Checking cleanliness of openPGP keys
Hello all,
I'm reading the documentation at http://au2.php.net/manual/en/ref.gnupg.php and I'm not sure how to accomplish the following:
My code will encrypt messages but not decrypt or sign them. This means I will not need anyone's private key. More to the point, I don't want anyone to give me their private key.
When someone sends me a key file, I want to detect the presence of the private information and reject the key in this case, all without ever adding the key to the keychain.
I expect that the 'secretimported' field of the returned array of gnupg_import will tell me this, but that requires temporarily adding the key to the chain. This is unacceptable since the key would me momentarilly visible to a seperate, compromised part of the site. Is there a way to scan the key without importing it?
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement