- PGP::new
$pgp = new PGP [$pgppath], [$pgpexec];
Create the PGP encapsulation object. The standard location for
the PGP executable is /usr/local/bin/pgpin.
- PGP::Exec
$pid = Exec $pgp $args, $in, $out, $err, $nobatchmode;
Execute the PGP command and attach the
$in, $out,
$err file handles. This should be fine for the
moment, but need to look into making sure that data is not written to a
temporary file anywhere. The $nobatchmode
parameter causes the PGP command to be executed without the +batchmode
parameter. This seems to only be necessary when a key is being
signed.
The $args variable can have several
substituted strings:
%p PGP path variable
%r Path to PGP keyring
%k Specified user
Note: The above substitutions may change at any time.
It is not advised that you write applications with substitutions. Almost
certainly, the next release will not include substitutions.
The file handle variables--$in,
$out and $err--are send
as normal filehandle names, but they reside in the PGP package. For
example, the following procedure call is made:
PGP->Exec ($args, FIN, FOUT, FERR);
Even though the file handles were specified as
"FIN",
"FOUT" and
"FERR"; they must be referred to as
"PGP::FIN",
"PGP::FOUT" and
"PGP::FERR" in the orignal procedure
that made the call.
- PGP::Sign
$signed_document = Sign $pgp %args;
The "Sign" procedure will
take a file or data and sign with a PGP secret key. The default behavior
is to sign the data with the last secret key added to the keyring, but
that can be overridden with the Key argument. This method always
returns the signed document.
The %args consist of a series of keys
and values. Since there are several variations in the way data can be
signed, not all the following options must be specified. This approach
also makes it much easier to scale to new versions of PGP with more
options.
Armor The output should be ASCII armored
Clear Produce a "clear" signature
Encrypt Encrypt the resulting signed document with
the given keyobj
Detach Create a detached signature
File Sign the specified file
Key Sign with the specified key object
Nosave Do not allow user to save message
Password The password to use for signing
Signfile The filename of the signed document
Text Data to be signed.
Wipe Remove the orignal file
The only absolute argument that is always required is the
"Password".
Examples
Sign $pgp Password => 'xyz', File => '/etc/motd', Clear => 1, Armor => 1;
This would return a signed copy of the /etc/motd file.
In this case, we use a file as the input, but the output is returned at
the method's termination. The orignal file remains in the clear, and the
signature is ASCII armored (Base64).
Sign $pgp Password => 'abc', Text => 'Important info', Armor => 1,
Signfile => 'signed.asc', Key => $keyobj;
This is sort of the reverse of the first example. It takes
what is in the "Text" field and signs
it. It then puts the result in the file signed.asc and returns it
to the caller. In this case, the entire message is ASCII armored
including the orignal text (i.e.
"Text"). We also specify another
secret key to produce the signature. For more information on the the key
objects, please see "PGP::Key" section.
- PGP::Encrypt
$encrypted_document = Encrypt $pgp %args;
The "Encrypt" method
produces an encrypted document with the given public keys specified by
"Key". The
"Encrypt" method follow the same
conventions as the "Sign" method. The
data to be encrypted can be sent to the method or can reside in a file.
The resulting encrypted data can also reside in a file or be sent back
to the caller.
In addition to encrypting a document, the document can also be
signed by using the "Sign" key in the
%args array. If the document is to be signed by
the default secret key (last key added to the secret keyring), then
"Sign" can be left undefined or
contain something other than a reference to a key object. Otherwise the
"Sign" key should contain a reference
to a specific key object (see "PGP::Key").
Armor The output should be ASCII armored
Encryptfile The filename of the encrypted document
File Encrypt the specified file
Key Encrypt with the specified key object
Nosave Do not allow user to save message
Password The password to use for signing
Sign In addition to encrypting, sign the document
Text Data to be encrypted
Wipe Remove orignal file
- PGP::Decrypt
\%stats = Decrypt $pgp %args;
"Decrypt" will use a PGP
secret key to decrypt a message. The secret key must reside on the
secret keyring. The "Decrypt" method
follows the same conventions for data transfer that
"Sign" and
"Encrypt" follow. The resulting
associative array that is sent back contains three fields:
Text The decrypted document
Signature PGP::Key object of the signer (if any)
Time Time document was signed (if any)
Key PGP::Key object used to decrypt document
The following are the accepted arguments:
Password Password to use for decrypting
File File to decrypt
Keyring Needed to return info about document
Plainfile File to put the data in
Text Document to decrypt
Wipe Remove original file
The "Password" argument is
required to perform the decryption of the document. The
"Keyring" argument is also required if
any document information is to be returned.
- PGP::Info
\%doc = Info $pgp %args;
"Info" returns an
associative array or a reference to an associative array to the caller.
This returned structure contains information about the document that is
sent to the "Info" method. The
returned structure is fairly straight forward:
Text The decrypted document
Signature PGP::Key object of the signer (if any)
Time Time document was signed (if any)
Key PGP::Key object used to decrypt document
The "Info" method currently
accepts the following arguments:
File File to decrypt
Text Document to decrypt
At this point, we cheat with the
"Info" method. Basically we send the
document through the "Decrypt" method
and grab the results.