[PHP] [gnupg] HOW to check signed files from withing PHP

Michelle Konzack Sat, 21 Jun 2008 09:40:56 -0700

************************************************************************
*       Do not Cc: me, because I READ THIS LIST, if I write here       *
*    Keine Cc: am mich, ich LESE DIESE LISTE wenn ich hier schreibe    *
************************************************************************


Hello,

on my "Devel" site, someone can upload Debian Sources/Packages but  they
must be signed.

OK the first file looks like

---[ command 'tddebdevel --get-changes tdddbidate' ]---------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 31 May 2006 17:11:22 +0200
Source: tddebidate
Binary: tddebidate
Architecture: source all
Version: 0.4.7
Distribution: unstable
Urgency: low
Maintainer: Michelle Konzack <[EMAIL PROTECTED]>
Changed-By: Michelle Konzack <[EMAIL PROTECTED]>
Description:
 tddebidate - Show Debian packages by install date/time
Changes:
 tddebidate (0.4.7) unstable; urgency=low
 .
   * Correcting weiredbehaviour of translated TEXT strings in Xdialog
Files:
 0de5e54938bd20a1d0e2ace0eec55708 513 admin extra tddebidate_0.4.7.dsc
 0f6c5b8d180989dac99f0f6fcc3d4a13 6973 admin extra tddebidate_0.4.7.tar.gz
 d2a9d9bc0ac86d861613c1e4d27d8920 8456 admin extra tddebidate_0.4.7_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFEfch5C0FPBMSS+BIRAsYUAJsEwzmzWljrQtGmH+tgmScxOLx8jACfYgFO
FVhP6Wpw75B7TD+QRbGxtsg=
=T2pr
-----END PGP SIGNATURE-----
------------------------------------------------------------------------

and the seconed (.dsc file) is similar.

Does anyone know a tool which is able to check  this  signature  IF  the
PHP5 script runs on the Web-Server?

Currently I do things like:

----[ '/var/www/debian.devel/htdocs/index.php' ]------------------------

$DIR_BASE=/var/www/customers/konzack
$DIR_HOST=$DIR_BASE/debian.devel
$DIR_TMP=$DIR_BASE/TMP
$DIR_GPG=$DIR_BASE/GNUPG

exec("sed '^/Format:/,/^$/!d' $DIR_TMP/$UPLOAD_ID/$CHANGES |grep '.' 
>$DIR_TMP/$UPLOAD_ID/$CHANGES.txt");
exec("sed '/^-----BEGIN PHP SIGNATURE/,/^-----END PHP SIGNATURE/p' 
$DIR_TMP/$UPLOAD_ID/$CHANGES >$DIR_TMP/$UPLOAD_ID/$CHANGES.sig");
exec("gpg --homedir $DIR_GPG/GNUPG --verify $DIR_TMP/$UPLOAD_ID/$CHANGES.sig 
$DIR_TMP/$UPLOAD_ID/$CHANGES.txt"; FOO; GPGRET);
if ($GPGRET) {
  $FLAG = "true";
} else {
  echo "I do not like this files...\n";
  exec("rm --force $DIR_TMP/$UPLOAD_ID/* ; rmdir --ignore-fail-on-non-empty 
$DIR_TMP/$ID")
  $FLAG = "false";
}
------------------------------------------------------------------------

What I realy dislike are the exec() calls.

Any native PHP5 suggestions which are working faster with less resources?

Thanks, Greetings and nice Day/Evening
    Michelle Konzack
    Systemadministrator
    24V Electronic Engineer
    Tamay Dogan Network
    Debian GNU/Linux Consultant


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack   Apt. 917                  ICQ #328449886
+49/177/9351947    50, rue de Soultz         MSN LinuxMichi
+33/6/61925193     67100 Strasbourg/France   IRC #Debian (irc.icq.com)

signature.pgp
Description: Digital signature

[PHP] [gnupg] HOW to check signed files from withing PHP

Reply via email to