Crypt::OpenPGP encryption signature

ksublondie has asked for the wisdom of the Perl Monks concerning the following question:

I'm new to pgp and don't know where I'm going wrong. I have a script that transfers pgp files back & forth using ftp and encrypts and decrypts as needed using existing key files.

The current problem I have is signing while encrypting. I can encrypt just fine, but if I try to sign it during the encryption, I get the following error:

Could not find secret key with KeyID ....
[download]

Here's the code:

my $mysecring = Crypt::OpenPGP::KeyRing->new(Filename => $CONFIG{priva
+tekey}) or handleError( "Error: ".Crypt::OpenPGP::KeyRing->errstr,1);
my $mypubring = Crypt::OpenPGP::KeyRing->new(Filename => $CONFIG{publi
+ckey}) or handleError( "Error: ".Crypt::OpenPGP::KeyRing->errstr,1);
my $theirpubring = Crypt::OpenPGP::KeyRing->new(Filename => $CONFIG{ic
+skey}) or handleError( "Error: ".Crypt::OpenPGP::KeyRing->errstr,1);
my $pgp = Crypt::OpenPGP->new(
        SecRing=>$mysecring,
        PubRing=>$theirpubring,
    ) or handleError( "there was a problem creating constructor\n\n".C
+rypt::OpenPGP->errstr,1);
opendir(DIR, $CONFIG{ToDir}) or handleError( "Unable to open directory
+ $CONFIG{ToDir}: $!",1);
my @directory = grep { !(/pgp/) && -f "$CONFIG{ToDir}/$_"} readdir(DIR
+);
closedir(DIR) or handleError( "Unable to close directory $CONFIG{ToDir
+}: $!",1);
print "found ".(scalar @directory)." items\n";
foreach (@directory){
    print "encrypting $_\n";
        
    my $encryption=$pgp->encrypt(
            Filename=>$CONFIG{ToDir}.'/'.$_,
            SignKeyID=>$keyid,
            SignPassphrase=>$pass,
        ) or handleError( "there was a problem encrypting the file\n\n
+".$pgp->errstr);
    open FILE,'>'.$CONFIG{ToDir}.'/'.$_.'.pgp';
    print FILE $encryption;
    close FILE;
    }
}
[download]

Part (or rather most) of the problem is that I'm not sure what value I need to pass to SignKeyID: is it supposed to be a Crypt::OpenPGP::KeyBlock? a Crypt::OpenPGP::Signature? a string? I've tried setting it to $mysecring, a string of the file location, the secring's 8 char hex keyid, Fingerprint, userid, the 16 char hex subkeyid (all taken from the secring certificate details).

Delving into both the Crypt::OpenPGP documentation and code hasn't given me the answer...at least not one I can wrap my brain around.

Can someone enlighten me with what I'm doing wrong?

update: $mysecring and $mypubring make up the key pairs for my certificate -- $theirpubring is the public key for the party I'm sending the encrypted file to.

Comment on Crypt::OpenPGP encryption signature Select or Download Code

Replies are listed 'Best First'.

Re: Crypt::OpenPGP encryption signature
by Athanasius (Archbishop) on Mar 27, 2013 at 04:30 UTC

I’m not familiar with the Crypt::OpenPGP module, but from the sourcecode:

sub encrypt {
    ...
    if ($param{SignKeyID}) {
        $ptdata = $pgp->sign(
        ...
        KeyID => $param{SignKeyID},
        ...
[download]

and from the documentation for $pgp->sign( %args ):

%args can contain:

...

KeyID
The ID of the secret key that should be used to sign the message. The value of the key ID should be specified as a 16-digit hexadecimal number.
This argument is mandatory.

So SignKeyID is required to be a 16-digit hexadecimal number. I hope this is helpful.

Athanasius <°(((>< contra mundum Iustus alius egestas vitae, eros Piratica,

[reply]
[d/l]
[select]

Re: Crypt::OpenPGP encryption signature
by sundialsvc4 (Abbot) on Mar 27, 2013 at 13:27 UTC

I suggest that you start with acquiring a basic understanding of how the GPG/PGP system works. The system uses a “key ring” in which both public and private keys are stored. It refers to both of these keys by means of a 16-hex-digit “ID,” and an 8-hex-digit “short ID” which is simply the right-hand half of the first. There is also a “fingerprint” which consists of a string of 4-hex-digit groups. All references to keys are made by long or short ID.

It would appear either that the appropriate secret-key is not on the key-ring, or that at some point the Perl code does not know where to locate the key-ring file. Commands such as gpg --list-secret-keys should be able to show you what keys your system knows about. This is also how keys are managed on keyservers.

GPG is a sufficiently-different system, with its “web of trust” concept and so on, that you should pause and spend some time getting to know its mind-set. GPG implements the notions of code-signing and so forth without the assumption that there is, or ever could be, a central, über-trustworthy “certifying authority.” Thawte & Co. would have no money to earn from it.

Re: Crypt::OpenPGP encryption signature
by ksublondie (Friar) on Mar 28, 2013 at 18:10 UTC

Well, come to find out, I'm trying to use a DSA key which apparently isn't supported in Crypt::OpenPGP. Back to the drawing board.

[reply]

Re^2: Crypt::OpenPGP encryption signature

by radiantmatrix (Parson) on Jun 30, 2013 at 20:12 UTC

Why not create a module which simply invokes GnuPG's gpg command for your needs? If and when there is a Perl module with more complete support, you can revise your module to use it.

<–radiant.matrix–>
Ramblings and references
“A positive attitude may not solve all your problems, but it will annoy enough people to make it worth the effort.” — Herm Albright
I haven't found a problem yet that can't be solved by a well-placed trebuchet

[reply]

Re^3: Crypt::OpenPGP encryption signature

by Anonymous Monk on Jun 30, 2013 at 20:42 UTC

Why not create a module which simply invokes GnuPG's gpg command for your needs? If and when there is a Perl module with more complete support, you can revise your module to use it.

beecause eeet eexists :) GnuPG - Perl module interface to the GNU Privacy Guard (v1.x.x series)
GnuPG::Interface - Perl interface to GnuPG

[reply]


The stupid question is the question not asked
	PerlMonks