Crypt-OpenPGP
view release on metacpan or search on metacpan
);
Because *PGP2* was specified, the data will automatically be encrypted
using the "IDEA" cipher, and will be compressed using "ZIP".
Here is a list of the current compatibility sets and the algorithms and
formats they support.
* PGP2
Encryption: symmetric cipher = "IDEA", compression = "ZIP",
modification detection code (MDC) = 0
Signing: digest = "MD5", packet format = version 3
* PGP5
Encryption: symmetric cipher = "3DES", compression = "ZIP",
modification detection code (MDC) = 0
Signing: digest = "SHA-1", packet format = version 3
* GnuPG
Encryption: symmetric cipher = "Rijndael", compression = "Zlib",
modification detection code (MDC) = 1
Signing: digest = "RIPE-MD/160", packet format = version 4
If the compatibility setting is unspecified (that is, if no *Compat*
argument is supplied), the settings (ciphers, digests, etc.) fall back
to their default settings.
USAGE
*Crypt::OpenPGP* has the following high-level interface. On failure, all
methods will return "undef" and set the *errstr* for the object; look
below at the *ERROR HANDLING* section for more information.
Crypt::OpenPGP->new( %args )
Constructs a new *Crypt::OpenPGP* instance and returns that object.
Returns "undef" on failure.
*%args* can contain:
* Compat
The compatibility mode for this *Crypt::OpenPGP* object. This value
will propagate down into method calls upon this object, meaning that
it will be applied for all method calls invoked on this object. For
example, if you set *Compat* here, you do not have to set it again
when calling *encrypt* or *sign* (below), unless, of course, you
want to set *Compat* to a different value for those methods.
*Compat* influences several factors upon object creation, unless
otherwise overridden in the constructor arguments: if you have a
configuration file for this compatibility mode (eg. ~/.gnupg/options
for GnuPG), it will be automatically read in, and *Crypt::OpenPGP*
will set any options relevant to its execution (symmetric cipher
algorithm, etc.); *PubRing* and *SecRing* (below) are set according
to the default values for this compatibility mode (eg.
~/.gnupg/pubring.gpg for the GnuPG public keyring).
* SecRing
Path to your secret keyring. If unspecified, *Crypt::OpenPGP* will
look for your keyring in a number of default places.
As an alternative to passing in a path to the keyring file, you can
pass in a *Crypt::OpenPGP::KeyRing* object representing a secret
keyring.
* PubRing
Path to your public keyring. If unspecified, *Crypt::OpenPGP* will
look for your keyring in a number of default places.
As an alternative to passing in a path to the keyring file, you can
pass in a *Crypt::OpenPGP::KeyRing* object representing a public
keyring.
* ConfigFile
Path to a PGP/GnuPG config file. If specified, you must also pass in
a value for the *Compat* parameter, stating what format config file
you are passing in. For example, if you are passing in the path to a
GnuPG config file, you should give a value of "GnuPG" for the
*Compat* flag.
If you leave *ConfigFile* unspecified, but you have specified a
value for *Compat*, *Crypt::OpenPGP* will try to find your config
file, based on the value of *Compat* that you pass in (eg.
~/.gnupg/options if *Compat* is "GnuPG").
NOTE: if you do not specify a *Compat* flag, *Crypt::OpenPGP* cannot
read any configuration files, even if you *have* specified a value
for the *ConfigFile* parameter, because it will not be able to
determine the proper config file format.
* KeyServer
The hostname of the HKP keyserver. This is a required argument.
There are a number of keyservers including:
keyserver.ubuntu.com
keys.openpgp.org
If *AutoKeyRetrieve* is set to a true value, keys will be
automatically retrieved from the keyserver if they are not found in
your local keyring.
* AutoKeyRetrieve
If set to a true value, and if *KeyServer* is set to a keyserver
name, *encrypt* and *verify* will automatically try to fetch public
keys from the keyserver if they are not found in your local keyring.
$pgp->handle( %args )
A do-what-I-mean wrapper around *decrypt* and *verify*. Given either a
filename or a block of data--for example, data from an incoming email
message--*handle* "handles" it as appropriate for whatever encryption or
signing the message contains. For example, if the data is encrypted,
A string that identifies the owner of the key. Typically this is the
combination of the user's name and an email address; for example,
Foo Bar <foo@bar.com>
The *Identity* is used to build a User ID packet that is stored in
each of the returned keyblocks.
This is a required argument.
* Passphrase
String with which the secret key will be encrypted. When read in
from disk, the key can then only be unlocked using this string.
This is a required argument.
* Version
Specifies the key version; defaults to version 4 keys. You should
only set this to version 3 if you know why you are doing so (for
backwards compatibility, most likely). Version 3 keys only support
RSA.
* Verbosity
Set to a true value to enable a status display during key
generation; since key generation is a relatively lengthy process, it
is helpful to have an indication that some action is occurring.
*Verbosity* is 0 by default.
ERROR HANDLING
If an error occurs in any of the above methods, the method will return
"undef". You should then call the method *errstr* to determine the
source of the error:
$pgp->errstr
In the case that you do not yet have a *Crypt::OpenPGP* object (that is,
if an error occurs while creating a *Crypt::OpenPGP* object), the error
can be obtained as a class method:
Crypt::OpenPGP->errstr
For example, if you try to decrypt some encrypted text, and you do not
give a passphrase to unlock your secret key:
my $pt = $pgp->decrypt( Filename => "encrypted_data" )
or die "Decryption failed: ", $pgp->errstr;
SAMPLES/TUTORIALS
Take a look at bin/pgplet for an example of usage of *Crypt::OpenPGP*.
It gives you an example of using the four main major methods (*encrypt*,
*sign*, *decrypt*, and *verify*), as well as the various parameters to
those methods. It also demonstrates usage of the callback parameters
(eg. *PassphraseCallback*).
bin/pgplet currently does not have any documentation, but its interface
mirrors that of *gpg*.
LICENSE
Crypt::OpenPGP is free software; you may redistribute it and/or modify
it under the same terms as Perl itself.
AUTHOR & COPYRIGHT
Except where otherwise noted, Crypt::OpenPGP is Copyright 2001 Benjamin
Trott, cpan@stupidfool.org. All rights reserved.
REFERENCES
1 RFC4880 - OpenPGP Message Format (2007).
http://www.faqs.org/rfcs/rfc4880.html
( run in 0.631 second using v1.01-cache-2.11-cpan-df04353d9ac )