• Advertisement
Sign in to follow this  

Checking cleanliness of openPGP keys

This topic is 3582 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hello all, I'm reading the documentation at http://au2.php.net/manual/en/ref.gnupg.php and I'm not sure how to accomplish the following: My code will encrypt messages but not decrypt or sign them. This means I will not need anyone's private key. More to the point, I don't want anyone to give me their private key. When someone sends me a key file, I want to detect the presence of the private information and reject the key in this case, all without ever adding the key to the keychain. I expect that the 'secretimported' field of the returned array of gnupg_import will tell me this, but that requires temporarily adding the key to the chain. This is unacceptable since the key would me momentarilly visible to a seperate, compromised part of the site. Is there a way to scan the key without importing it?

Share this post


Link to post
Share on other sites
Advertisement
Sign in to follow this  

  • Advertisement