Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.6.8

Bug #15593 GPG::decrypt always throws exception
Submitted: 2009-01-09 22:30 UTC
From: qexx Assigned: gauthierm
Status: Closed Package: Crypt_GPG (version 1.0.0RC1)
PHP Version: 5.2.4 OS: Ubuntu 8.04.1
Roadmaps: (Not assigned)    

 [2009-01-09 22:30 UTC] qexx (Stanislav Mazhara)
Description: ------------ I believe problems stems from the fact that my version of gpg (1.4.6) does not return DECRYPTION_OKAY status line upon successful decryption. Instead it returns GOODSIG and VALIDSIG. Applying this: --- DecryptStatusHandler.php.orig 2009-01-09 12:41:09.000000000 -0800 +++ DecryptStatusHandler.php 2009-01-09 14:24:59.000000000 -0800 @@ -225,6 +225,7 @@ break; case 'DECRYPTION_OKAY': + case 'VALIDSIG': // this is the all-clear signal $this->decryptionOkay = true; break; seems to have solved my problem. Test script: --------------- <?php require_once 'Crypt/GPG.php'; $gpg = new Crypt_GPG(array('debug' => true)); $gpg->addSignKey('alice'); $signed = $gpg->sign('we are the champions...'); $gpg->verify($signed); var_dump($gpg->decrypt($signed)); ?> Expected result: ---------------- string(23) "we are the champions..." Actual result: -------------- Fatal error: Uncaught Crypt_GPG_Exception: Unknown error decrypting data. in /usr/share/php/Crypt/GPG.php on line 1705 #0 /usr/share/php/Crypt/GPG.php(1705): Crypt_GPG_DecryptStatusHandler->throwException() #1 /usr/share/php/Crypt/GPG.php(969): Crypt_GPG->_decrypt('-----BEGIN PGP ...', false, NULL) #2 /home/qexx/test.php(9): Crypt_GPG->decrypt('-----BEGIN PGP ...') #3 {main} thrown in /usr/share/php/Crypt/GPG/DecryptStatusHandler.php on line 312


 [2009-01-11 20:07 UTC] gauthierm (Michael Gauthier)
I was able to reproduce this. It only occurs when you decrypt signed data rather than encrypted data. The sign command by default produces compressed, but not encrypted data. See The decrypt command in this case is just uncompressing and validating the signature, no decryption takes place. I will make Crypt_GPG behave as the gpg command does and allow passing signed data to the decrypt command.
 [2009-01-12 23:42 UTC] qexx (Stanislav Mazhara)
AFAIK, --decrypt is the only way to extract signed data from normal/attached signature. --verify just tells you that signature is ok, but does not reveal plaintext. Thanks for taking care of this.
 [2009-01-22 02:37 UTC] gauthierm (Michael Gauthier)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on by the end of next Sunday (CET). If this was a problem with the website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. I took a slightly different approach than your patch. See The reason for doing it this way is non-encrypted data with a bad signature will still be decompressed properly. A test case is also added. Thanks for your report!