Crypt-OpenPGP
3 results

 view release on metacpan or  search on metacpan

lib/Crypt/OpenPGP/Certificate.pm  view on Meta::CPAN 


    $cert->{is_protected} = 0;

    1;
}

sub lock {
    my $cert = shift;
    return if !$cert->{is_secret} || $cert->{is_protected};
    my($passphrase) = @_;
    my $cipher = Crypt::OpenPGP::Cipher->new($cert->{cipher});
    my $sym_key = $cert->{s2k}->generate($passphrase, $cipher->keysize);
    $cert->{iv} = Crypt::OpenPGP::Util::get_random_bytes(8);
    $cipher->init($sym_key, $cert->{iv});
    my @sec = $cert->{key}->secret_props;
    if ($cert->{version} < 4) {
        my $k = $cert->{encrypted} = {};
        my $key = $cert->key;
        for my $e (@sec) {
            $k->{"${e}b"} = mp2bin($key->$e());
            $k->{"${e}h"} = pack 'n', bitsize($key->$e());
        }
        $cert->{csum} = $cert->v3_checksum;
        for my $e (@sec) {
            $k->{"${e}b"} = $cipher->encrypt( $k->{"${e}b"} );
        }
    }
    else {
        my $buf = Crypt::OpenPGP::Buffer->new;
        for my $e (@sec) {
            $buf->put_mp_int($cert->{key}->$e());
        }
        my $cnt = $buf->bytes;
        $cnt .= pack 'n', unpack '%16C*', $cnt;
        $cert->{encrypted} = $cipher->encrypt($cnt);
    }

    $cert->{is_protected} = 1;
    1;
}

1;
__END__

=head1 NAME

Crypt::OpenPGP::Certificate - PGP Key certificate

=head1 SYNOPSIS

    use Crypt::OpenPGP::Certificate;

    my $dsa_secret_key = Crypt::OpenPGP::Key::Secret->new( 'DSA' );
    my $cert = Crypt::OpenPGP::Certificate->new(
        Key => $dsa_secret_key,
        Version => 4,
        Passphrase => 'foobar',
    );
    my $serialized = $cert->save;

    # Unlock the locked certificate (using the passphrase from above)
    $cert->unlock( 'foobar' );

=head1 DESCRIPTION

I<Crypt::OpenPGP::Certificate> encapsulates a PGP key certificate
for any underlying public-key algorithm, for public and secret keys,
and for master keys and subkeys. All of these scenarios are handled
by the same I<Certificate> class.

A I<Crypt::OpenPGP::Certificate> object wraps around a
I<Crypt::OpenPGP::Key> object; the latter implements all public-key
algorithm-specific functionality, while the certificate layer
manages some meta-data about the key, as well as the mechanisms
for locking and unlocking a secret key (using a passphrase).

=head1 USAGE

=head2 Crypt::OpenPGP::Certificate->new( %arg )

Constructs a new PGP key certificate object and returns that object.
If no arguments are provided in I<%arg>, the certificate is empty;
this is used in I<parse>, for example, to construct an empty object,
then fill it with the data in the buffer.

I<%arg> can contain:

=over 4

=item * Key

The public/secret key object, an object of type I<Crypt::OpenPGP::Key>.

This argument is required (for a non-empty certificate).

=item * Version

The certificate packet version, as defined in the OpenPGP RFC. The
two valid values are C<3> and C<4>.

This argument is optional; if not provided the default is to produce
version C<4> certificates. You may wish to override this for
compatibility with older versions of PGP.

=item * Subkey

A boolean flag: if true, indicates that this certificate is a subkey,
not a master key.

This argument is optional; the default value is C<0>.

=item * Validity

The number of days that this certificate is valid. This argument only
applies when creating a version 3 certificate; version 4 certificates
hold this information in a signature.

This argument is optional; the default value is C<0>, which means that
the certificate never expires.

=item * Passphrase

lib/Crypt/OpenPGP/Certificate.pm  view on Meta::CPAN 

Uses the passphrase I<$passphrase> to unlock (decrypt) the secret
part of the key.

Returns true on success, C<undef> on failure; in the case of failure
call I<errstr> to get the error message.

=head2 $cert->fingerprint

Returns the key fingerprint as an octet string.

=head2 $cert->fingerprint_hex

Returns the key fingerprint as a hex string.

=head2 $cert->fingerprint_words

Returns the key fingerprint as a list of English words, where each word
represents one octet from the fingerprint. See I<Crypt::OpenPGP::Words>
for more details about the encoding.

=head2 $cert->key_id

Returns the key ID.

=head2 $cert->key_id_hex

Returns the key ID as a hex string.

=head2 $cert->key

Returns the algorithm-specific portion of the certificate, the public
or secret key object (an object of type I<Crypt::OpenPGP::Key>).

=head2 $cert->public_cert

Returns a public version of the certificate, with a public key. If
the certificate was already public, the same certificate is returned;
if it was a secret certificate, a new I<Crypt::OpenPGP::Certificate>
object is created, and the secret key is made into a public version
of the key.

=head2 $cert->version

Returns the version of the certificate (C<3> or C<4>).

=head2 $cert->timestamp

Returns the creation date and time (in epoch time).

=head2 $cert->validity

Returns the number of days that the certificate is valid for version
3 keys.

=head2 $cert->is_secret

Returns true if the certificate holds a secret key, false otherwise.

=head2 $cert->is_protected

Returns true if the certificate is locked, false otherwise.

=head2 $cert->is_subkey

Returns true if the certificate is a subkey, false otherwise.

=head2 $cert->can_encrypt

Returns true if the public key algorithm for the certificate I<$cert>
can perform encryption/decryption, false otherwise.

=head2 $cert->can_sign

Returns true if the public key algorithm for the certificate I<$cert>
can perform signing/verification, false otherwise.

=head1 AUTHOR & COPYRIGHTS

Please see the Crypt::OpenPGP manpage for author, copyright, and
license information.

=cut



( run in 2.690 seconds using v1.01-cache-2.11-cpan-0d23b851a93 )