Can gnu pg be controleed from a program that talks to it via stan din , stadout

[Werner Koch]

On Mon, 20 Mar 2000, Fernando, Robert (ELSLON) wrote:

> 	Is there an example / commands that allow privacy guard to work via
> stdin / stdout so that an automated system can verify a public key encrypted
> file is valid.

Here is an example on how to do something with signatures, may be you
can get some ideas from it.


#!/bin/bash
#	Copyright (C) 1999  Werner Koch
#
# This script is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This script is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
#

# Script to check the a OpenPGP signed tarball and extract it into
# a given directory.  Additional checks are done do make sure that
# files are only stored below the given directory.
#
# The format of the configuration file is
# Fingerprint  subdir  comment

pgm=proc-signed-tarball

usage () {
    echo "usage: $pgm [datafile|-]" >&2
    exit 1;
}

[ $# = 1 ] || usage

conffile=$HOME/etc/$pgm.conf
datafile=$1
tarball="/tmp/$pgm.$$.tar"

do_exit () {
    cleanup;
    exit $1;
}

cleanup () {
    [ -f $tarball ] && rm $tarball
}

trap "cleanup " 1 2 3 13 15


script_path=`grep -s "^PATH=" $conffile | sed -n '1 s/^PATH=\([^ ]*\).*/\1/p'`
[ -z "$script_path" ] && script_path=$PATH
sigidfile=`grep -s "^SIGIDFILE=" $conffile | sed -n '1 s/^SIGIDFILE=\([^ ]*\).*/\1/p'`
[ -z "$sigidfile" ] && sigidfile=$HOME/log/$pgm.sigid
workdir=`grep -s "^WORKDIR=" $conffile | sed -n '1 s/^WORKDIR=\([^ ]*\).*/\1/p'`
if [ -n "$workdir" ]; then
    if ! cd $workdir; then
	echo "$pgm: cd to workdir $workdir failed"  >&2
	do_exit 1;
    fi
fi

# Check the signature
eval `gpg --batch -o $tarball --status-fd 1 $datafile 2>/dev/null | awk '
    /^\[GNUPG:\] VALIDSIG/ { print "signed_by=" $3 ";" }
    /^\[GNUPG:\] SIG_ID/   { print "sig_id=" $3 "; sig_date=" $4 ";" }
     '`
echo "$pgm: signed_by=$signed_by"
echo "$pgm: sig_id=$sig_id sig_date=$sig_date"
if [ -z "$signed_by" ]; then
    echo "$pgm: $tarball has no valid signature."  >&2
    do_exit 1;
fi


if [ -z "$sig_id" ]; then
    echo "$pgm: installation error: invalid SIG_ID" >&2
    do_exit 1
fi

set -- `grep -s "^$signed_by" $conffile | head -1`
if [ -z "$1" ]; then
    echo "$pgm: Not in the list of allowed signatures."  >&2
    do_exit 1;
fi
shift; script="$1"
shift; mode="$1"
shift; sender="$*"

echo "$pgm: script=$script mode=$mode comment=$sender" >&2

tar_z=`file -b $tarball | grep -sq '^gzip' && echo 'z'`



# check that the tarfile has no bogus filenames in it.	Note, we
# assume that GNU tar is used
if tar t${tar_z}f $tarball 2>/dev/null | grep -sq '\.\.'; then
    tar t${tar_z}f $tarball >&2
    echo "$pgm: $tarball has bogus filenames"  >&2
    do_exit 1;
fi
if [ ${PIPESTATUS[0]} != 0 ]; then
    echo "$pgm: not a tar, but `file -b $tarball`" >&2
    do_exit 1;
fi


if [ -z "$script" -o "$script" = "none" -o "$script" = "-" ]; then
    # No script: default is to list it
    tar tv${tar_z}f $tarball
    do_exit 0;
fi


# Check for reply attacks
# We may want to enhacne the complete system, by allowing execution only
# if the signature is not too old and deleting sigid log which are older.
if [ ! -f "$sigidfile" ]; then
    echo "$pgm: no SIGIDFILE $sigidfile."  >&2
    do_exit 1;
fi
set -- `grep -s "^$sig_id " $sigidfile | head -1`
if [ -n "$1" ]; then
    echo "$pgm: already processed on $3 (sig date $2)."  >&2
    do_exit 1;
fi


# run the script
if ! PATH=$script_path $script $tarball "$tar_z" $mode "$sender"; then
    echo "$pgm: $script failed"  >&2
    do_exit 1;
fi

if ! echo "$sig_id $sig_date `date +%Y-%m-%d`" >> $sigidfile ; then
    echo "$pgm: failed to log the sigid to $sigidfile"  >&2
    do_exit 1;
fi

do_exit 0;