. * *************************************************************/ // check that data has arrived here via HTTPS if ($_SERVER['HTTPS'] != "on") { die ("Use a secure HTTPS connection to the server. Aborting ..."); } // use GET only without data if (strtoupper($_SERVER['REQUEST_METHOD']) != "POST") { //check if there is a query string, then abort. if (count($_GET) != 0){ die ("Always use POST to prevent recording of query strings. Aborting ..."); } } if (! is_file("gpgconfig.php")){ die ("Config file does not exist."); } require_once('gpgconfig.php'); if (! is_dir($GPGDIR)){ die ("GPG directory $GPGDIR does not exist."); } else { $ERRORFILE = $GPGDIR."/gpgerrors"; } if (! isset($KEYEXPORT)) { $KEYEXPORT = "no"; } if (! isset($SECRETKEYEXPORT)) { $SECRETKEYEXPORT = "no"; } // FUNCTIONS function listkeys ($gpghome, $type, $select, $export, $secretexport) { unix ("/usr/bin/gpg --homedir ".$gpghome." --update-trustdb"); if ($type == "secret") { echo "

Secret Keys

\n"; $KEYS = unix("/usr/bin/gpg --homedir ".$gpghome." --list-secret-keys --fingerprint"); } else { echo "

Public Keys

\n"; $KEYS = unix("/usr/bin/gpg --homedir ".$gpghome." --list-keys --fingerprint"); } $List = explode ("\n", $KEYS); if (count($List) < 2 ) { die ("

No keys available. Aborting ...

"); } echo "\n"; foreach ($List as $Line){ $START += 1; if (( substr_count($Line, "pub ") == 1) or(substr_count($Line, "sec ") == 1)){ $START = 0; $PUB = $Line; } if ( $START == 1) { $FP = substr($Line,24); } if ( $START == 2) { $UID = htmlentities(substr($Line,4)); } if ( $START == 3) { $SUB = $Line; echo ""; if ($select) { if ($type == "secret"){ echo " "; } else { echo " "; } } echo "\n"; if ($export == "yes") { if (($type == "secret") && ($secretexport == "yes")) { echo ""; } if ($type == "public") { echo ""; } } echo "\n"; } } echo "

".$PUB."
(".$FP.")
".$SUB."

".$UID."

export

export

\n"; } function addkeys ($gpghome, $key) { $CMD ="echo \"".$key."\" |/usr/bin/gpg --homedir ".$gpghome." --import"; $RESULT = unix($CMD); $ERR1 = strpos($RESULT,'No such file or directory'); $ERR2 = strpos($RESULT,'no valid OpenPGP data found'); if (! $ERR2 === false){ echo "

Please enter your key in ascii format.

"; } if (($ERR1 === false) && ($ERR2 === false) && (strlen($RESULT) > 0 )){ // success echo "

"; echo $RESULT; echo "\n"; listkeys($gpghome,"public",false); listkeys($gpghome,"secret",false); } else { echo "

Key import failed.

"; } } function removepubkey ($gpghome, $keyid) { $CMD ="/usr/bin/gpg --homedir ".$gpghome." --require-secmem --batch --no-tty --yes --delete-key \"".trim($keyid)."\""; $RESULT = unix($CMD); $ERR1 = strpos($RESULT,'can\'t open'); $ERR2 = strpos($RESULT,'not found:'); $ERR3 = strpos($RESULT,'there is a secret key for public key'); if (! $ERR1 === false){ echo "

Check file permissions on your keyring.

"; } if (! $ERR2 === false){ echo "

The key is not in your keyring.

"; } if (! $ERR3 === false){ echo "

You must remove the secret key first.

"; } if (($ERR1 === false) && ($ERR2 === false) && ($ERR3 === false)){ // success if (strlen($RESULT) > 6 ) { echo "

"; echo $RESULT; echo "\n"; } listkeys($gpghome,"public",false,"",""); } else { echo "

Removing a key failed.

"; } } function removeseckey ($gpghome, $keyid) { $keyid = str_replace(" ","",$keyid); $CMD ="/usr/bin/gpg --homedir ".$gpghome." --require-secmem --batch --no-tty --yes --delete-secret-key \"".trim($keyid)."\""; $RESULT = unix($CMD); $ERR1 = strpos($RESULT,'can\'t open'); $ERR2 = strpos($RESULT,'not found:'); if (! $ERR1 === false){ echo "

Check file permissions on your keyring.

"; } if (! $ERR2 === false){ echo "

The key is not in your keyring.

"; } if (($ERR1 === false) && ($ERR2 === false) ){ // success if (strlen($RESULT) > 6 ) { echo "

"; echo $RESULT; echo "\n"; } listkeys($gpghome,"secret",false,"",""); } else { echo "

Removing a key failed.

"; } } function createkeys ($gpghome, $name, $email, $secret) { $name = htmlentities($name, ENT_QUOTES); $email = htmlentities($email, ENT_QUOTES); $secret = htmlentities($secret, ENT_QUOTES); $CMD ="/usr/bin/gpg --homedir ".$gpghome." --gen-key --batch --logger-file ".$gpghome."/gpgerrors << EOF\n"; $CMD = $CMD."Key-Type: RSA\nKey-Length: 4096\nSubkey-Type: RSA\nSubkey-Length: 2048\nPassphrase: ".$secret."\nName-Real: ".$name."\nName-Email: ".$email."\nEOF\n"; unix("find / > /dev/null &"); $RESULT = unix($CMD); listkeys($gpghome, "secret", false,"",""); } // MAIN echo "

\n"; echo "

Key Management for User $USERID

\n"; if (! isset($_REQUEST['action'])) { echo "\n"; } else { if ($_REQUEST['action'] == "listpublic") { listkeys($GPGDIR, "public",false, $KEYEXPORT, $SECRETKEYEXPORT); } if ($_REQUEST['action'] == "listsecret") { listkeys($GPGDIR, "secret",false, $KEYEXPORT, $SECRETKEYEXPORT); } if ($_REQUEST['action'] == "addkeys") { if (isset($_REQUEST['keyblock'])) { if ($KEYSREADONLY != "yes") { addkeys($GPGDIR, $_REQUEST['keyblock']); } } else { // create form echo "\n"; } } if ($_REQUEST['action'] == "removepkey") { if (isset($_REQUEST['keyid'])) { if ($KEYSREADONLY != "yes") { removepubkey($GPGDIR, $_REQUEST['keyid']); } } else { // create form echo "\n"; } } if ($_REQUEST['action'] == "removeskey") { if (isset($_REQUEST['keyid'])) { if (($KEYSREADONLY != "yes") && ($DELETESECRETKEY == "yes" )) { removeseckey($GPGDIR, $_REQUEST['keyid']); } else { echo "\n

Deleting secret keys is not allowed.

\n"; } } else { // create form echo "\n"; } } if ($_REQUEST['action'] == "createkeys") { if (isset($_REQUEST['keyname']) and ($_REQUEST['keyemail']) and ($_REQUEST['keysecret'])) { if (($KEYSREADONLY != "yes") and ($KEYCREATION == "yes")) { createkeys($GPGDIR, $_REQUEST['keyname'], $_REQUEST['keyemail'], $_REQUEST['keysecret']); } else { echo "\n

Key creation is not allowed.

\n"; } } else { // create form echo "\n"; } } echo "

\n"; } echo "

"; ?>