NAME
Crypt::OpenPGP::Signature - Signature packet
SYNOPSIS
use Crypt::OpenPGP::Signature;
my $sig = Crypt::OpenPGP::Signature->new(
Key => $secret_key,
Data => $plaintext,
Type => 0x00,
);
my $serialized = $sig->save;
my $sig = Crypt::OpenPGP::Signature->parse($buffer);
my $hashed_data = $sig->hash_data($plaintext);
## Look up public key by $sig->key_id to get $cert, then...
my $is_valid_sig = $cert->key->verify($sig, $hashed_data);
DESCRIPTION
Crypt::OpenPGP::Signature implements PGP signature packets and provides functionality for hashing PGP packets to obtain message digests; these digests are then signed by the secret key to form a signature.
Crypt::OpenPGP::Signature reads and writes both version 3 and version 4 signatures, along with the signature subpackets found in version 4 (see Crypt::OpenPGP::Signature::SubPacket).
USAGE
Crypt::OpenPGP::Signature->new( %arg )
Creates a new signature packet object and returns that object. If there are no arguments in %arg, the object is created empty; this is used, for example, in parse (below), to create an empty packet which is then filled from the data in the buffer.
If you wish to initialize a non-empty object, %arg can contain:
Data
A PGP packet object of some kind. Currently the two supported objects are Crypt::OpenPGP::Certificate objects, to create self-signatures for keyrings, and Crypt::OpenPGP::Plaintext objects, for signatures on blocks of data.
This argument is required (for a non-empty packet).
Key
A secret-key certificate that can be used to sign the data. In other words an object of type Crypt::OpenPGP::Certificate that holds a secret key.
This argument is required.
Version
The packet format version of the signature. Valid values are either
3
or4
; version4
signatures are the default, but will be incompatible with older PGP implementations; for example, PGP2 will only read version 3 signatures; PGP5 can read version 4 signatures, but only on signatures of data packets (not on key signatures).This argument is optional; the default is version 4.
Type
Specifies the type of signature (data, key, etc.). Valid values can be found in the OpenPGP RFC, section 5.2.1.
This argument is optional; the default is
0x00
, signature of a binary document.Digest
The digest algorithm to use when generating the digest of the data to be signed. See the documentation for Crypt::OpenPGP::Digest for a list of valid values.
This argument is optional; the default is
SHA1
.
$sig->save
Serializes the signature packet and returns a string of octets.
Crypt::OpenPGP::Signature->parse($buffer)
Given $buffer, a Crypt::OpenPGP::Buffer object holding (or with offset pointing to) a signature packet, returns a new Crypt::OpenPGP::Signature object, initialized with the signature data in the buffer.
$sig->hash_data(@data)
Prepares a digital hash of the packets in @data; the hashing method depends on the type of packets in @data, and the hashing algorithm used depends on the algorithm associated with the Crypt::OpenPGP::Signature object $sig. This digital hash is then signed to produce the signature itself.
You generally do not need to use this method unless you have not passed in the Data parameter to new (above).
There are two possible packet types that can be included in @data:
Key Certificate and User ID
An OpenPGP keyblock contains a key certificate and a signature of the public key and user ID made by the secret key. This is called a self-signature. To produce a self-signature, @data should contain two packet objects: a Crypt::OpenPGP::Certificate object and a Crypt::OpenPGP::UserID object. For example:
my $hash = $sig->hash_data($cert, $id) or die $sig->errstr;
Plaintext
To sign a piece of plaintext, pass in a Crypt::OpenPGP::Plaintext object. This is a standard OpenPGP signature.
my $pt = Crypt::OpenPGP::Plaintext->new( Data => 'foo bar' ); my $hash = $sig->hash_data($pt) or die $sig->errstr;
$sig->key_id
Returns the ID of the key that created the signature.
$sig->timestamp
Returns the time that the signature was created in Unix epoch time (seconds since 1970).
$sig->digest
Returns a Crypt::OpenPGP::Digest object representing the digest algorithm used by the signature.
AUTHOR & COPYRIGHTS
Please see the Crypt::OpenPGP manpage for author, copyright, and license information.