NAME

AnyEvent::GnuPG - AnyEvent-based interface to the GNU Privacy Guard

VERSION

version 1.001

SYNOPSIS

    use AnyEvent::GnuPG qw( :algo );

    my $gpg = AnyEvent::GnuPG->new();

    $gpg->encrypt(
        plaintext   => "file.txt",
        output      => "file.gpg",
        armor       => 1,
        sign        => 1,
        passphrase  => $secret
    );
    
    $gpg->decrypt(
        ciphertext    => "file.gpg",
        output        => "file.txt"
    );
    
    $gpg->clearsign(
        plaintext => "file.txt",
        output => "file.txt.asc",
        passphrase => $secret,
        armor => 1,
    );
    
    $gpg->verify(
        signature => "file.txt.asc",
        file => "file.txt"
    );
    
    $gpg->gen_key(
        name => "Joe Blow",
        comment => "My GnuPG key",
        passphrase => $secret,
    );

DESCRIPTION

AnyEvent::GnuPG is a perl interface to the GNU Privacy Guard. It uses the shared memory coprocess interface that gpg provides for its wrappers. It tries its best to map the interactive interface of the gpg to a more programmatic model.

METHODS

new(%params)

You create a new AnyEvent::GnuPG wrapper object by invoking its new method. (How original!). The module will try to finds the gpg program in your path and will croak if it can't find it. Here are the parameters that it accepts:

  • gnupg_path

    Path to the gpg program.

  • options

    Path to the options file for gpg. If not specified, it will use the default one (usually ~/.gnupg/options).

  • homedir

    Path to the gpg home directory. This is the directory that contains the default options file, the public and private key rings as well as the trust database.

Example:

    my $gpg = AnyEvent::GnuPG->new();

version

This method returns the current gpg version as list.

    my @version = $gpg->version;
    # returns ( 1, 4, 18 ) for example

version_cb

Asynchronous variant of "version".

gen_key(%params)

This methods is used to create a new gpg key pair. The methods croaks if there is an error. It is a good idea to press random keys on the keyboard while running this methods because it consumes a lot of entropy from the computer. Here are the parameters it accepts:

  • algo

    This is the algorithm use to create the key. Can be DSA_ELGAMAL, DSA, RSA_RSA or RSA. It defaults to DSA_ELGAMAL. To import those constant in your name space, use the :algo tag.

  • size

    The size of the public key. Defaults to 1024. Cannot be less than 768 bits, and keys longer than 2048 are also discouraged. (You *DO* know that your monitor may be leaking sensitive information ;-).

  • valid

    How long the key is valid. Defaults to 0 or never expire.

  • name

    This is the only mandatory argument. This is the name that will used to construct the user id.

  • email

    Optional email portion of the user id.

  • comment

    Optional comment portion of the user id.

  • passphrase

    The passphrase that will be used to encrypt the private key. Optional but strongly recommended.

Example:

    $gpg->gen_key(
        algo => DSA_ELGAMAL,
        size => 1024,
        name => "My name"
    );

gen_key_cb(%params[, cb => $callback|$condvar])

Asynchronous variant of "gen_key".

import_keys(%params)

Import keys into the GnuPG private or public keyring. The method croaks if it encounters an error. Parameters:

  • keys

    Only parameter and mandatory. It can either be an ArrayRef containing a list of files that will be imported or a single file name or anything else that "pull" in AnyEvent::Proc accepts.

Example:

    $gpg->import_keys(
        keys => [qw[ key.pub key.sec ]]
    );

import_keys_cb(%args[, cb => $callback|$condvar])

Asynchronous variant of "import_keys". It returns the number of keys imported.

import_key($string)

Import one single key into the GnuPG private or public keyring. The method croaks if it encounters an error.

Example:

    $gpg->import_keys($string);

import_key_cb($string[, $callback|$condvar])

Asynchronous variant of "import_key".

export_keys(%params)

Exports keys from the GnuPG keyrings. The method croaks if it encounters an error. Parameters:

  • keys

    Optional argument that restricts the keys that will be exported. Can either be a user id or a reference to an array of userid that specifies the keys to be exported. If left unspecified, all keys will be exported.

  • secret

    If this argument is to true, the secret keys rather than the public ones will be exported.

  • all

    If this argument is set to true, all keys (even those that aren't OpenPGP compliant) will be exported.

  • output

    This argument specifies where the keys will be exported. Can be either a file name or anything else that "pipe" in AnyEvent::Proc accepts.

  • armor

    Set this parameter to true, if you want the exported keys to be ASCII armored.

Example:

    $gpg->export_keys(
        armor => 1,
        output => "keyring.pub"
    );

export_keys_cb(%params[, cb => $callback|$condvar])

Asynchronous variant of "export_keys".

encrypt(%params)

This method is used to encrypt a message, either using assymetric or symmetric cryptography. The methods croaks if an error is encountered. Parameters:

  • plaintext

    This argument specifies what to encrypt. It can be either a file name or anything else that "pull" in AnyEvent::Proc accepts.

  • output

    This optional argument specifies where the ciphertext will be output. It can be either a file name or anything else that "pipe" in AnyEvent::Proc acceptse.

  • armor

    If this parameter is set to true, the ciphertext will be ASCII armored.

  • symmetric

    If this parameter is set to true, symmetric cryptography will be used to encrypt the message. You will need to provide a passphrase parameter.

  • recipient

    If not using symmetric cryptography, you will have to provide this parameter. It should contains the userid of the intended recipient of the message. It will be used to look up the key to use to encrypt the message. The parameter can also take an array ref, if you want to encrypt the message for a group of recipients.

  • sign

    If this parameter is set to true, the message will also be signed. You will probably have to use the passphrase parameter to unlock the private key used to sign message. This option is incompatible with the symmetric one.

  • local-user

    This parameter is used to specified the private key that will be used to sign the message. If left unspecified, the default user will be used. This option only makes sense when using the sign option.

  • passphrase

    This parameter contains either the secret passphrase for the symmetric algorithm or the passphrase that should be used to decrypt the private key.

Example:

    $gpg->encrypt(
        plaintext => file.txt,
        output => "file.gpg",
        sign => 1,
        passphrase => $secret
    );

encrypt_cb(%params[, cb => $callback|$condvar])

Asynchronous variant of "encrypt".

sign(%params)

This method is used create a signature for a file or stream of data.

This method croaks on errors. Parameters:

  • plaintext

    This argument specifies what to sign. It can be either a file name or anything else that "pull" in AnyEvent::Proc accepts.

  • output

    This optional argument specifies where the signature will be output. It can be either a file name or anything else that "pipe" in AnyEvent::Proc accepts.

  • armor

    If this parameter is set to true, the signature will be ASCII armored.

  • passphrase

    This parameter contains the secret that should be used to decrypt the private key.

  • local-user

    This parameter is used to specified the private key that will be used to make the signature. If left unspecified, the default user will be used.

  • detach-sign

    If set to true, a digest of the data will be signed rather than the whole file.

Example:

    $gpg->sign(
        plaintext => "file.txt",
        output => "file.txt.asc",
        armor => 1
    );

sign_cb(%params[, cb => $callback|$condvar])

Asynchronous variant of "sign".

clearsign(%params)

This methods clearsign a message. The output will contains the original message with a signature appended. It takes the same parameters as the "sign" method.

clearsign_cb(%params[, cb => $callback|$condvar])

Asynchronous variant of "clearsign".

verify(%params)

This method verifies a signature against the signed message. The methods croaks if the signature is invalid or an error is encountered. If the signature is valid, it returns an hash with the signature parameters. Here are the method's parameters:

  • signature

    If the message and the signature are in the same file (i.e. a clearsigned message), this parameter can be either a file name or anything else that "pull" in AnyEvent::Proc accepts.

    If the signature doesn't follows the message, than it must be the name of the file that contains the signature and the parameter file must be used to name the signed data.

  • file

    This is the name of a file or an ArrayRef of file names that contains the signed data.

When the signature is valid, here are the elements of the hash that is returned by the method:

  • sigid

    The signature id. This can be used to protect against replay attack.

  • date

    The data at which the signature has been made.

  • timestamp

    The epoch timestamp of the signature.

  • keyid

    The key id used to make the signature.

  • user

    The userid of the signer.

  • fingerprint

    The fingerprint of the signature.

  • trust

    The trust value of the public key of the signer. Those are values that can be imported in your namespace with the :trust tag. They are (TRUST_UNDEFINED, TRUST_NEVER, TRUST_MARGINAL, TRUST_FULLY, TRUST_ULTIMATE).

Example:

    my $sig = $gpg->verify(
        signature => "file.txt.asc",
        file => "file.txt"
    );

verify_cb(%params[, cb => $callback|$condvar])

Asynchronous variant of "verify".

decrypt(%params)

This method decrypts an encrypted message. It croaks, if there is an error while decrypting the message. If the message was signed, this method also verifies the signature. If decryption is sucessful, the method either returns the valid signature parameters if present, or true. Method parameters:

  • ciphertext

    This optional parameter contains either the name of the file containing the ciphertext or a reference to a file handle containing the ciphertext.

  • output

    This optional parameter determines where the plaintext will be stored. It can be either a file name or anything else that "pipe" in AnyEvent::Proc accepts.

  • symmetric

    This should be set to true, if the message is encrypted using symmetric cryptography.

  • passphrase

    The passphrase that should be used to decrypt the message (in the case of a message encrypted using a symmetric cipher) or the secret that will unlock the private key that should be used to decrypt the message.

Example:

    $gpg->decrypt(
        ciphertext => "file.gpg",
        output => "file.txt",
        passphrase => $secret
    );

decrypt_cb(%params[, cb => $callback|$condvar])

Asynchronous variant of "decrypt".

API OVERVIEW

The API is accessed through methods on a AnyEvent::GnuPG object which is a wrapper around the gpg program. All methods takes their argument using named parameters, and errors are returned by throwing an exception (using croak). If you wan't to catch errors you will have to use eval or Try::Tiny.

This modules uses AnyEvent::Proc. For input data, all of "pull" in AnyEvent::Proc and for output data, all of "pipe" in AnyEvent::Proc possible handle types are allowed.

The code is based on GnuPG with API compatibility except that GnuPG::Tie is not ported.

CALLBACKS AND CONDITION VARIABLES

Every method has a callback variant, suffixed with _cb. These methods accept an optional parameter called cb, which can be a CodeRef or an AnyEvent::CondVar and returns a condvar.

    $gpg->method_cb(%params, cb => sub {
        my $result = shift->recv; # croaks on error
        ...
    });

    my $cv = $gpg->method_cb(%params);
    my $result = $cv->recv; # croaks on error
    ...

The non-callback variants are all wrapper methods, looking something like this:

    sub method {
        shift->method_cb(@_)->recv
    }

EXPORTS

Nothing by default. Available tags:

  • :algo

    RSA_RSA DSA_ELGAMAL DSA RSA

  • :trust

    TRUST_UNDEFINED TRUST_NEVER TRUST_MARGINAL TRUST_FULLY TRUST_ULTIMATE

BUGS AND LIMITATIONS

This module doesn't work (yet) with the v2 branch of GnuPG.

SEE ALSO

BUGS

Please report any bugs or feature requests on the bugtracker website https://github.com/zurborg/libanyevent-gnupg-perl/issues

When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature.

AUTHORS

  • Francis J. Lacoste <francis.lacoste@Contre.COM>

  • David Zurborg <zurborg@cpan.org>

COPYRIGHT AND LICENSE

This software is Copyright (c) 2014 by David Zurborg.

This is free software, licensed under:

  The GNU General Public License, Version 3, June 2007