Arturo 'Buanzo' Busleiman buanzo at
Thu Apr 19 03:25:23 CEST 2007

Hash: SHA512

Hi group!

For my module mod_auth_openpgp I'm currently adding X-Auth-OpenPGP headers such as Fingerprint,
Trust, etc, but I definitely need to be able to provide the email-address (which I guess would be
pka_address). My operation is a simple verify_op against a message+signature.

So, at the end of this message you'll find the function I've written, but although I've tried
different approaches (deprecated and current ones), I've not had luck.

If I verify the same message|signature with gpgv, I get no mail address:

apache at bbs ~ $ gpgv < request.limpio.txt.asc
gpgv: keyblock resource `/var/www/.gnupg/trustedkeys.gpg': general error
gpgv: Signature made Fri Oct 20 08:46:27 2006 ART using DSA key ID 6857704D
gpgv: Can't check signature: public key not found

So I tried this:

apache at bbs ~/.gnupg $ cp pubring.gpg trustedkeys.gpg
apache at bbs ~ $ gpgv < request.limpio.txt.asc
gpgv: Signature made Fri Oct 20 08:46:27 2006 ART using DSA key ID 6857704D
gpgv: Good signature from "Arturo Alberto Busleiman (aka Buanzo) <buanzo at>"

So I thought: "ok, this was my problem, let's try again". But no, my module still does not get a
pka_address that's different from NULL.

So, I although I've spent this week trying to figure this out (even reading the gpgme source) I
couldn't get a hold on the correct way of getting pka_address filled, or even find my mistake, or

The fingerprint is correctly obtained, and matches what gpg --list-keys --fingerprint shows me.

Any ideas? Even one word might probably help me. :)

This is the code:

== cut here ==
gpg_verification (char *message, char *signature, int msgSize, char **fpr, char
**key_address,request_rec * r) {
gpgme_ctx_t		ctx;
gpgme_error_t	err;
gpgme_data_t	sign, text;
gpgme_verify_result_t result;
int retval = 1;

if (msgSize < 0) return 1;

err = gpgme_new (&ctx);
if (msgSize == 0)
	err = gpgme_data_new_from_mem (&text, message, strlen(message), 0);
	err = gpgme_data_new_from_mem (&text, message, msgSize, 0);

err = gpgme_data_new_from_mem (&sign, signature, strlen (signature), 0);
err = gpgme_op_verify (ctx, sign, text, NULL);
result = gpgme_op_verify_result (ctx);

switch (gpg_err_code (result->signatures->status)) {
	/* copy fingerprint */
	*fpr = apr_pcalloc (r->pool, strlen(result->signatures->fpr) + 1);
	memcpy ((char *) *fpr, result->signatures->fpr, strlen(result->signatures->fpr));

	/* pka_address can be null when address is unknown.. but WHY is it unknown?! */
	if (result->signatures->pka_address != NULL) {
		*key_address = apr_pcalloc (r->pool, strlen(result->signatures->pka_address) + 1);
		memcpy ((char *) *key_address, result->signatures->pka_address,
	retval = 0;
default: {
	retval = 1;

gpgme_data_release (sign);
gpgme_data_release (text);
gpgme_release (ctx);
return (retval);
== cut here ==

PS: I even tried upgrading gnupg, libgpg-error, gpgme and everything to the latest available version
in Gentoo, which seemed fairly bleeding-edge / near cvs level. I can try CVS if needed.


- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
Foros GNU/Buanzo: Respeto, Soluciones y Buena Onda:
Consulting and Secure Mail Hosting:
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the Gnupg-devel mailing list