[PHP-DEV] gnupg_verify help needed

Discussion:

Tsvetan Nikolov

2014-06-14 12:08:17 UTC

Hi PHPers,

I've been fighting with gnupg_verify for days now and cannot understand how
it works. It returns an array in the form of:

array ( 0 => array ( 'fingerprint' => 'BLABLABLA' 'validity' => 0
'timestamp' => 1402666925 'status' => 117440521 'summary' => 128 ) )

I don't understand which part of the array actually shows us that the
verification went well. Do I have to compare the fingerprint or the status
is enough. But then I get different statuses and don't know what they all
mean. Same with summary. On other occasions I get different unexplainable
results like status=>0 validity=>4. There is no documentation on what each
of these means.

Thanks for you help!

Regards,
Tsvetan

Christoph Becker

2014-06-14 15:45:25 UTC

Permalink

Post by Tsvetan Nikolov
I've been fighting with gnupg_verify for days now and cannot understand how
array ( 0 => array ( 'fingerprint' => 'BLABLABLA' 'validity' => 0
'timestamp' => 1402666925 'status' => 117440521 'summary' => 128 ) )
I don't understand which part of the array actually shows us that the
verification went well. Do I have to compare the fingerprint or the status
is enough. But then I get different statuses and don't know what they all
mean. Same with summary. On other occasions I get different unexplainable
results like status=>0 validity=>4. There is no documentation on what each
of these means.

According to <http://www.php.net/manual/en/function.gnupg-verify.php>:

| Verifies the given signed_text and returns information about the
| signature.
| ...
| On success, this function returns information about the signature. On
| failure, this function returns FALSE.

So for basic verification it should suffice to check that the return
value !== false.

[xpost & fup2 php-***@lists.php.net]

--
Christoph M. Becker
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Tsvetan Nikolov

2014-06-14 18:23:49 UTC

Permalink

Thanks Christoph,

This is not sufficient. It returns false only if I enter some random
string. If I try to verify signed text with random signature then it always
returns an array with some data, which in my case doesn't work because I
would like to varify that the text is signed with specific signature and
not with any signature. That's the point of gpg! In this case php returns
array irrespective of which signature is used to sign the text.

Thanks,
Tsvetan

Post by Tsvetan Nikolov

Post by Tsvetan Nikolov
I've been fighting with gnupg_verify for days now and cannot understand

how

Post by Tsvetan Nikolov
array ( 0 => array ( 'fingerprint' => 'BLABLABLA' 'validity' => 0
'timestamp' => 1402666925 'status' => 117440521 'summary' => 128 ) )
I don't understand which part of the array actually shows us that the
verification went well. Do I have to compare the fingerprint or the

status

Post by Tsvetan Nikolov
is enough. But then I get different statuses and don't know what they all
mean. Same with summary. On other occasions I get different unexplainable
results like status=>0 validity=>4. There is no documentation on what

each

Post by Tsvetan Nikolov
of these means.

| Verifies the given signed_text and returns information about the
| signature.
| ...
| On success, this function returns information about the signature. On
| failure, this function returns FALSE.
So for basic verification it should suffice to check that the return
value !== false.
--
Christoph M. Becker