1GnuPG::Interface(3)   User Contributed Perl Documentation  GnuPG::Interface(3)
2
3
4

NAME

6       GnuPG::Interface - Perl interface to GnuPG
7

SYNOPSIS

9         # A simple example
10         use IO::Handle;
11         use GnuPG::Interface;
12
13         # settting up the situation
14         my $gnupg = GnuPG::Interface->new();
15         $gnupg->options->hash_init( armor   => 1,
16                                     homedir => '/home/foobar' );
17
18         # Note you can set the recipients even if you aren't encrypting!
19         $gnupg->options->push_recipients( 'ftobin@cpan.org' );
20         $gnupg->options->meta_interactive( 0 );
21
22         # how we create some handles to interact with GnuPG
23         my $input   = IO::Handle->new();
24         my $output  = IO::Handle->new();
25         my $handles = GnuPG::Handles->new( stdin  => $input,
26                                            stdout => $output );
27
28         # Now we'll go about encrypting with the options already set
29         my @plaintext = ( 'foobar' );
30         my $pid = $gnupg->encrypt( handles => $handles );
31
32         # Now we write to the input of GnuPG
33         print $input @plaintext;
34         close $input;
35
36         # now we read the output
37         my @ciphertext = <$output>;
38         close $output;
39
40         waitpid $pid, 0;
41

DESCRIPTION

43       GnuPG::Interface and its associated modules are designed to provide an
44       object-oriented method for interacting with GnuPG, being able to
45       perform functions such as but not limited to encrypting, signing,
46       decryption, verification, and key-listing parsing.
47
48   How Data Member Accessor Methods are Created
49       Each module in the GnuPG::Interface bundle relies on Any::Moose to
50       generate the get/set methods used to set the object's data members.
51       This is very important to realize.  This means that any data member
52       which is a list has special methods assigned to it for pushing,
53       popping, and clearing the list.
54
55   Understanding Bidirectional Communication
56       It is also imperative to realize that this package uses interprocess
57       communication methods similar to those used in IPC::Open3 and
58       "Bidirectional Communication with Another Process" in perlipc, and that
59       users of this package need to understand how to use this method because
60       this package does not abstract these methods for the user greatly.
61       This package is not designed to abstract this away entirely (partly for
62       security purposes), but rather to simply help create 'proper', clean
63       calls to GnuPG, and to implement key-listing parsing.  Please see
64       "Bidirectional Communication with Another Process" in perlipc to learn
65       how to deal with these methods.
66
67       Using this package to do message processing generally invovlves
68       creating a GnuPG::Interface object, creating a GnuPG::Handles object,
69       setting some options in its options data member, and then calling a
70       method which invokes GnuPG, such as clearsign.  One then interacts with
71       with the handles appropriately, as described in "Bidirectional
72       Communication with Another Process" in perlipc.
73

OBJECT METHODS

75   Initialization Methods
76       new( %initialization_args )
77           This methods creates a new object.  The optional arguments are
78           initialization of data members.
79
80       hash_init( %args ).
81
82   Object Methods which use a GnuPG::Handles Object
83       list_public_keys( % )
84       list_sigs( % )
85       list_secret_keys( % )
86       encrypt( % )
87       encrypt_symmetrically( % )
88       sign( % )
89       clearsign( % )
90       detach_sign( % )
91       sign_and_encrypt( % )
92       decrypt( % )
93       verify( % )
94       import_keys( % )
95       export_keys( % )
96       recv_keys( % )
97       send_keys( % )
98           These methods each correspond directly to or are very similar to a
99           GnuPG command described in gpg.  Each of these methods takes a
100           hash, which currently must contain a key of handles which has the
101           value of a GnuPG::Handles object.  Another optional key is
102           command_args which should have the value of an array reference;
103           these arguments will be passed to GnuPG as command arguments.
104           These command arguments are used for such things as determining the
105           keys to list in the export_keys method.  Please note that GnuPG
106           command arguments are not the same as GnuPG options.  To understand
107           what are options and what are command arguments please read
108           "COMMANDS" in gpg and "OPTIONS" in gpg.
109
110           Each of these calls returns the PID for the resulting GnuPG
111           process.  One can use this PID in a "waitpid" call instead of a
112           "wait" call if more precise process reaping is needed.
113
114           These methods will attach the handles specified in the handles
115           object to the running GnuPG object, so that bidirectional
116           communication can be established.  That is, the optionally-defined
117           stdin, stdout, stderr, status, logger, and passphrase handles will
118           be attached to GnuPG's input, output, standard error, the handle
119           created by setting status-fd, the handle created by setting logger-
120           fd, and the handle created by setting passphrase-fd respectively.
121           This tying of handles of similar to the process done in IPC::Open3.
122
123           If you want the GnuPG process to read or write directly to an
124           already-opened filehandle, you cannot do this via the normal
125           IPC::Open3 mechanisms.  In order to accomplish this, set the
126           appropriate handles data member to the already-opened filehandle,
127           and then set the option direct to be true for that handle, as
128           described in "options" in GnuPG::Handles.  For example, to have
129           GnuPG read from the file input.txt and write to output.txt, the
130           following snippet may do:
131
132             my $infile  = IO::File->new( 'input.txt' );
133             my $outfile = IO::File->new( '>output.txt' );
134             my $handles = GnuPG::Handles->new( stdin  => $infile,
135                                                stdout => $outfile,
136                                              );
137             $handles->options( 'stdin'  )->{direct} = 1;
138             $handles->options( 'stdout' )->{direct} = 1;
139
140           If any handle in the handles object is not defined, GnuPG's input,
141           output, and standard error will be tied to the running program's
142           standard error, standard output, or standard error.  If the status
143           or logger handle is not defined, this channel of communication is
144           never established with GnuPG, and so this information is not
145           generated and does not come into play.  If the passphrase data
146           member handle of the handles object is not defined, but the the
147           passphrase data member handle of GnuPG::Interface object is,
148           GnuPG::Interface will handle passing this information into GnuPG
149           for the user as a convience.  Note that this will result in
150           GnuPG::Interface storing the passphrase in memory, instead of
151           having it simply 'pass-through' to GnuPG via a handle.
152
153   Other Methods
154       get_public_keys( @search_strings )
155       get_secret_keys( @search_strings )
156       get_public_keys_with_sigs( @search_strings )
157           These methods create and return objects of the type
158           GnuPG::PublicKey or GnuPG::SecretKey respectively.  This is done by
159           parsing the output of GnuPG with the option with-colons enabled.
160           The objects created do or do not have signature information stored
161           in them, depending if the method ends in _sigs; this separation of
162           functionality is there because of performance hits when listing
163           information with signatures.
164
165       test_default_key_passphrase()
166           This method will return a true or false value, depending on whether
167           GnuPG reports a good passphrase was entered while signing a short
168           message using the values of the passphrase data member, and the
169           default key specified in the options data member.
170

Invoking GnuPG with a custom call

172       GnuPG::Interface attempts to cover a lot of the commands of GnuPG that
173       one would want to perform; however, there may be a lot more calls that
174       GnuPG is and will be capable of, so a generic command interface is
175       provided, "wrap_call".
176
177       wrap_call( %args )
178           Call GnuPG with a custom command.  The %args hash must contain at
179           least the following keys:
180
181           commands
182               The value of this key in the hash must be a reference to a a
183               list of commands for GnuPG, such as "[ qw( --encrypt --sign )
184               ]".
185
186           handles
187               As with most other GnuPG::Interface methods, handles must be a
188               GnuPG::Handles object.
189
190           The following keys are optional.
191
192           command_args
193               As with other GnuPG::Interface methods, the value in hash for
194               this key must be a reference to a list of arguments to be
195               passed to the GnuPG command, such as which keys to list in a
196               key-listing.
197

OBJECT DATA MEMBERS

199       call
200           This defines the call made to invoke GnuPG.  Defaults to 'gpg';
201           this should be changed if 'gpg' is not in your path, or there is a
202           different name for the binary on your system.
203
204       passphrase
205           In order to lessen the burden of using handles by the user of this
206           package, setting this option to one's passphrase for a secret key
207           will allow the package to enter the passphrase via a handle to
208           GnuPG by itself instead of leaving this to the user.  See also
209           "passphrase" in GnuPG::Handles.
210
211       options
212           This data member, of the type GnuPG::Options; the setting stored in
213           this data member are used to determine the options used when
214           calling GnuPG via any of the object methods described in this
215           package.  See GnuPG::Options for more information.
216

EXAMPLES

218       The following setup can be done before any of the following examples:
219
220         use IO::Handle;
221         use GnuPG::Interface;
222
223         my @original_plaintext = ( "How do you doo?" );
224         my $passphrase = "Three Little Pigs";
225
226         my $gnupg = GnuPG::Interface->new();
227
228         $gnupg->options->hash_init( armor    => 1,
229                                     recipients => [ 'ftobin@uiuc.edu',
230                                                     '0xABCD1234' ],
231                                     meta_interactive( 0 ),
232                                   );
233
234   Encrypting
235         # We'll let the standard error of GnuPG pass through
236         # to our own standard error, by not creating
237         # a stderr-part of the $handles object.
238         my ( $input, $output ) = ( IO::Handle->new(),
239                                    IO::Handle->new() );
240
241         my $handles = GnuPG::Handles->new( stdin    => $input,
242                                            stdout   => $output );
243
244         # this sets up the communication
245         # Note that the recipients were specified earlier
246         # in the 'options' data member of the $gnupg object.
247         my $pid = $gnupg->encrypt( handles => $handles );
248
249         # this passes in the plaintext
250         print $input @original_plaintext;
251
252         # this closes the communication channel,
253         # indicating we are done
254         close $input;
255
256         my @ciphertext = <$output>;  # reading the output
257
258         waitpid $pid, 0;  # clean up the finished GnuPG process
259
260   Signing
261         # This time we'll catch the standard error for our perusing
262         my ( $input, $output, $error ) = ( IO::Handle->new(),
263                                            IO::Handle->new(),
264                                            IO::Handle->new(),
265                                          );
266
267         my $handles = GnuPG::Handles->new( stdin    => $input,
268                                            stdout   => $output,
269                                            stderr   => $error,
270                                          );
271
272         # indicate our pasphrase through the
273         # convience method
274         $gnupg->passphrase( $passphrase );
275
276         # this sets up the communication
277         my $pid = $gnupg->sign( handles => $handles );
278
279         # this passes in the plaintext
280         print $input @original_plaintext;
281
282         # this closes the communication channel,
283         # indicating we are done
284         close $input;
285
286         my @ciphertext   = <$output>;  # reading the output
287         my @error_output = <$error>;   # reading the error
288
289         close $output;
290         close $error;
291
292         waitpid $pid, 0;  # clean up the finished GnuPG process
293
294   Decryption
295         # This time we'll catch the standard error for our perusing
296         # as well as passing in the passphrase manually
297         # as well as the status information given by GnuPG
298         my ( $input, $output, $error, $passphrase_fh, $status_fh )
299           = ( IO::Handle->new(),
300               IO::Handle->new(),
301               IO::Handle->new(),
302               IO::Handle->new(),
303               IO::Handle->new(),
304             );
305
306         my $handles = GnuPG::Handles->new( stdin      => $input,
307                                            stdout     => $output,
308                                            stderr     => $error,
309                                            passphrase => $passphrase_fh,
310                                            status     => $status_fh,
311                                          );
312
313         # this time we'll also demonstrate decrypting
314         # a file written to disk
315         # Make sure you "use IO::File" if you use this module!
316         my $cipher_file = IO::File->new( 'encrypted.gpg' );
317
318         # this sets up the communication
319         my $pid = $gnupg->decrypt( handles => $handles );
320
321         # This passes in the passphrase
322         print $passphrase_fd $passphrase;
323         close $passphrase_fd;
324
325         # this passes in the plaintext
326         print $input $_ while <$cipher_file>
327
328         # this closes the communication channel,
329         # indicating we are done
330         close $input;
331         close $cipher_file;
332
333         my @plaintext    = <$output>;   # reading the output
334         my @error_output = <$error>;    # reading the error
335         my @status_info  = <$status_fh> # read the status info
336
337         # clean up...
338         close $output;
339         close $error;
340         close $status_fh;
341
342         waitpid $pid, 0;  # clean up the finished GnuPG process
343
344   Printing Keys
345         # This time we'll just let GnuPG print to our own output
346         # and read from our input, because no input is needed!
347         my $handles = GnuPG::Handles->new();
348
349         my @ids = [ 'ftobin', '0xABCD1234' ];
350
351         # this time we need to specify something for
352         # command_args because --list-public-keys takes
353         # search ids as arguments
354         my $pid = $gnupg->list_public_keys( handles      => $handles,
355                                             command_args => [ @ids ]  );
356
357          waitpid $pid, 0;
358
359   Creating GnuPG::PublicKey Objects
360         my @ids = [ 'ftobin', '0xABCD1234' ];
361
362         my @keys = $gnupg->get_public_keys( @ids );
363
364         # no wait is required this time; it's handled internally
365         # since the entire call is encapsulated
366
367   Custom GnuPG call
368         # assuming $handles is a GnuPG::Handles object
369         my $pid = $gnupg->wrap_call
370           ( commands     => [ qw( --list-packets ) ],
371             command_args => [ qw( test/key.1.asc ) ],
372             handles      => $handles,
373           );
374
375           my @out = <$handles->stdout()>;
376           waitpid $pid, 0;
377

FAQ

379       How do I get GnuPG::Interface to read/write directly from a filehandle?
380           You need to set GnuPG::Handles direct option to be true for the
381           filehandles in concern.  See "options" in GnuPG::Handles and
382           "Object Methods which use a GnuPG::Handles Object" for more
383           information.
384
385       Why do you make it so difficult to get GnuPG to write/read from a
386       filehandle?  In the shell, I can just call GnuPG with the --outfile
387       option!
388           There are lots of issues when trying to tell GnuPG to read/write
389           directly from a file, such as if the file isn't there, or there is
390           a file, and you want to write over it!  What do you want to happen
391           then?  Having the user of this module handle these questions
392           beforehand by opening up filehandles to GnuPG lets the user know
393           fully what is going to happen in these circumstances, and makes the
394           module less error-prone.
395
396       When having GnuPG process a large message, sometimes it just hanges
397       there.
398           Your problem may be due to buffering issues; when GnuPG
399           reads/writes to non-direct filehandles (those that are sent to
400           filehandles which you read to from into memory, not that those
401           access the disk), buffering issues can mess things up.  I recommend
402           looking into "options" in GnuPG::Handles.
403

NOTES

405       This package is the successor to PGP::GPG::MessageProcessor, which I
406       found to be too inextensible to carry on further.  A total redesign was
407       needed, and this is the resulting work.
408
409       After any call to a GnuPG-command method of GnuPG::Interface in which
410       one passes in the handles, one should all wait to clean up GnuPG from
411       the process table.
412

BUGS

414       Currently there are problems when transmitting large quantities of
415       information over handles; I'm guessing this is due to buffering issues.
416       This bug does not seem specific to this package; IPC::Open3 also
417       appears affected.
418
419       I don't know yet how well this modules handles parsing OpenPGP v3 keys.
420

SEE ALSO

422       GnuPG::Options, GnuPG::Handles, GnuPG::PublicKey, GnuPG::SecretKey,
423       gpg, "Bidirectional Communication with Another Process" in perlipc
424

AUTHOR

426       GnuPg::Interface is currently maintained by Jesse Vincent
427       <jesse@cpan.org>.
428
429       Frank J. Tobin, ftobin@cpan.org was the original author of the package.
430
431
432
433perl v5.12.0                      2009-09-30               GnuPG::Interface(3)
Impressum