\fR" 2 .el .IP "\fBkeypass($key, \f(CB$oldpass\fB, \f(CB$newpass\fB)\fR" 2 .IX Item "keypass($key, $oldpass, $newpass)" Change the passphrase for a key. Returns true if the passphrase change succeeded, false if not, or undef if there was an error. .IP "\fBdelkey($keyid)\fR" 2 .IX Item "delkey($keyid)" Deletes the key specified by the Crypt::GPG::Key object \fB\f(CB$key\fB\fR from the user's key ring. Returns undef if there was an error, or 1 if the key was successfully deleted. .IP "\fBdisablekey($keyid)\fR" 2 .IX Item "disablekey($keyid)" Disables the key specified by the Crypt::GPG::Key object \fB\f(CB$key\fB\fR. .IP "\fBenablekey($keyid)\fR" 2 .IX Item "enablekey($keyid)" Enables the key specified by the Crypt::GPG::Key object \fB\f(CB$key\fB\fR. .SH "Crypt::GPG::Signature" .IX Header "Crypt::GPG::Signature" .Vb 1 \& Documentation coming soon. .Ve .SH "Crypt::GPG::Key" .IX Header "Crypt::GPG::Key" .Vb 1 \& Documentation coming soon. .Ve .SH "TODO" .IX Header "TODO" .IP "\(bu" 2 Key server access. .IP "\(bu" 2 More complete key manipulation interface. .IP "\(bu" 2 Filehandle interface to handle large messages. .SH "BUGS" .IX Header "BUGS" .IP "\(bu" 2 Error checking needs work. .IP "\(bu" 2 Some key manipulation functions are missing. .IP "\(bu" 2 The method call interface is subject to change in future versions. .IP "\(bu" 2 The current implementation will probably eat up all your \s-1RAM\s0 if you try to operate on huge messages. In future versions, this will be addressed by reading from and returning filehandles, rather than using in-core data. .IP "\(bu" 2 Methods may break if you don't use \s-1ASCII\s0 armoring. .SH "CHANGELOG" .IX Header "CHANGELOG" .RS 2 \&\f(CW$Log:\fR \s-1GPG\s0.pm,v $ Revision 1.52 2005/02/23 09:12:54 cvs .Sp .Vb 1 \& \- Overhauled to use IPC::Run instead of Expect. \& \& \- Test suite split up into multiple scripts. .Ve .Sp Revision 1.42 2002/12/11 03:33:19 cvs .Sp .Vb 1 \& \- Fixed bug in certify() when trying to certify revoked a key. \& \& \- Applied dharris\ex40drh.net\*(Aqs patch to allow for varying date formats \& between gpg versions, and fix time parsing and the \& Crypt::GPG::Signature autoloaded accessor functions. .Ve .Sp Revision 1.40 2002/09/23 23:01:53 cvs .Sp .Vb 1 \& \- Fixed a bug in keypass() \& \& \- Documentation fixes. .Ve .Sp Revision 1.37 2002/09/21 02:37:49 cvs .Sp .Vb 1 \& \- Fixed signing option in encrypt. .Ve .Sp Revision 1.36 2002/09/21 00:03:29 cvs .Sp .Vb 1 \& \- Added many tests and fixed a bunch of bugs. .Ve .Sp Revision 1.34 2002/09/20 19:07:11 cvs .Sp .Vb 2 \& \- Extensively modified formatting to make the code easier to \& read. All lines are now < 80 chars. \& \& \- Removed all instances of invoking a shell. \& \& \- Misc. other stuff. .Ve .Sp Revision 1.31 2002/09/20 16:38:45 cvs .Sp .Vb 3 \& \- Cleaned up export and addkey. Fixed(?) addkey clobbering trustdb \& problem (thanks to jrray\ex40spacemeat.com for the patch). Added \& support for signature verification on addkey pretend. \& \& \- No calls to POSIX::tmpnam remain (thanks to radek\ex40karnet.pl and \& jrray\ex40spacemeat.com for suggesting File::Temp). .Ve .Sp Revision 1.30 2002/09/20 15:25:47 cvs .Sp .Vb 3 \& \- Fixed up tempfile handling and eliminated calls to the shell in \& encrypt(), sign() and msginfo(). Passing all currently defined \& tests. \& \& \- Hopefully also fixed signing during encryption and verification of \& detached signatures. Not tested this yet. .Ve .Sp Revision 1.29 2002/09/20 11:19:02 cvs .Sp .Vb 3 \& \- Removed hack to Version: string. Only the Comment: string in GPG \& output is now modified by Crypt::GPG. (Thanks to \& eisen\ex40schlund.de for pointing out the bug here) \& \& \- Removed code that incorrectly replaced \*(AqPGP MESSAGE\*(Aq with \*(AqPGP \& SIGNATURE\*(Aq on detached signatures. (Thanks to ddcc\ex40mit.edu for \& pointing this out). \& \& \- Fixed up addkey() to properly handle pretend mode and to \& selectively import only requested key IDs from a key block. \& \& \- parsekeys() now also figures out which keyring a key belongs to. \& \& \- Added certify() method, to enable certifying keys. \& \& \- Added Crypt::GPG::Signature methods \- validity(), keyid(), time() \& and trusted(). .Ve .RE .SH "AUTHOR" .IX Header "AUTHOR" Crypt::GPG is Copyright (c) 2000\-2005 Ashish Gulhati . All Rights Reserved. .SH "ACKNOWLEDGEMENTS" .IX Header "ACKNOWLEDGEMENTS" Thanks to Barkha, my sunshine. And to the GnuPG team and everyone who writes free software. .SH "LICENSE" .IX Header "LICENSE" This code is free software; you can redistribute it and/or modify it under the same terms as Perl itself. .SH "BUGS REPORTS, PATCHES, FEATURE REQUESTS" .IX Header "BUGS REPORTS, PATCHES, FEATURE REQUESTS" Are very welcome. Email crypt-gpg at neomailbox.com.