1GnuPG::Interface(3)   User Contributed Perl Documentation  GnuPG::Interface(3)
2
3
4

NAME

6       GnuPG::Interface - Perl interface to GnuPG
7

SYNOPSIS

9         # A simple example
10         use IO::Handle;
11         use GnuPG::Interface;
12
13         # settting up the situation
14         my $gnupg = GnuPG::Interface->new();
15         $gnupg->options->hash_init( armor   => 1,
16                                     homedir => '/home/foobar' );
17
18         # Note you can set the recipients even if you aren't encrypting!
19         $gnupg->options->push_recipients( 'ftobin@cpan.org' );
20         $gnupg->options->meta_interactive( 0 );
21
22         # how we create some handles to interact with GnuPG
23         my $input   = IO::Handle->new();
24         my $output  = IO::Handle->new();
25         my $handles = GnuPG::Handles->new( stdin  => $input,
26                                            stdout => $output );
27
28         # Now we'll go about encrypting with the options already set
29         my @plaintext = ( 'foobar' );
30         my $pid = $gnupg->encrypt( handles => $handles );
31
32         # Now we write to the input of GnuPG
33         print $input @plaintext;
34         close $input;
35
36         # now we read the output
37         my @ciphertext = <$output>;
38         close $output;
39
40         waitpid $pid, 0;
41

DESCRIPTION

43       GnuPG::Interface and its associated modules are designed to provide an
44       object-oriented method for interacting with GnuPG, being able to per‐
45       form functions such as but not limited to encrypting, signing, decryp‐
46       tion, verification, and key-listing parsing.
47
48       How Data Member Accessor Methods are Created
49
50       Each module in the GnuPG::Interface bundle relies on Class::MethodMaker
51       to generate the get/set methods used to set the object's data members.
52       This is very important to realize.  This means that any data member
53       which is a list has special methods assigned to it for pushing, pop‐
54       ping, and clearing the list.
55
56       Understanding Bidirectional Communication
57
58       It is also imperative to realize that this package uses interprocess
59       communication methods similar to those used in IPC::Open3 and "Bidirec‐
60       tional Communication with Another Process" in perlipc, and that users
61       of this package need to understand how to use this method because this
62       package does not abstract these methods for the user greatly.  This
63       package is not designed to abstract this away entirely (partly for
64       security purposes), but rather to simply help create 'proper', clean
65       calls to GnuPG, and to implement key-listing parsing.  Please see
66       "Bidirectional Communication with Another Process" in perlipc to learn
67       how to deal with these methods.
68
69       Using this package to do message processing generally invovlves creat‐
70       ing a GnuPG::Interface object, creating a GnuPG::Handles object, set‐
71       ting some options in its options data member, and then calling a method
72       which invokes GnuPG, such as clearsign.  One then interacts with with
73       the handles appropriately, as described in "Bidirectional Communication
74       with Another Process" in perlipc.
75

OBJECT METHODS

77       Initialization Methods
78
79       new( %initialization_args )
80           This methods creates a new object.  The optional arguments are ini‐
81           tialization of data members; the initialization is done in a manner
82           according to the method created as described in "new_hash_init" in
83           Class::MethodMaker.
84
85       hash_init( %args ).
86           This methods work as described in "new_hash_init" in Class::Method‐
87           Maker.
88
89       Object Methods which use a GnuPG::Handles Object
90
91       list_public_keys( % )
92       list_sigs( % )
93       list_secret_keys( % )
94       encrypt( % )
95       encrypt_symmetrically( % )
96       sign( % )
97       clearsign( % )
98       detach_sign( % )
99       sign_and_encrypt( % )
100       decrypt( % )
101       verify( % )
102       import_keys( % )
103       export_keys( % )
104       recv_keys( % )
105       send_keys( % )
106           These methods each correspond directly to or are very similar to a
107           GnuPG command described in gpg.  Each of these methods takes a
108           hash, which currently must contain a key of handles which has the
109           value of a GnuPG::Handles object.  Another optional key is com‐
110           mand_args which should have the value of an array reference; these
111           arguments will be passed to GnuPG as command arguments.  These com‐
112           mand arguments are used for such things as determining the keys to
113           list in the export_keys method.  Please note that GnuPG command
114           arguments are not the same as GnuPG options.  To understand what
115           are options and what are command arguments please read "COMMANDS"
116           in gpg and "OPTIONS" in gpg.
117
118           Each of these calls returns the PID for the resulting GnuPG
119           process.  One can use this PID in a "waitpid" call instead of a
120           "wait" call if more precise process reaping is needed.
121
122           These methods will attach the handles specified in the handles
123           object to the running GnuPG object, so that bidirectional communi‐
124           cation can be established.  That is, the optionally-defined stdin,
125           stdout, stderr, status, logger, and passphrase handles will be
126           attached to GnuPG's input, output, standard error, the handle cre‐
127           ated by setting status-fd, the handle created by setting logger-fd,
128           and the handle created by setting passphrase-fd respectively.  This
129           tying of handles of similar to the process done in IPC::Open3.
130
131           If you want the GnuPG process to read or write directly to an
132           already-opened filehandle, you cannot do this via the normal
133           IPC::Open3 mechanisms.  In order to accomplish this, set the appro‐
134           priate handles data member to the already-opened filehandle, and
135           then set the option direct to be true for that handle, as described
136           in "options" in GnuPG::Handles.  For example, to have GnuPG read
137           from the file input.txt and write to output.txt, the following
138           snippet may do:
139
140             my $infile  = IO::File->new( 'input.txt.' );
141             my $outfile = IO::File->new( 'output.txt' );
142             my $handles = GnuPG::Handles->new( stdin  => $infile,
143                                                stdout => $outfile,
144                                              );
145             $handles->options( 'stdin'  )->{direct} = 1;
146             $handles->options( 'stdout' )->{direct} = 1;
147
148           If any handle in the handles object is not defined, GnuPG's input,
149           output, and standard error will be tied to the running program's
150           standard error, standard output, or standard error.  If the status
151           or logger handle is not defined, this channel of communication is
152           never established with GnuPG, and so this information is not gener‐
153           ated and does not come into play.  If the passphrase data member
154           handle of the handles object is not defined, but the the passphrase
155           data member handle of GnuPG::Interface object is, GnuPG::Interface
156           will handle passing this information into GnuPG for the user as a
157           convience.  Note that this will result in GnuPG::Interface storing
158           the passphrase in memory, instead of having it simply
159           'pass-through' to GnuPG via a handle.
160
161       Other Methods
162
163       get_public_keys( @search_strings )
164       get_secret_keys( @search_strings )
165       get_public_keys_with_sigs( @search_strings )
166           These methods create and return objects of the type GnuPG::Pub‐
167           licKey or GnuPG::SecretKey respectively.  This is done by parsing
168           the output of GnuPG with the option with-colons enabled.  The
169           objects created do or do not have signature information stored in
170           them, depending if the method ends in _sigs; this separation of
171           functionality is there because of performance hits when listing
172           information with signatures.
173
174       test_default_key_passphrase()
175           This method will return a true or false value, depending on whether
176           GnuPG reports a good passphrase was entered while signing a short
177           message using the values of the passphrase data member, and the
178           default key specified in the options data member.
179

Invoking GnuPG with a custom call

181       GnuPG::Interface attempts to cover a lot of the commands of GnuPG that
182       one would want to perform; however, there may be a lot more calls that
183       GnuPG is and will be capable of, so a generic command interface is pro‐
184       vided, "wrap_call".
185
186       wrap_call( %args )
187           Call GnuPG with a custom command.  The %args hash must contain at
188           least the following keys:
189
190           commands
191               The value of this key in the hash must be a reference to a a
192               list of commands for GnuPG, such as "[ qw( --encrypt --sign )
193               ]".
194
195           handles
196               As with most other GnuPG::Interface methods, handles must be a
197               GnuPG::Handles object.
198
199           The following keys are optional.
200
201           command_args
202               As with other GnuPG::Interface methods, the value in hash for
203               this key must be a reference to a list of arguments to be
204               passed to the GnuPG command, such as which keys to list in a
205               key-listing.
206

OBJECT DATA MEMBERS

208       Note that these data members are interacted with via object methods
209       created using the methods described in "get_set" in Class::MethodMaker,
210       or "object" in Class::MethodMaker.  Please read there for more informa‐
211       tion.
212
213       call
214           This defines the call made to invoke GnuPG.  Defaults to 'gpg';
215           this should be changed if 'gpg' is not in your path, or there is a
216           different name for the binary on your system.
217
218       passphrase
219           In order to lessen the burden of using handles by the user of this
220           package, setting this option to one's passphrase for a secret key
221           will allow the package to enter the passphrase via a handle to
222           GnuPG by itself instead of leaving this to the user.  See also
223           "passphrase" in GnuPG::Handles.
224
225       options
226           This data member, of the type GnuPG::Options; the setting stored in
227           this data member are used to determine the options used when call‐
228           ing GnuPG via any of the object methods described in this package.
229           See GnuPG::Options for more information.
230

EXAMPLES

232       The following setup can be done before any of the following examples:
233
234         use IO::Handle;
235         use GnuPG::Interface;
236
237         my @original_plaintext = ( "How do you doo?" );
238         my $passphrase = "Three Little Pigs";
239
240         my $gnupg = GnuPG::Interface->new();
241
242         $gnupg->options->hash_init( armor    => 1,
243                                     recipients => [ 'ftobin@uiuc.edu',
244                                                     '0xABCD1234' ],
245                                     meta_interactive( 0 ),
246                                   );
247
248       Encrypting
249
250         # We'll let the standard error of GnuPG pass through
251         # to our own standard error, by not creating
252         # a stderr-part of the $handles object.
253         my ( $input, $output ) = ( IO::Handle->new(),
254                                    IO::Handle->new() );
255
256         my $handles = GnuPG::Handles->new( stdin    => $input,
257                                            stdout   => $output );
258
259         # this sets up the communication
260         # Note that the recipients were specified earlier
261         # in the 'options' data member of the $gnupg object.
262         my $pid = $gnupg->encrypt( handles => $handles );
263
264         # this passes in the plaintext
265         print $input @original_plaintext;
266
267         # this closes the communication channel,
268         # indicating we are done
269         close $input;
270
271         my @ciphertext = <$output>;  # reading the output
272
273         waitpid $pid, 0;  # clean up the finished GnuPG process
274
275       Signing
276
277         # This time we'll catch the standard error for our perusing
278         my ( $input, $output, $error ) = ( IO::Handle->new(),
279                                            IO::Handle->new(),
280                                            IO::Handle->new(),
281                                          );
282
283         my $handles = GnuPG::Handles->new( stdin    => $input,
284                                            stdout   => $output,
285                                            stderr   => $error,
286                                          );
287
288         # indicate our pasphrase through the
289         # convience method
290         $gnupg->passphrase( $passphrase );
291
292         # this sets up the communication
293         my $pid = $gnupg->sign( handles => $handles );
294
295         # this passes in the plaintext
296         print $input @original_plaintext;
297
298         # this closes the communication channel,
299         # indicating we are done
300         close $input;
301
302         my @ciphertext   = <$output>;  # reading the output
303         my @error_output = <$error>;   # reading the error
304
305         close $output;
306         close $error;
307
308         waitpid $pid, 0;  # clean up the finished GnuPG process
309
310       Decryption
311
312         # This time we'll catch the standard error for our perusing
313         # as well as passing in the passphrase manually
314         # as well as the status information given by GnuPG
315         my ( $input, $output, $error, $passphrase_fh, $status_fh )
316           = ( IO::Handle->new(),
317               IO::Handle->new(),
318               IO::Handle->new(),
319               IO::Handle->new(),
320               IO::Handle->new(),
321             );
322
323         my $handles = GnuPG::Handles->new( stdin      => $input,
324                                            stdout     => $output,
325                                            stderr     => $error,
326                                            passphrase => $passphrase_fh,
327                                            status     => $status_fh,
328                                          );
329
330         # this time we'll also demonstrate decrypting
331         # a file written to disk
332         # Make sure you "use IO::File" if you use this module!
333         my $cipher_file = IO::File->new( 'encrypted.gpg' );
334
335         # this sets up the communication
336         my $pid = $gnupg->decrypt( handles => $handles );
337
338         # This passes in the passphrase
339         print $passphrase_fd $passphrase;
340         close $passphrase_fd;
341
342         # this passes in the plaintext
343         print $input $_ while <$cipher_file>
344
345         # this closes the communication channel,
346         # indicating we are done
347         close $input;
348         close $cipher_file;
349
350         my @plaintext    = <$output>;   # reading the output
351         my @error_output = <$error>;    # reading the error
352         my @status_info  = <$status_fh> # read the status info
353
354         # clean up...
355         close $output;
356         close $error;
357         close $status_fh;
358
359         waitpid $pid, 0;  # clean up the finished GnuPG process
360
361       Printing Keys
362
363         # This time we'll just let GnuPG print to our own output
364         # and read from our input, because no input is needed!
365         my $handles = GnuPG::Handles->new();
366
367         my @ids = [ 'ftobin', '0xABCD1234' ];
368
369         # this time we need to specify something for
370         # command_args because --list-public-keys takes
371         # search ids as arguments
372         my $pid = $gnupg->list_public_keys( handles      => $handles,
373                                             command_args => [ @ids ]  );
374
375          waitpid $pid, 0;
376
377       Creating GnuPG::PublicKey Objects
378
379         my @ids = [ 'ftobin', '0xABCD1234' ];
380
381         my @keys = $gnupg->get_public_keys( @ids );
382
383         # no wait is required this time; it's handled internally
384         # since the entire call is encapsulated
385
386       Custom GnuPG call
387
388         # assuming $handles is a GnuPG::Handles object
389         my $pid = $gnupg->wrap_call
390           ( commands     => [ qw( --list-packets ) ],
391             command_args => [ qw( test/key.1.asc ) ],
392             handles      => $handles,
393           );
394
395           my @out = <$handles->stdout()>;
396           waitpid $pid, 0;
397

FAQ

399       How do I get GnuPG::Interface to read/write directly from a filehandle?
400           You need to set GnuPG::Handles direct option to be true for the
401           filehandles in concern.  See "options" in GnuPG::Handles and
402           "Object Methods which use a GnuPG::Handles Object" for more infor‐
403           mation.
404
405       Why do you make it so difficult to get GnuPG to write/read from a file‐
406       handle?  In the shell, I can just call GnuPG with the --outfile option!
407           There are lots of issues when trying to tell GnuPG to read/write
408           directly from a file, such as if the file isn't there, or there is
409           a file, and you want to write over it!  What do you want to happen
410           then?  Having the user of this module handle these questions
411           beforehand by opening up filehandles to GnuPG lets the user know
412           fully what is going to happen in these circumstances, and makes the
413           module less error-prone.
414
415       When having GnuPG process a large message, sometimes it just hanges
416       there.
417           Your problem may be due to buffering issues; when GnuPG
418           reads/writes to non-direct filehandles (those that are sent to
419           filehandles which you read to from into memory, not that those
420           access the disk), buffering issues can mess things up.  I recommend
421           looking into "options" in GnuPG::Handles.
422

NOTES

424       This package is the successor to PGP::GPG::MessageProcessor, which I
425       found to be too inextensible to carry on further.  A total redesign was
426       needed, and this is the resulting work.
427
428       After any call to a GnuPG-command method of GnuPG::Interface in which
429       one passes in the handles, one should all wait to clean up GnuPG from
430       the process table.
431

BUGS

433       Currently there are problems when transmitting large quantities of
434       information over handles; I'm guessing this is due to buffering issues.
435       This bug does not seem specific to this package; IPC::Open3 also
436       appears affected.
437
438       I don't know yet how well this modules handles parsing OpenPGP v3 keys.
439

SEE ALSO

441       GnuPG::Options, GnuPG::Handles, GnuPG::PublicKey, GnuPG::SecretKey,
442       gpg, Class::MethodMaker, "Bidirectional Communication with Another
443       Process" in perlipc
444

AUTHOR

446       Frank J. Tobin, ftobin@cpan.org
447

PACKAGE UPDATES

449       Package updates may be found on http://GnuPG-Interface.sourceforge.net/
450       or CPAN, http://www.cpan.org/.
451
452
453
454perl v5.8.8                       2001-08-21               GnuPG::Interface(3)
Impressum