source: keysigning/gpg-challenge.pl @ 37

Last change on this file since 37 was 37, checked in by simon, 17 years ago
  • Nicer name :)
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-perl
File size: 6.3 KB
Line 
1#!/usr/bin/perl
2#
3#  Copyright 2002-2006 Ingo Kloecker <mail@ingo-kloecker.de>
4#
5#  This program is free software; you can redistribute it and/or modify
6#  it under the terms of the GNU General Public License as published by
7#  the Free Software Foundation; either version 2 of the License, or
8#  (at your option) any later version.
9#
10#  This program is distributed in the hope that it will be useful,
11#  but WITHOUT ANY WARRANTY; without even the implied warranty of
12#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13#  GNU General Public License for more details.
14#
15#  You should have received a copy of the GNU General Public License
16#  along with this program; if not, write to the Free Software
17#  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
18#
19
20use strict;
21
22my $myKeyID="0123456789ABCDEF";
23my $myEmailAddress="Full Name <name\@example.com>";
24my $myFirstName="Firstname";
25my $occasion="something";
26
27foreach my $keyID (@ARGV) {
28    if ( $keyID !~ /[A-F0-9]{8}/i )
29    {
30        die "\"$keyID\" doesn't look like a valid Key-ID!\n";
31    }
32
33    printf stderr "Key ID: $keyID\n";
34
35    my (%uids);
36
37    open( GPG, "gpg --with-colon --list-sigs --fixed-list-mode $keyID 2>/dev/null|" )
38        || die "Cannot run gpg\n";
39
40    my $uid = "";
41
42    while ( <GPG> ) {
43        if ( /^uid/ ) {
44            if ( defined( $uid ) && $uid ne "" ) {
45                $uids{$uid} = $uid;
46            }
47            my @fields = split /:/;
48            if ( ( $fields[1] ne "r" ) && ( $fields[1] ne "e" ) ) {
49                # user ID wasn't revoked and hasn't expired
50                $uid = $fields[9];
51                # convert some UTF-8 to latin1
52                $uid =~ s/Ã\\x9f/ß/g;
53                $uid =~ s/Ã\\x89/É/g;
54                $uid =~ s/ä/ä/g;
55                $uid =~ s/á/á/g;
56                $uid =~ s/é/é/g;
57                $uid =~ s/è/è/g;
58                $uid =~ s/ø/ø/g;
59                $uid =~ s/ö/ö/g;
60                $uid =~ s/ü/ü/g;
61                $uid =~ s/Ä\\x8c/C/g;
62                $uid =~ s/Å\\x99/r/g;
63                $uid =~ s/\\x3a/:/g;
64                printf stderr "Found valid user id $uid.\n"
65            }
66        }
67        elsif ( /^sig.*:$myKeyID:.*x:$/ ) {
68            $uid = "";
69            printf stderr "This user id was already signed by me.\n"
70        }
71    }
72    close GPG;
73
74    if ( defined( $uid ) && $uid ne "" ) {
75        $uids{$uid} = $uid;
76    }
77
78    foreach $uid ( keys %uids )
79    {
80        # Get a random string:
81        my $challenge;
82        open ( RANDOM, "head -c 18 /dev/urandom | mimencode|" )
83            || die "Cannot get random string\n";
84        while ( <RANDOM> )
85        {
86            $challenge .= $_;
87        }
88        chomp $challenge;
89        close RANDOM;
90
91        # Create the encrypted part of the body of the message:
92        my $body = << "EOF";
93[Weiter unten steht dasselbe auf deutsch.]
94
95This message is sent as part of my certification process.
96It is to verify that you, the keyholder of $keyID can read email
97sent to the associated address
98$uid
99
100Please, now that you have decrypted this message, simply reply to
101  $myEmailAddress
102quoting
103
104> KeyID: $keyID
105> UserID: $uid
106> Magic: $challenge
107> Upload to keyserver after signing: yes
108
109in the body of your message.
110
111If you asked me to certify more than one userid or email address
112on your key you should receive one of these messages for each
113address - in that case please send one reply per address, too.
114
115After signing your key I will upload it to the keyserver network
116unless you oppose.
117
118-----
119
120Diese Nachricht ist Teil meines Zertifizierungsprozesses. Damit
121überprüfe ich, dass du, der Besitzer des OpenPGP-Schlüssels $keyID,
122die E-Mail-Adresse
123$uid
124kontrollierst.
125
126Jetzt nachdem du diese Nachricht entschlüsselt hast, sende einfach
127eine Antwort an
128  $myEmailAddress
129wobei du Folgendes zitierst:
130
131> KeyID: $keyID
132> UserID: $uid
133> Magic: $challenge
134> Schlüssel nach dem Signieren hochladen: ja
135
136Falls du mich gebeten hast, mehrere UserIDs oder E-Mail-Adressen zu
137zertifizieren, dann solltest du für jede Adresse eine dieser Nachrichten
138erhalten. In diesem Fall sende bitte für jede Nachricht eine separate
139Antwort.
140
141Nachdem ich deinen Schlüssel signiert habe, werde ich ihn auf einen
142oder mehrere Keyserver hochladen, sofern du dem nicht widersprichst.
143EOF
144        # encrypt the message
145        my $tempfile="$keyID.ttt";
146        open( GPG, "|gpg --batch --encrypt --armor --textmode -r 0x$myKeyID \
147--encrypt-to $keyID >$tempfile" )  || die "Cannot run gpg\n";
148        print GPG $body;
149        close GPG;
150        open( FILE, $tempfile )
151            || die "File '$tempfile' doesn't exist\n";
152        my $encbody;
153        while ( <FILE> )
154        {
155          $encbody .= $_;
156        }
157        close FILE;
158        unlink $tempfile;
159
160        $body = << "EOF";
161[Weiter unten steht dasselbe auf deutsch.]
162
163Hi!
164
165You are being sent this message because we exchanged OpenPGP key
166fingerprints at $occasion and you asked me to sign your
167key(s).
168
169Please decrypt the encrypted message for instructions on how to
170complete the certification protocol.
171
172If you don't know what I'm talking about, then please reply to me as
173soon as possible, since someone other than yourself tried to make me
174certify that the OpenPGP key with ID 0x$keyID does belong to you.
175In other words, someone tried to STEAL YOUR IDENTITY.
176
177Regards
178$myFirstName
179
180-----
181
182Hallo!
183
184Wir haben in $occasion Fingerprints unserer OpenPGP-Schlüssel
185ausgetauscht, und du hast mich gebeten, deinen Schlüssel zu
186signieren.
187
188Die folgende verschlüsselte Nachricht erklärt, was du tun musst, damit
189ich deinen Schlüssel zertifiziere.
190
191Falls du nicht weißt, wovon ich rede, dann solltest du mich umgehend
192darüber informieren, da in diesem Fall jemand versucht deine E-Mail-
193Adresse als seine zu verkaufen.
194
195Viele Grüße
196$myFirstName
197
198EOF
199        $body .= $encbody;
200        #open( MAIL, "|mail -s \"OpenPGP key exchange formalities\" \"$uid\"" )
201        #    || die "Cannot run mail\n";
202        #print MAIL $encbody;
203        #close MAIL;
204
205        # using DCOP interface
206        # openComposer( QString to, QString cc, QString bcc,
207        #               QString subject, QString body, bool hidden )
208        open ( DCOP , "dcop kmail default openComposer \"$uid\" \"\" \"\" \"OpenPGP \
209key certification challenge\" \"$body\" false|" ) || die "Cannot access Kmail DCOP \
210interface\n";  my $dcopRef = <DCOP>;
211        close DCOP;
212        chomp $dcopRef;
213       
214        print "$challenge: $uid ($keyID)\n";
215    }
216}
Note: See TracBrowser for help on using the repository browser.