Hi PHPers,
I've been fighting with gnupg_verify for days now and cannot understand how
it works. It returns an array in the form of:
array ( 0 => array ( 'fingerprint' => 'BLABLABLA' 'validity' => 0
'timestamp' => 1402666925 'status' => 117440521 'summary' => 128 ) )
I don't understand which part of the array actually shows us that the
verification went well. Do I have to compare the fingerprint or the status
is enough. But then I get different statuses and don't know what they all
mean. Same with summary. On other occasions I get different unexplainable
results like status=>0 validity=>4. There is no documentation on what each
of these means.
Thanks for you help!
Regards,
Tsvetan
Tsvetan Nikolov wrote:
I've been fighting with gnupg_verify for days now and cannot understand how
it works. It returns an array in the form of:array ( 0 => array ( 'fingerprint' => 'BLABLABLA' 'validity' => 0
'timestamp' => 1402666925 'status' => 117440521 'summary' => 128 ) )I don't understand which part of the array actually shows us that the
verification went well. Do I have to compare the fingerprint or the status
is enough. But then I get different statuses and don't know what they all
mean. Same with summary. On other occasions I get different unexplainable
results like status=>0 validity=>4. There is no documentation on what each
of these means.
According to http://www.php.net/manual/en/function.gnupg-verify.php:
| Verifies the given signed_text and returns information about the
| signature.
| ...
| On success, this function returns information about the signature. On
| failure, this function returns FALSE.
So for basic verification it should suffice to check that the return
value !== false.
[xpost & fup2 php-general@lists.php.net]
--
Christoph M. Becker
Thanks Christoph,
This is not sufficient. It returns false only if I enter some random
string. If I try to verify signed text with random signature then it always
returns an array with some data, which in my case doesn't work because I
would like to varify that the text is signed with specific signature and
not with any signature. That's the point of gpg! In this case php returns
array irrespective of which signature is used to sign the text.
Thanks,
Tsvetan
Tsvetan Nikolov wrote:
I've been fighting with gnupg_verify for days now and cannot understand
how
it works. It returns an array in the form of:array ( 0 => array ( 'fingerprint' => 'BLABLABLA' 'validity' => 0
'timestamp' => 1402666925 'status' => 117440521 'summary' => 128 ) )I don't understand which part of the array actually shows us that the
verification went well. Do I have to compare the fingerprint or the
status
is enough. But then I get different statuses and don't know what they all
mean. Same with summary. On other occasions I get different unexplainable
results like status=>0 validity=>4. There is no documentation on what
each
of these means.According to http://www.php.net/manual/en/function.gnupg-verify.php:
| Verifies the given signed_text and returns information about the
| signature.
| ...
| On success, this function returns information about the signature. On
| failure, this function returns FALSE.So for basic verification it should suffice to check that the return
value !== false.[xpost & fup2 php-general@lists.php.net]
--
Christoph M. Becker