Changeset 40 for keysigning

Timestamp:

Jul 9, 2007, 9:09:04 PM (17 years ago)

Author:

simon

Message:

• Different message, and only encrypted.
• Fire mutt to send the mail.
• Rely on mutt for signing and encryption instead of doing it in the script.

File:

• keysigning/gpg-challenge.pl (modified) (2 diffs)

keysigning/gpg-challenge.pl

@@ -19 +19 @@
 
 use strict;
+use File::Temp qw(tempfile);
 
 my $myKeyID="0123456789ABCDEF";
 my $myEmailAddress="Full Name <name\@example.com>";
 my $myFirstName="Firstname";
+my $policyURL="http://www.example.com/gpg/policy";
 my $occasion="something";
 
@@ -91 +93 @@
         # Create the encrypted part of the body of the message:
         my $body = << "EOF";
-[Weiter unten steht dasselbe auf deutsch.]
+Hi,
 
-This message is sent as part of my certification process.
-It is to verify that you, the keyholder of $keyID can read email
-sent to the associated address
-$uid
+You are receiving this email because you gave me your OpenPGP key
+details for key-signing at $occasion.
 
-Please, now that you have decrypted this message, simply reply to
-  $myEmailAddress
-quoting
+This message is a challenge to help verify that you can read email sent
+to $uid and encrypted to the key with ID $keyID.
 
-> KeyID: $keyID
-> UserID: $uid
-> Magic: $challenge
-> Upload to keyserver after signing: yes
+You should have received an email for each UID, each containing a random
+string of data.  Please reply from each of the UIDs a message was sent
+to, including the random string, making sure you sign the message.  (You
+may encrypt your reply, but this is not necessary.)
 
-in the body of your message.
+After receiving your reply and checking that the challenge string
+matches the original, I will upload your key to a key server unless you
+specify otherwise.
 
-If you asked me to certify more than one userid or email address
-on your key you should receive one of these messages for each
-address - in that case please send one reply per address, too.
+My key-signing policy can be found at:
 
-After signing your key I will upload it to the keyserver network
-unless you oppose.
+    $policyURL
 
------
+BEGIN CHALLENGE
+$challenge
+END CHALLENGE
 
-Diese Nachricht ist Teil meines Zertifizierungsprozesses. Damit
-überprüfe ich, dass du, der Besitzer des OpenPGP-Schlüssels $keyID,
-die E-Mail-Adresse
-$uid
-kontrollierst.
+Regards,
+$myFirstName
+EOF
 
-Jetzt nachdem du diese Nachricht entschlüsselt hast, sende einfach
-eine Antwort an
-  $myEmailAddress
-wobei du Folgendes zitierst:
-
-> KeyID: $keyID
-> UserID: $uid
-> Magic: $challenge
-> Schlüssel nach dem Signieren hochladen: ja
-
-Falls du mich gebeten hast, mehrere UserIDs oder E-Mail-Adressen zu
-zertifizieren, dann solltest du für jede Adresse eine dieser Nachrichten
-erhalten. In diesem Fall sende bitte für jede Nachricht eine separate
-Antwort.
-
-Nachdem ich deinen Schlüssel signiert habe, werde ich ihn auf einen
-oder mehrere Keyserver hochladen, sofern du dem nicht widersprichst.
-EOF
-        # encrypt the message
-        my $tempfile="$keyID.ttt";
-        open( GPG, "|gpg --batch --encrypt --armor --textmode -r 0x$myKeyID \
---encrypt-to $keyID >$tempfile" )  || die "Cannot run gpg\n";
-        print GPG $body;
-        close GPG;
-        open( FILE, $tempfile )
-            || die "File '$tempfile' doesn't exist\n";
-        my $encbody;
-        while ( <FILE> )
-        {
-          $encbody .= $_;
-        }
-        close FILE;
-        unlink $tempfile;
-
-        $body = << "EOF";
-[Weiter unten steht dasselbe auf deutsch.]
-
-Hi!
-
-You are being sent this message because we exchanged OpenPGP key
-fingerprints at $occasion and you asked me to sign your
-key(s).
-
-Please decrypt the encrypted message for instructions on how to
-complete the certification protocol.
-
-If you don't know what I'm talking about, then please reply to me as
-soon as possible, since someone other than yourself tried to make me
-certify that the OpenPGP key with ID 0x$keyID does belong to you.
-In other words, someone tried to STEAL YOUR IDENTITY.
-
-Regards
-$myFirstName
-
------
-
-Hallo!
-
-Wir haben in $occasion Fingerprints unserer OpenPGP-Schlüssel
-ausgetauscht, und du hast mich gebeten, deinen Schlüssel zu
-signieren.
-
-Die folgende verschlüsselte Nachricht erklärt, was du tun musst, damit
-ich deinen Schlüssel zertifiziere.
-
-Falls du nicht weißt, wovon ich rede, dann solltest du mich umgehend
-darüber informieren, da in diesem Fall jemand versucht deine E-Mail-
-Adresse als seine zu verkaufen.
-
-Viele Grüße
-$myFirstName
-
-EOF
-        $body .= $encbody;
-        #open( MAIL, "|mail -s \"OpenPGP key exchange formalities\" \"$uid\"" )
-        #    || die "Cannot run mail\n";
-        #print MAIL $encbody;
-        #close MAIL;
-
-        # using DCOP interface
-        # openComposer( QString to, QString cc, QString bcc,
-        #               QString subject, QString body, bool hidden )
-        open ( DCOP , "dcop kmail default openComposer \"$uid\" \"\" \"\" \"OpenPGP \
-key certification challenge\" \"$body\" false|" ) || die "Cannot access Kmail DCOP \
-interface\n";  my $dcopRef = <DCOP>;
-        close DCOP;
-        chomp $dcopRef;
-        
+        my ($tmp_fh, $tmp_fname) = tempfile();
+        print $tmp_fh $body;
+        close $tmp_fh;
+        system ( "mutt -e \"set pgp_autosign=yes;set pgp_autoencrypt=yes\" -i \"$tmp_fname\" -s \"OpenPGP UID verification\" -- \"$uid\"" );
         print "$challenge: $uid ($keyID)\n";
     }