Diese Seite bei php.net
The PHP manual text and comments are covered by the Creative Commons Attribution 3.0 License © the PHP Documentation Group - Impressum - mail("TO:Reinhard Neidl",...)
(PECL gnupg >= 0.1)
gnupg_verify — Verifies a signed text
Verifies the given signed_text and returns information about the signature.
Eine von gnupg_init() oder der Klasse gnupg zurückgegebene GnuPG-Ressource.
The signed text.
The signature. To verify a clearsigned text, set signature to FALSE.
The plain text. If this optional parameter is passed, it is filled with the plain text.
On success, this function returns information about the signature. On failure, this function returns FALSE.
Beispiel #1 Procedural gnupg_verify() example
<?php
$plaintext = "";
$res = gnupg_init();
// clearsigned
$info = gnupg_verify($res,$signed_text,false,$plaintext);
print_r($info);
// detached signature
$info = gnupg_verify($res,$signed_text,$signature);
print_r($info);
?>
Beispiel #2 OO gnupg_verify() example
<?php
$plaintext = "";
$gpg = new gnupg();
// clearsigned
$info = $gpg -> verify($signed_text,false,$plaintext);
print_r($info);
// detached signature
$info = $gpg -> verify($signed_text,$signature);
print_r($info);
?>
If verification fails, the gnupg_verify() returns the key's id instead of fingerprint . It does not return FALSE as stated above (PHP4, have not tested PHP5). You can compare it with result of keyinfo:
<?php
$resultOfVerify = gnupg_verify($gpgresource, $message,FALSE,$key);
echo "<pre>\$resultOfVerify",print_r($resultOfVerify),"</pre>";
//Above will out put something like
?>
$resultOfVerify Array
(
[0] => Array
(
[fingerprint] => xxxxxxxxx (IF MESSAGE IS VERIFIED, THEN THIS MATCHES THE KEY FINGERPRINT OF THE KEY, IF UNVERIFIED, MATCHES THE KEY ID
[validity] => 0
[timestamp] => 0
[status] => NNNNNN
[summary] => 4
)
)
<?php
$keyinfo = gnupg_keyinfo($gpgresource,$key);
echo "<pre>\$keyinfo ",print_r($keyinfo),"</pre>";
//Above will out put something like
?>
$keyinfo Array
(
[0] => Array
(
[disabled] =>
[expired] =>
[revoked] =>
[is_secret] =>
[can_sign] => 1
[can_encrypt] => 1
[uids] => Array
(
[0] => Array
(
[name] => WHATEVER
[comment] =>
[email] =>
[uid] => WHATEVER
[revoked] =>
[invalid] =>
)
)
[subkeys] => Array
(
[0] => Array
(
[fingerprint] => xxxxxxxxxxxxxxxxxx
[keyid] => xxxxxxxxx
[timestamp] => xxxxxxxxx
[expires] => 0
[is_secret] =>
[invalid] =>
[can_encrypt] => 1
[can_sign] => 1
[disabled] =>
[expired] =>
[revoked] =>
)
)
)
<?php
//To test if a message/signature pair is verified
if($resultOfVerify[0]['fingerprint'] == $keyinfo[0]['subkeys'][0]['fingerprint']){
//Ok, verified
}else{
//Oops, NOT verified
}
?>
You can see who made the signature by checking its fingerprint:
<?php
$res = gnupg_init();
$info = gnupg_verify($res,$signed_text,$signature);
if($info !== false){
$fingerprint = $info['fingerprint'];
var_dump(gnupg_keyinfo($res, $fingerprint));
}
Diese Seite bei php.net