source: keysigning/gpg-challenge.pl @ 42

Last change on this file since 42 was 42, checked in by simon, 17 years ago
  • 64 bytes of /dev/random instead of 18 bytes of /dev/urandom (There’s a theoretical advantage, but not really a practical advantage as it should be hard enough to guess 18 bytes of pseudo-random data that it makes little difference, this is just my policy. Should be configurable really.) (Also note that if you are sending lots of challenges, you may well run out of entropy quite soon when using /dev/random)
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-perl
File size: 3.9 KB
Line 
1#!/usr/bin/perl
2#
3#  Copyright 2002-2006 Ingo Kloecker <mail@ingo-kloecker.de>
4#
5#  This program is free software; you can redistribute it and/or modify
6#  it under the terms of the GNU General Public License as published by
7#  the Free Software Foundation; either version 2 of the License, or
8#  (at your option) any later version.
9#
10#  This program is distributed in the hope that it will be useful,
11#  but WITHOUT ANY WARRANTY; without even the implied warranty of
12#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13#  GNU General Public License for more details.
14#
15#  You should have received a copy of the GNU General Public License
16#  along with this program; if not, write to the Free Software
17#  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
18#
19
20use strict;
21use File::Temp qw(tempfile);
22
23my $myKeyID="0123456789ABCDEF";
24my $myEmailAddress="Full Name <name\@example.com>";
25my $myName="Full Name";
26my $policyURL="http://www.example.com/gpg/policy";
27my $occasion="something";
28
29foreach my $keyID (@ARGV) {
30    if ( $keyID !~ /[A-F0-9]{8}/i )
31    {
32        die "\"$keyID\" doesn't look like a valid Key-ID!\n";
33    }
34
35    printf stderr "Key ID: $keyID\n";
36
37    my (%uids);
38
39    open( GPG, "gpg --with-colon --list-sigs --fixed-list-mode $keyID 2>/dev/null|" )
40        || die "Cannot run gpg\n";
41
42    my $uid = "";
43
44    while ( <GPG> ) {
45        if ( /^uid/ ) {
46            if ( defined( $uid ) && $uid ne "" ) {
47                $uids{$uid} = $uid;
48            }
49            my @fields = split /:/;
50            if ( ( $fields[1] ne "r" ) && ( $fields[1] ne "e" ) ) {
51                # user ID wasn't revoked and hasn't expired
52                $uid = $fields[9];
53                # convert some UTF-8 to latin1
54                $uid =~ s/Ã\\x9f/ß/g;
55                $uid =~ s/Ã\\x89/É/g;
56                $uid =~ s/ä/ä/g;
57                $uid =~ s/á/á/g;
58                $uid =~ s/é/é/g;
59                $uid =~ s/è/è/g;
60                $uid =~ s/ø/ø/g;
61                $uid =~ s/ö/ö/g;
62                $uid =~ s/ü/ü/g;
63                $uid =~ s/Ä\\x8c/C/g;
64                $uid =~ s/Å\\x99/r/g;
65                $uid =~ s/\\x3a/:/g;
66                printf STDERR "Found valid user id $uid.\n"
67            }
68        }
69        elsif ( /^sig.*:$myKeyID:.*x:$/ ) {
70            $uid = "";
71            printf STDERR "This user id was already signed by me.\n"
72        }
73    }
74    close GPG;
75
76    if ( defined( $uid ) && $uid ne "" ) {
77        $uids{$uid} = $uid;
78    }
79
80    foreach $uid ( keys %uids )
81    {
82        # Get a random string:
83        my $challenge;
84        open ( RANDOM, "dd if=/dev/random count=64 bs=1 | mimencode|" )
85            || die "Cannot get random string\n";
86        while ( <RANDOM> )
87        {
88            $challenge .= $_;
89        }
90        chomp $challenge;
91        close RANDOM;
92
93        # Create the encrypted part of the body of the message:
94        my $body = << "EOF";
95Hi,
96
97You are receiving this email because you gave me your OpenPGP key
98details for key-signing at $occasion.
99
100This message is a challenge to help verify that you can read email sent
101to $uid and encrypted to the key with ID $keyID.
102
103You should have received an email for each UID, each containing a random
104string of data.  Please reply from each of the UIDs a message was sent
105to, including the random string, making sure you sign the message.  (You
106may encrypt your reply, but this is not necessary.)
107
108After receiving your reply and checking that the challenge string
109matches the original, I will upload your key to a key server unless you
110specify otherwise.
111
112My key-signing policy can be found at:
113
114    $policyURL
115
116BEGIN CHALLENGE
117$challenge
118END CHALLENGE
119
120Regards,
121$myName
122EOF
123
124        my ($tmp_fh, $tmp_fname) = tempfile();
125        print $tmp_fh $body;
126        close $tmp_fh;
127        system ( "mutt -e \"set pgp_autosign=yes;set pgp_autoencrypt=yes\" -i \"$tmp_fname\" -s \"OpenPGP UID verification\" -- \"$uid\"" );
128        print "$challenge: $uid ($keyID)\n";
129    }
130}
Note: See TracBrowser for help on using the repository browser.