PageRenderTime 143ms CodeModel.GetById 98ms app.highlight 31ms RepoModel.GetById 1ms app.codeStats 1ms

/roundcubemail-0.7.2-dep/plugins/enigma/lib/Crypt/GPG.php

#
PHP | 2542 lines | 913 code | 252 blank | 1377 comment | 147 complexity | fb0d02b23b92e09fc096e5e5f8b39f24 MD5 | raw file

Large files files are truncated, but you can click here to view the full file

   1<?php
   2
   3/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
   4
   5/**
   6 * Crypt_GPG is a package to use GPG from PHP
   7 *
   8 * This package provides an object oriented interface to GNU Privacy
   9 * Guard (GPG). It requires the GPG executable to be on the system.
  10 *
  11 * Though GPG can support symmetric-key cryptography, this package is intended
  12 * only to facilitate public-key cryptography.
  13 *
  14 * This file contains the main GPG class. The class in this file lets you
  15 * encrypt, decrypt, sign and verify data; import and delete keys; and perform
  16 * other useful GPG tasks.
  17 *
  18 * Example usage:
  19 * <code>
  20 * <?php
  21 * // encrypt some data
  22 * $gpg = new Crypt_GPG();
  23 * $gpg->addEncryptKey($mySecretKeyId);
  24 * $encryptedData = $gpg->encrypt($data);
  25 * ?>
  26 * </code>
  27 *
  28 * PHP version 5
  29 *
  30 * LICENSE:
  31 *
  32 * This library is free software; you can redistribute it and/or modify
  33 * it under the terms of the GNU Lesser General Public License as
  34 * published by the Free Software Foundation; either version 2.1 of the
  35 * License, or (at your option) any later version.
  36 *
  37 * This library is distributed in the hope that it will be useful,
  38 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  39 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  40 * Lesser General Public License for more details.
  41 *
  42 * You should have received a copy of the GNU Lesser General Public
  43 * License along with this library; if not, write to the Free Software
  44 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  45 *
  46 * @category  Encryption
  47 * @package   Crypt_GPG
  48 * @author    Nathan Fredrickson <nathan@silverorange.com>
  49 * @author    Michael Gauthier <mike@silverorange.com>
  50 * @copyright 2005-2010 silverorange
  51 * @license   http://www.gnu.org/copyleft/lesser.html LGPL License 2.1
  52 * @version   CVS: $Id: GPG.php 302814 2010-08-26 15:43:07Z gauthierm $
  53 * @link      http://pear.php.net/package/Crypt_GPG
  54 * @link      http://pear.php.net/manual/en/package.encryption.crypt-gpg.php
  55 * @link      http://www.gnupg.org/
  56 */
  57
  58/**
  59 * Signature handler class
  60 */
  61require_once 'Crypt/GPG/VerifyStatusHandler.php';
  62
  63/**
  64 * Decryption handler class
  65 */
  66require_once 'Crypt/GPG/DecryptStatusHandler.php';
  67
  68/**
  69 * GPG key class
  70 */
  71require_once 'Crypt/GPG/Key.php';
  72
  73/**
  74 * GPG sub-key class
  75 */
  76require_once 'Crypt/GPG/SubKey.php';
  77
  78/**
  79 * GPG user id class
  80 */
  81require_once 'Crypt/GPG/UserId.php';
  82
  83/**
  84 * GPG process and I/O engine class
  85 */
  86require_once 'Crypt/GPG/Engine.php';
  87
  88/**
  89 * GPG exception classes
  90 */
  91require_once 'Crypt/GPG/Exceptions.php';
  92
  93// {{{ class Crypt_GPG
  94
  95/**
  96 * A class to use GPG from PHP
  97 *
  98 * This class provides an object oriented interface to GNU Privacy Guard (GPG).
  99 *
 100 * Though GPG can support symmetric-key cryptography, this class is intended
 101 * only to facilitate public-key cryptography.
 102 *
 103 * @category  Encryption
 104 * @package   Crypt_GPG
 105 * @author    Nathan Fredrickson <nathan@silverorange.com>
 106 * @author    Michael Gauthier <mike@silverorange.com>
 107 * @copyright 2005-2010 silverorange
 108 * @license   http://www.gnu.org/copyleft/lesser.html LGPL License 2.1
 109 * @link      http://pear.php.net/package/Crypt_GPG
 110 * @link      http://www.gnupg.org/
 111 */
 112class Crypt_GPG
 113{
 114    // {{{ class error constants
 115
 116    /**
 117     * Error code returned when there is no error.
 118     */
 119    const ERROR_NONE = 0;
 120
 121    /**
 122     * Error code returned when an unknown or unhandled error occurs.
 123     */
 124    const ERROR_UNKNOWN = 1;
 125
 126    /**
 127     * Error code returned when a bad passphrase is used.
 128     */
 129    const ERROR_BAD_PASSPHRASE = 2;
 130
 131    /**
 132     * Error code returned when a required passphrase is missing.
 133     */
 134    const ERROR_MISSING_PASSPHRASE = 3;
 135
 136    /**
 137     * Error code returned when a key that is already in the keyring is
 138     * imported.
 139     */
 140    const ERROR_DUPLICATE_KEY = 4;
 141
 142    /**
 143     * Error code returned the required data is missing for an operation.
 144     *
 145     * This could be missing key data, missing encrypted data or missing
 146     * signature data.
 147     */
 148    const ERROR_NO_DATA = 5;
 149
 150    /**
 151     * Error code returned when an unsigned key is used.
 152     */
 153    const ERROR_UNSIGNED_KEY = 6;
 154
 155    /**
 156     * Error code returned when a key that is not self-signed is used.
 157     */
 158    const ERROR_NOT_SELF_SIGNED = 7;
 159
 160    /**
 161     * Error code returned when a public or private key that is not in the
 162     * keyring is used.
 163     */
 164    const ERROR_KEY_NOT_FOUND = 8;
 165
 166    /**
 167     * Error code returned when an attempt to delete public key having a
 168     * private key is made.
 169     */
 170    const ERROR_DELETE_PRIVATE_KEY = 9;
 171
 172    /**
 173     * Error code returned when one or more bad signatures are detected.
 174     */
 175    const ERROR_BAD_SIGNATURE = 10;
 176
 177    /**
 178     * Error code returned when there is a problem reading GnuPG data files.
 179     */
 180    const ERROR_FILE_PERMISSIONS = 11;
 181
 182    // }}}
 183    // {{{ class constants for data signing modes
 184
 185    /**
 186     * Signing mode for normal signing of data. The signed message will not
 187     * be readable without special software.
 188     *
 189     * This is the default signing mode.
 190     *
 191     * @see Crypt_GPG::sign()
 192     * @see Crypt_GPG::signFile()
 193     */
 194    const SIGN_MODE_NORMAL = 1;
 195
 196    /**
 197     * Signing mode for clearsigning data. Clearsigned signatures are ASCII
 198     * armored data and are readable without special software. If the signed
 199     * message is unencrypted, the message will still be readable. The message
 200     * text will be in the original encoding.
 201     *
 202     * @see Crypt_GPG::sign()
 203     * @see Crypt_GPG::signFile()
 204     */
 205    const SIGN_MODE_CLEAR = 2;
 206
 207    /**
 208     * Signing mode for creating a detached signature. When using detached
 209     * signatures, only the signature data is returned. The original message
 210     * text may be distributed separately from the signature data. This is
 211     * useful for miltipart/signed email messages as per
 212     * {@link http://www.ietf.org/rfc/rfc3156.txt RFC 3156}.
 213     *
 214     * @see Crypt_GPG::sign()
 215     * @see Crypt_GPG::signFile()
 216     */
 217    const SIGN_MODE_DETACHED = 3;
 218
 219    // }}}
 220    // {{{ class constants for fingerprint formats
 221
 222    /**
 223     * No formatting is performed.
 224     *
 225     * Example: C3BC615AD9C766E5A85C1F2716D27458B1BBA1C4
 226     *
 227     * @see Crypt_GPG::getFingerprint()
 228     */
 229    const FORMAT_NONE = 1;
 230
 231    /**
 232     * Fingerprint is formatted in the format used by the GnuPG gpg command's
 233     * default output.
 234     *
 235     * Example: C3BC 615A D9C7 66E5 A85C  1F27 16D2 7458 B1BB A1C4
 236     *
 237     * @see Crypt_GPG::getFingerprint()
 238     */
 239    const FORMAT_CANONICAL = 2;
 240
 241    /**
 242     * Fingerprint is formatted in the format used when displaying X.509
 243     * certificates
 244     *
 245     * Example: C3:BC:61:5A:D9:C7:66:E5:A8:5C:1F:27:16:D2:74:58:B1:BB:A1:C4
 246     *
 247     * @see Crypt_GPG::getFingerprint()
 248     */
 249    const FORMAT_X509 = 3;
 250
 251    // }}}
 252    // {{{ other class constants
 253
 254    /**
 255     * URI at which package bugs may be reported.
 256     */
 257    const BUG_URI = 'http://pear.php.net/bugs/report.php?package=Crypt_GPG';
 258
 259    // }}}
 260    // {{{ protected class properties
 261
 262    /**
 263     * Engine used to control the GPG subprocess
 264     *
 265     * @var Crypt_GPG_Engine
 266     *
 267     * @see Crypt_GPG::setEngine()
 268     */
 269    protected $engine = null;
 270
 271    /**
 272     * Keys used to encrypt
 273     *
 274     * The array is of the form:
 275     * <code>
 276     * array(
 277     *   $key_id => array(
 278     *     'fingerprint' => $fingerprint,
 279     *     'passphrase'  => null
 280     *   )
 281     * );
 282     * </code>
 283     *
 284     * @var array
 285     * @see Crypt_GPG::addEncryptKey()
 286     * @see Crypt_GPG::clearEncryptKeys()
 287     */
 288    protected $encryptKeys = array();
 289
 290    /**
 291     * Keys used to decrypt
 292     *
 293     * The array is of the form:
 294     * <code>
 295     * array(
 296     *   $key_id => array(
 297     *     'fingerprint' => $fingerprint,
 298     *     'passphrase'  => $passphrase
 299     *   )
 300     * );
 301     * </code>
 302     *
 303     * @var array
 304     * @see Crypt_GPG::addSignKey()
 305     * @see Crypt_GPG::clearSignKeys()
 306     */
 307    protected $signKeys = array();
 308
 309    /**
 310     * Keys used to sign
 311     *
 312     * The array is of the form:
 313     * <code>
 314     * array(
 315     *   $key_id => array(
 316     *     'fingerprint' => $fingerprint,
 317     *     'passphrase'  => $passphrase
 318     *   )
 319     * );
 320     * </code>
 321     *
 322     * @var array
 323     * @see Crypt_GPG::addDecryptKey()
 324     * @see Crypt_GPG::clearDecryptKeys()
 325     */
 326    protected $decryptKeys = array();
 327
 328    // }}}
 329    // {{{ __construct()
 330
 331    /**
 332     * Creates a new GPG object
 333     *
 334     * Available options are:
 335     *
 336     * - <kbd>string  homedir</kbd>        - the directory where the GPG
 337     *                                       keyring files are stored. If not
 338     *                                       specified, Crypt_GPG uses the
 339     *                                       default of <kbd>~/.gnupg</kbd>.
 340     * - <kbd>string  publicKeyring</kbd>  - the file path of the public
 341     *                                       keyring. Use this if the public
 342     *                                       keyring is not in the homedir, or
 343     *                                       if the keyring is in a directory
 344     *                                       not writable by the process
 345     *                                       invoking GPG (like Apache). Then
 346     *                                       you can specify the path to the
 347     *                                       keyring with this option
 348     *                                       (/foo/bar/pubring.gpg), and specify
 349     *                                       a writable directory (like /tmp)
 350     *                                       using the <i>homedir</i> option.
 351     * - <kbd>string  privateKeyring</kbd> - the file path of the private
 352     *                                       keyring. Use this if the private
 353     *                                       keyring is not in the homedir, or
 354     *                                       if the keyring is in a directory
 355     *                                       not writable by the process
 356     *                                       invoking GPG (like Apache). Then
 357     *                                       you can specify the path to the
 358     *                                       keyring with this option
 359     *                                       (/foo/bar/secring.gpg), and specify
 360     *                                       a writable directory (like /tmp)
 361     *                                       using the <i>homedir</i> option.
 362     * - <kbd>string  trustDb</kbd>        - the file path of the web-of-trust
 363     *                                       database. Use this if the trust
 364     *                                       database is not in the homedir, or
 365     *                                       if the database is in a directory
 366     *                                       not writable by the process
 367     *                                       invoking GPG (like Apache). Then
 368     *                                       you can specify the path to the
 369     *                                       trust database with this option
 370     *                                       (/foo/bar/trustdb.gpg), and specify
 371     *                                       a writable directory (like /tmp)
 372     *                                       using the <i>homedir</i> option.
 373     * - <kbd>string  binary</kbd>         - the location of the GPG binary. If
 374     *                                       not specified, the driver attempts
 375     *                                       to auto-detect the GPG binary
 376     *                                       location using a list of known
 377     *                                       default locations for the current
 378     *                                       operating system. The option
 379     *                                       <kbd>gpgBinary</kbd> is a
 380     *                                       deprecated alias for this option.
 381     * - <kbd>boolean debug</kbd>          - whether or not to use debug mode.
 382     *                                       When debug mode is on, all
 383     *                                       communication to and from the GPG
 384     *                                       subprocess is logged. This can be
 385     *
 386     * @param array $options optional. An array of options used to create the
 387     *                       GPG object. All options are optional and are
 388     *                       represented as key-value pairs.
 389     *
 390     * @throws Crypt_GPG_FileException if the <kbd>homedir</kbd> does not exist
 391     *         and cannot be created. This can happen if <kbd>homedir</kbd> is
 392     *         not specified, Crypt_GPG is run as the web user, and the web
 393     *         user has no home directory. This exception is also thrown if any
 394     *         of the options <kbd>publicKeyring</kbd>,
 395     *         <kbd>privateKeyring</kbd> or <kbd>trustDb</kbd> options are
 396     *         specified but the files do not exist or are are not readable.
 397     *         This can happen if the user running the Crypt_GPG process (for
 398     *         example, the Apache user) does not have permission to read the
 399     *         files.
 400     *
 401     * @throws PEAR_Exception if the provided <kbd>binary</kbd> is invalid, or
 402     *         if no <kbd>binary</kbd> is provided and no suitable binary could
 403     *         be found.
 404     */
 405    public function __construct(array $options = array())
 406    {
 407        $this->setEngine(new Crypt_GPG_Engine($options));
 408    }
 409
 410    // }}}
 411    // {{{ importKey()
 412
 413    /**
 414     * Imports a public or private key into the keyring
 415     *
 416     * Keys may be removed from the keyring using
 417     * {@link Crypt_GPG::deletePublicKey()} or
 418     * {@link Crypt_GPG::deletePrivateKey()}.
 419     *
 420     * @param string $data the key data to be imported.
 421     *
 422     * @return array an associative array containing the following elements:
 423     *               - <kbd>fingerprint</kbd>       - the fingerprint of the
 424     *                                                imported key,
 425     *               - <kbd>public_imported</kbd>   - the number of public
 426     *                                                keys imported,
 427     *               - <kbd>public_unchanged</kbd>  - the number of unchanged
 428     *                                                public keys,
 429     *               - <kbd>private_imported</kbd>  - the number of private
 430     *                                                keys imported,
 431     *               - <kbd>private_unchanged</kbd> - the number of unchanged
 432     *                                                private keys.
 433     *
 434     * @throws Crypt_GPG_NoDataException if the key data is missing or if the
 435     *         data is is not valid key data.
 436     *
 437     * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
 438     *         Use the <kbd>debug</kbd> option and file a bug report if these
 439     *         exceptions occur.
 440     */
 441    public function importKey($data)
 442    {
 443        return $this->_importKey($data, false);
 444    }
 445
 446    // }}}
 447    // {{{ importKeyFile()
 448
 449    /**
 450     * Imports a public or private key file into the keyring
 451     *
 452     * Keys may be removed from the keyring using
 453     * {@link Crypt_GPG::deletePublicKey()} or
 454     * {@link Crypt_GPG::deletePrivateKey()}.
 455     *
 456     * @param string $filename the key file to be imported.
 457     *
 458     * @return array an associative array containing the following elements:
 459     *               - <kbd>fingerprint</kbd>       - the fingerprint of the
 460     *                                                imported key,
 461     *               - <kbd>public_imported</kbd>   - the number of public
 462     *                                                keys imported,
 463     *               - <kbd>public_unchanged</kbd>  - the number of unchanged
 464     *                                                public keys,
 465     *               - <kbd>private_imported</kbd>  - the number of private
 466     *                                                keys imported,
 467     *               - <kbd>private_unchanged</kbd> - the number of unchanged
 468     *                                                private keys.
 469     *                                                  private keys.
 470     *
 471     * @throws Crypt_GPG_NoDataException if the key data is missing or if the
 472     *         data is is not valid key data.
 473     *
 474     * @throws Crypt_GPG_FileException if the key file is not readable.
 475     *
 476     * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
 477     *         Use the <kbd>debug</kbd> option and file a bug report if these
 478     *         exceptions occur.
 479     */
 480    public function importKeyFile($filename)
 481    {
 482        return $this->_importKey($filename, true);
 483    }
 484
 485    // }}}
 486    // {{{ exportPublicKey()
 487
 488    /**
 489     * Exports a public key from the keyring
 490     *
 491     * The exported key remains on the keyring. To delete the public key, use
 492     * {@link Crypt_GPG::deletePublicKey()}.
 493     *
 494     * If more than one key fingerprint is available for the specified
 495     * <kbd>$keyId</kbd> (for example, if you use a non-unique uid) only the
 496     * first public key is exported.
 497     *
 498     * @param string  $keyId either the full uid of the public key, the email
 499     *                       part of the uid of the public key or the key id of
 500     *                       the public key. For example,
 501     *                       "Test User (example) <test@example.com>",
 502     *                       "test@example.com" or a hexadecimal string.
 503     * @param boolean $armor optional. If true, ASCII armored data is returned;
 504     *                       otherwise, binary data is returned. Defaults to
 505     *                       true.
 506     *
 507     * @return string the public key data.
 508     *
 509     * @throws Crypt_GPG_KeyNotFoundException if a public key with the given
 510     *         <kbd>$keyId</kbd> is not found.
 511     *
 512     * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
 513     *         Use the <kbd>debug</kbd> option and file a bug report if these
 514     *         exceptions occur.
 515     */
 516    public function exportPublicKey($keyId, $armor = true)
 517    {
 518        $fingerprint = $this->getFingerprint($keyId);
 519
 520        if ($fingerprint === null) {
 521            throw new Crypt_GPG_KeyNotFoundException(
 522                'Public key not found: ' . $keyId,
 523                Crypt_GPG::ERROR_KEY_NOT_FOUND, $keyId);
 524        }
 525
 526        $keyData   = '';
 527        $operation = '--export ' . escapeshellarg($fingerprint);
 528        $arguments = ($armor) ? array('--armor') : array();
 529
 530        $this->engine->reset();
 531        $this->engine->setOutput($keyData);
 532        $this->engine->setOperation($operation, $arguments);
 533        $this->engine->run();
 534
 535        $code = $this->engine->getErrorCode();
 536
 537        if ($code !== Crypt_GPG::ERROR_NONE) {
 538            throw new Crypt_GPG_Exception(
 539                'Unknown error exporting public key. Please use the ' .
 540                '\'debug\' option when creating the Crypt_GPG object, and ' .
 541                'file a bug report at ' . self::BUG_URI, $code);
 542        }
 543
 544        return $keyData;
 545    }
 546
 547    // }}}
 548    // {{{ deletePublicKey()
 549
 550    /**
 551     * Deletes a public key from the keyring
 552     *
 553     * If more than one key fingerprint is available for the specified
 554     * <kbd>$keyId</kbd> (for example, if you use a non-unique uid) only the
 555     * first public key is deleted.
 556     *
 557     * The private key must be deleted first or an exception will be thrown.
 558     * See {@link Crypt_GPG::deletePrivateKey()}.
 559     *
 560     * @param string $keyId either the full uid of the public key, the email
 561     *                      part of the uid of the public key or the key id of
 562     *                      the public key. For example,
 563     *                      "Test User (example) <test@example.com>",
 564     *                      "test@example.com" or a hexadecimal string.
 565     *
 566     * @return void
 567     *
 568     * @throws Crypt_GPG_KeyNotFoundException if a public key with the given
 569     *         <kbd>$keyId</kbd> is not found.
 570     *
 571     * @throws Crypt_GPG_DeletePrivateKeyException if the specified public key
 572     *         has an associated private key on the keyring. The private key
 573     *         must be deleted first.
 574     *
 575     * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
 576     *         Use the <kbd>debug</kbd> option and file a bug report if these
 577     *         exceptions occur.
 578     */
 579    public function deletePublicKey($keyId)
 580    {
 581        $fingerprint = $this->getFingerprint($keyId);
 582
 583        if ($fingerprint === null) {
 584            throw new Crypt_GPG_KeyNotFoundException(
 585                'Public key not found: ' . $keyId,
 586                Crypt_GPG::ERROR_KEY_NOT_FOUND, $keyId);
 587        }
 588
 589        $operation = '--delete-key ' . escapeshellarg($fingerprint);
 590        $arguments = array(
 591            '--batch',
 592            '--yes'
 593        );
 594
 595        $this->engine->reset();
 596        $this->engine->setOperation($operation, $arguments);
 597        $this->engine->run();
 598
 599        $code = $this->engine->getErrorCode();
 600
 601        switch ($code) {
 602        case Crypt_GPG::ERROR_NONE:
 603            break;
 604        case Crypt_GPG::ERROR_DELETE_PRIVATE_KEY:
 605            throw new Crypt_GPG_DeletePrivateKeyException(
 606                'Private key must be deleted before public key can be ' .
 607                'deleted.', $code, $keyId);
 608        default:
 609            throw new Crypt_GPG_Exception(
 610                'Unknown error deleting public key. Please use the ' .
 611                '\'debug\' option when creating the Crypt_GPG object, and ' .
 612                'file a bug report at ' . self::BUG_URI, $code);
 613        }
 614    }
 615
 616    // }}}
 617    // {{{ deletePrivateKey()
 618
 619    /**
 620     * Deletes a private key from the keyring
 621     *
 622     * If more than one key fingerprint is available for the specified
 623     * <kbd>$keyId</kbd> (for example, if you use a non-unique uid) only the
 624     * first private key is deleted.
 625     *
 626     * Calls GPG with the <kbd>--delete-secret-key</kbd> command.
 627     *
 628     * @param string $keyId either the full uid of the private key, the email
 629     *                      part of the uid of the private key or the key id of
 630     *                      the private key. For example,
 631     *                      "Test User (example) <test@example.com>",
 632     *                      "test@example.com" or a hexadecimal string.
 633     *
 634     * @return void
 635     *
 636     * @throws Crypt_GPG_KeyNotFoundException if a private key with the given
 637     *         <kbd>$keyId</kbd> is not found.
 638     *
 639     * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
 640     *         Use the <kbd>debug</kbd> option and file a bug report if these
 641     *         exceptions occur.
 642     */
 643    public function deletePrivateKey($keyId)
 644    {
 645        $fingerprint = $this->getFingerprint($keyId);
 646
 647        if ($fingerprint === null) {
 648            throw new Crypt_GPG_KeyNotFoundException(
 649                'Private key not found: ' . $keyId,
 650                Crypt_GPG::ERROR_KEY_NOT_FOUND, $keyId);
 651        }
 652
 653        $operation = '--delete-secret-key ' . escapeshellarg($fingerprint);
 654        $arguments = array(
 655            '--batch',
 656            '--yes'
 657        );
 658
 659        $this->engine->reset();
 660        $this->engine->setOperation($operation, $arguments);
 661        $this->engine->run();
 662
 663        $code = $this->engine->getErrorCode();
 664
 665        switch ($code) {
 666        case Crypt_GPG::ERROR_NONE:
 667            break;
 668        case Crypt_GPG::ERROR_KEY_NOT_FOUND:
 669            throw new Crypt_GPG_KeyNotFoundException(
 670                'Private key not found: ' . $keyId,
 671                $code, $keyId);
 672        default:
 673            throw new Crypt_GPG_Exception(
 674                'Unknown error deleting private key. Please use the ' .
 675                '\'debug\' option when creating the Crypt_GPG object, and ' .
 676                'file a bug report at ' . self::BUG_URI, $code);
 677        }
 678    }
 679
 680    // }}}
 681    // {{{ getKeys()
 682
 683    /**
 684     * Gets the available keys in the keyring
 685     *
 686     * Calls GPG with the <kbd>--list-keys</kbd> command and grabs keys. See
 687     * the first section of <b>doc/DETAILS</b> in the
 688     * {@link http://www.gnupg.org/download/ GPG package} for a detailed
 689     * description of how the GPG command output is parsed.
 690     *
 691     * @param string $keyId optional. Only keys with that match the specified
 692     *                      pattern are returned. The pattern may be part of
 693     *                      a user id, a key id or a key fingerprint. If not
 694     *                      specified, all keys are returned.
 695     *
 696     * @return array an array of {@link Crypt_GPG_Key} objects. If no keys
 697     *               match the specified <kbd>$keyId</kbd> an empty array is
 698     *               returned.
 699     *
 700     * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
 701     *         Use the <kbd>debug</kbd> option and file a bug report if these
 702     *         exceptions occur.
 703     *
 704     * @see Crypt_GPG_Key
 705     */
 706    public function getKeys($keyId = '')
 707    {
 708        // get private key fingerprints
 709        if ($keyId == '') {
 710            $operation = '--list-secret-keys';
 711        } else {
 712            $operation = '--list-secret-keys ' . escapeshellarg($keyId);
 713        }
 714
 715        // According to The file 'doc/DETAILS' in the GnuPG distribution, using
 716        // double '--with-fingerprint' also prints the fingerprint for subkeys.
 717        $arguments = array(
 718            '--with-colons',
 719            '--with-fingerprint',
 720            '--with-fingerprint',
 721            '--fixed-list-mode'
 722        );
 723
 724        $output = '';
 725
 726        $this->engine->reset();
 727        $this->engine->setOutput($output);
 728        $this->engine->setOperation($operation, $arguments);
 729        $this->engine->run();
 730
 731        $code = $this->engine->getErrorCode();
 732
 733        switch ($code) {
 734        case Crypt_GPG::ERROR_NONE:
 735        case Crypt_GPG::ERROR_KEY_NOT_FOUND:
 736            // ignore not found key errors
 737            break;
 738        case Crypt_GPG::ERROR_FILE_PERMISSIONS:
 739            $filename = $this->engine->getErrorFilename();
 740            if ($filename) {
 741                throw new Crypt_GPG_FileException(sprintf(
 742                    'Error reading GnuPG data file \'%s\'. Check to make ' .
 743                    'sure it is readable by the current user.', $filename),
 744                    $code, $filename);
 745            }
 746            throw new Crypt_GPG_FileException(
 747                'Error reading GnuPG data file. Check to make GnuPG data ' .
 748                'files are readable by the current user.', $code);
 749        default:
 750            throw new Crypt_GPG_Exception(
 751                'Unknown error getting keys. Please use the \'debug\' option ' .
 752                'when creating the Crypt_GPG object, and file a bug report ' .
 753                'at ' . self::BUG_URI, $code);
 754        }
 755
 756        $privateKeyFingerprints = array();
 757
 758        $lines = explode(PHP_EOL, $output);
 759        foreach ($lines as $line) {
 760            $lineExp = explode(':', $line);
 761            if ($lineExp[0] == 'fpr') {
 762                $privateKeyFingerprints[] = $lineExp[9];
 763            }
 764        }
 765
 766        // get public keys
 767        if ($keyId == '') {
 768            $operation = '--list-public-keys';
 769        } else {
 770            $operation = '--list-public-keys ' . escapeshellarg($keyId);
 771        }
 772
 773        $output = '';
 774
 775        $this->engine->reset();
 776        $this->engine->setOutput($output);
 777        $this->engine->setOperation($operation, $arguments);
 778        $this->engine->run();
 779
 780        $code = $this->engine->getErrorCode();
 781
 782        switch ($code) {
 783        case Crypt_GPG::ERROR_NONE:
 784        case Crypt_GPG::ERROR_KEY_NOT_FOUND:
 785            // ignore not found key errors
 786            break;
 787        case Crypt_GPG::ERROR_FILE_PERMISSIONS:
 788            $filename = $this->engine->getErrorFilename();
 789            if ($filename) {
 790                throw new Crypt_GPG_FileException(sprintf(
 791                    'Error reading GnuPG data file \'%s\'. Check to make ' .
 792                    'sure it is readable by the current user.', $filename),
 793                    $code, $filename);
 794            }
 795            throw new Crypt_GPG_FileException(
 796                'Error reading GnuPG data file. Check to make GnuPG data ' .
 797                'files are readable by the current user.', $code);
 798        default:
 799            throw new Crypt_GPG_Exception(
 800                'Unknown error getting keys. Please use the \'debug\' option ' .
 801                'when creating the Crypt_GPG object, and file a bug report ' .
 802                'at ' . self::BUG_URI, $code);
 803        }
 804
 805        $keys = array();
 806
 807        $key    = null; // current key
 808        $subKey = null; // current sub-key
 809
 810        $lines = explode(PHP_EOL, $output);
 811        foreach ($lines as $line) {
 812            $lineExp = explode(':', $line);
 813
 814            if ($lineExp[0] == 'pub') {
 815
 816                // new primary key means last key should be added to the array
 817                if ($key !== null) {
 818                    $keys[] = $key;
 819                }
 820
 821                $key = new Crypt_GPG_Key();
 822
 823                $subKey = Crypt_GPG_SubKey::parse($line);
 824                $key->addSubKey($subKey);
 825
 826            } elseif ($lineExp[0] == 'sub') {
 827
 828                $subKey = Crypt_GPG_SubKey::parse($line);
 829                $key->addSubKey($subKey);
 830
 831            } elseif ($lineExp[0] == 'fpr') {
 832
 833                $fingerprint = $lineExp[9];
 834
 835                // set current sub-key fingerprint
 836                $subKey->setFingerprint($fingerprint);
 837
 838                // if private key exists, set has private to true
 839                if (in_array($fingerprint, $privateKeyFingerprints)) {
 840                    $subKey->setHasPrivate(true);
 841                }
 842
 843            } elseif ($lineExp[0] == 'uid') {
 844
 845                $string = stripcslashes($lineExp[9]); // as per documentation
 846                $userId = new Crypt_GPG_UserId($string);
 847
 848                if ($lineExp[1] == 'r') {
 849                    $userId->setRevoked(true);
 850                }
 851
 852                $key->addUserId($userId);
 853
 854            }
 855        }
 856
 857        // add last key
 858        if ($key !== null) {
 859            $keys[] = $key;
 860        }
 861
 862        return $keys;
 863    }
 864
 865    // }}}
 866    // {{{ getFingerprint()
 867
 868    /**
 869     * Gets a key fingerprint from the keyring
 870     *
 871     * If more than one key fingerprint is available (for example, if you use
 872     * a non-unique user id) only the first key fingerprint is returned.
 873     *
 874     * Calls the GPG <kbd>--list-keys</kbd> command with the
 875     * <kbd>--with-fingerprint</kbd> option to retrieve a public key
 876     * fingerprint.
 877     *
 878     * @param string  $keyId  either the full user id of the key, the email
 879     *                        part of the user id of the key, or the key id of
 880     *                        the key. For example,
 881     *                        "Test User (example) <test@example.com>",
 882     *                        "test@example.com" or a hexadecimal string.
 883     * @param integer $format optional. How the fingerprint should be formatted.
 884     *                        Use {@link Crypt_GPG::FORMAT_X509} for X.509
 885     *                        certificate format,
 886     *                        {@link Crypt_GPG::FORMAT_CANONICAL} for the format
 887     *                        used by GnuPG output and
 888     *                        {@link Crypt_GPG::FORMAT_NONE} for no formatting.
 889     *                        Defaults to <code>Crypt_GPG::FORMAT_NONE</code>.
 890     *
 891     * @return string the fingerprint of the key, or null if no fingerprint
 892     *                is found for the given <kbd>$keyId</kbd>.
 893     *
 894     * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
 895     *         Use the <kbd>debug</kbd> option and file a bug report if these
 896     *         exceptions occur.
 897     */
 898    public function getFingerprint($keyId, $format = Crypt_GPG::FORMAT_NONE)
 899    {
 900        $output    = '';
 901        $operation = '--list-keys ' . escapeshellarg($keyId);
 902        $arguments = array(
 903            '--with-colons',
 904            '--with-fingerprint'
 905        );
 906
 907        $this->engine->reset();
 908        $this->engine->setOutput($output);
 909        $this->engine->setOperation($operation, $arguments);
 910        $this->engine->run();
 911
 912        $code = $this->engine->getErrorCode();
 913
 914        switch ($code) {
 915        case Crypt_GPG::ERROR_NONE:
 916        case Crypt_GPG::ERROR_KEY_NOT_FOUND:
 917            // ignore not found key errors
 918            break;
 919        default:
 920            throw new Crypt_GPG_Exception(
 921                'Unknown error getting key fingerprint. Please use the ' .
 922                '\'debug\' option when creating the Crypt_GPG object, and ' .
 923                'file a bug report at ' . self::BUG_URI, $code);
 924        }
 925
 926        $fingerprint = null;
 927
 928        $lines = explode(PHP_EOL, $output);
 929        foreach ($lines as $line) {
 930            if (substr($line, 0, 3) == 'fpr') {
 931                $lineExp     = explode(':', $line);
 932                $fingerprint = $lineExp[9];
 933
 934                switch ($format) {
 935                case Crypt_GPG::FORMAT_CANONICAL:
 936                    $fingerprintExp = str_split($fingerprint, 4);
 937                    $format         = '%s %s %s %s %s  %s %s %s %s %s';
 938                    $fingerprint    = vsprintf($format, $fingerprintExp);
 939                    break;
 940
 941                case Crypt_GPG::FORMAT_X509:
 942                    $fingerprintExp = str_split($fingerprint, 2);
 943                    $fingerprint    = implode(':', $fingerprintExp);
 944                    break;
 945                }
 946
 947                break;
 948            }
 949        }
 950
 951        return $fingerprint;
 952    }
 953
 954    // }}}
 955    // {{{ encrypt()
 956
 957    /**
 958     * Encrypts string data
 959     *
 960     * Data is ASCII armored by default but may optionally be returned as
 961     * binary.
 962     *
 963     * @param string  $data  the data to be encrypted.
 964     * @param boolean $armor optional. If true, ASCII armored data is returned;
 965     *                       otherwise, binary data is returned. Defaults to
 966     *                       true.
 967     *
 968     * @return string the encrypted data.
 969     *
 970     * @throws Crypt_GPG_KeyNotFoundException if no encryption key is specified.
 971     *         See {@link Crypt_GPG::addEncryptKey()}.
 972     *
 973     * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
 974     *         Use the <kbd>debug</kbd> option and file a bug report if these
 975     *         exceptions occur.
 976     *
 977     * @sensitive $data
 978     */
 979    public function encrypt($data, $armor = true)
 980    {
 981        return $this->_encrypt($data, false, null, $armor);
 982    }
 983
 984    // }}}
 985    // {{{ encryptFile()
 986
 987    /**
 988     * Encrypts a file
 989     *
 990     * Encrypted data is ASCII armored by default but may optionally be saved
 991     * as binary.
 992     *
 993     * @param string  $filename      the filename of the file to encrypt.
 994     * @param string  $encryptedFile optional. The filename of the file in
 995     *                               which to store the encrypted data. If null
 996     *                               or unspecified, the encrypted data is
 997     *                               returned as a string.
 998     * @param boolean $armor         optional. If true, ASCII armored data is
 999     *                               returned; otherwise, binary data is
1000     *                               returned. Defaults to true.
1001     *
1002     * @return void|string if the <kbd>$encryptedFile</kbd> parameter is null,
1003     *                     a string containing the encrypted data is returned.
1004     *
1005     * @throws Crypt_GPG_KeyNotFoundException if no encryption key is specified.
1006     *         See {@link Crypt_GPG::addEncryptKey()}.
1007     *
1008     * @throws Crypt_GPG_FileException if the output file is not writeable or
1009     *         if the input file is not readable.
1010     *
1011     * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
1012     *         Use the <kbd>debug</kbd> option and file a bug report if these
1013     *         exceptions occur.
1014     */
1015    public function encryptFile($filename, $encryptedFile = null, $armor = true)
1016    {
1017        return $this->_encrypt($filename, true, $encryptedFile, $armor);
1018    }
1019
1020    // }}}
1021    // {{{ encryptAndSign()
1022
1023    /**
1024     * Encrypts and signs data
1025     *
1026     * Data is encrypted and signed in a single pass.
1027     *
1028     * NOTE: Until GnuPG version 1.4.10, it was not possible to verify
1029     * encrypted-signed data without decrypting it at the same time. If you try
1030     * to use {@link Crypt_GPG::verify()} method on encrypted-signed data with
1031     * earlier GnuPG versions, you will get an error. Please use
1032     * {@link Crypt_GPG::decryptAndVerify()} to verify encrypted-signed data.
1033     *
1034     * @param string  $data  the data to be encrypted and signed.
1035     * @param boolean $armor optional. If true, ASCII armored data is returned;
1036     *                       otherwise, binary data is returned. Defaults to
1037     *                       true.
1038     *
1039     * @return string the encrypted signed data.
1040     *
1041     * @throws Crypt_GPG_KeyNotFoundException if no encryption key is specified
1042     *         or if no signing key is specified. See
1043     *         {@link Crypt_GPG::addEncryptKey()} and
1044     *         {@link Crypt_GPG::addSignKey()}.
1045     *
1046     * @throws Crypt_GPG_BadPassphraseException if a specified passphrase is
1047     *         incorrect or if a required passphrase is not specified.
1048     *
1049     * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
1050     *         Use the <kbd>debug</kbd> option and file a bug report if these
1051     *         exceptions occur.
1052     *
1053     * @see Crypt_GPG::decryptAndVerify()
1054     */
1055    public function encryptAndSign($data, $armor = true)
1056    {
1057        return $this->_encryptAndSign($data, false, null, $armor);
1058    }
1059
1060    // }}}
1061    // {{{ encryptAndSignFile()
1062
1063    /**
1064     * Encrypts and signs a file
1065     *
1066     * The file is encrypted and signed in a single pass.
1067     *
1068     * NOTE: Until GnuPG version 1.4.10, it was not possible to verify
1069     * encrypted-signed files without decrypting them at the same time. If you
1070     * try to use {@link Crypt_GPG::verify()} method on encrypted-signed files
1071     * with earlier GnuPG versions, you will get an error. Please use
1072     * {@link Crypt_GPG::decryptAndVerifyFile()} to verify encrypted-signed
1073     * files.
1074     *
1075     * @param string  $filename   the name of the file containing the data to
1076     *                            be encrypted and signed.
1077     * @param string  $signedFile optional. The name of the file in which the
1078     *                            encrypted, signed data should be stored. If
1079     *                            null or unspecified, the encrypted, signed
1080     *                            data is returned as a string.
1081     * @param boolean $armor      optional. If true, ASCII armored data is
1082     *                            returned; otherwise, binary data is returned.
1083     *                            Defaults to true.
1084     *
1085     * @return void|string if the <kbd>$signedFile</kbd> parameter is null, a
1086     *                     string containing the encrypted, signed data is
1087     *                     returned.
1088     *
1089     * @throws Crypt_GPG_KeyNotFoundException if no encryption key is specified
1090     *         or if no signing key is specified. See
1091     *         {@link Crypt_GPG::addEncryptKey()} and
1092     *         {@link Crypt_GPG::addSignKey()}.
1093     *
1094     * @throws Crypt_GPG_BadPassphraseException if a specified passphrase is
1095     *         incorrect or if a required passphrase is not specified.
1096     *
1097     * @throws Crypt_GPG_FileException if the output file is not writeable or
1098     *         if the input file is not readable.
1099     *
1100     * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
1101     *         Use the <kbd>debug</kbd> option and file a bug report if these
1102     *         exceptions occur.
1103     *
1104     * @see Crypt_GPG::decryptAndVerifyFile()
1105     */
1106    public function encryptAndSignFile($filename, $signedFile = null,
1107        $armor = true
1108    ) {
1109        return $this->_encryptAndSign($filename, true, $signedFile, $armor);
1110    }
1111
1112    // }}}
1113    // {{{ decrypt()
1114
1115    /**
1116     * Decrypts string data
1117     *
1118     * This method assumes the required private key is available in the keyring
1119     * and throws an exception if the private key is not available. To add a
1120     * private key to the keyring, use the {@link Crypt_GPG::importKey()} or
1121     * {@link Crypt_GPG::importKeyFile()} methods.
1122     *
1123     * @param string $encryptedData the data to be decrypted.
1124     *
1125     * @return string the decrypted data.
1126     *
1127     * @throws Crypt_GPG_KeyNotFoundException if the private key needed to
1128     *         decrypt the data is not in the user's keyring.
1129     *
1130     * @throws Crypt_GPG_NoDataException if specified data does not contain
1131     *         GPG encrypted data.
1132     *
1133     * @throws Crypt_GPG_BadPassphraseException if a required passphrase is
1134     *         incorrect or if a required passphrase is not specified. See
1135     *         {@link Crypt_GPG::addDecryptKey()}.
1136     *
1137     * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
1138     *         Use the <kbd>debug</kbd> option and file a bug report if these
1139     *         exceptions occur.
1140     */
1141    public function decrypt($encryptedData)
1142    {
1143        return $this->_decrypt($encryptedData, false, null);
1144    }
1145
1146    // }}}
1147    // {{{ decryptFile()
1148
1149    /**
1150     * Decrypts a file
1151     *
1152     * This method assumes the required private key is available in the keyring
1153     * and throws an exception if the private key is not available. To add a
1154     * private key to the keyring, use the {@link Crypt_GPG::importKey()} or
1155     * {@link Crypt_GPG::importKeyFile()} methods.
1156     *
1157     * @param string $encryptedFile the name of the encrypted file data to
1158     *                              decrypt.
1159     * @param string $decryptedFile optional. The name of the file to which the
1160     *                              decrypted data should be written. If null
1161     *                              or unspecified, the decrypted data is
1162     *                              returned as a string.
1163     *
1164     * @return void|string if the <kbd>$decryptedFile</kbd> parameter is null,
1165     *                     a string containing the decrypted data is returned.
1166     *
1167     * @throws Crypt_GPG_KeyNotFoundException if the private key needed to
1168     *         decrypt the data is not in the user's keyring.
1169     *
1170     * @throws Crypt_GPG_NoDataException if specified data does not contain
1171     *         GPG encrypted data.
1172     *
1173     * @throws Crypt_GPG_BadPassphraseException if a required passphrase is
1174     *         incorrect or if a required passphrase is not specified. See
1175     *         {@link Crypt_GPG::addDecryptKey()}.
1176     *
1177     * @throws Crypt_GPG_FileException if the output file is not writeable or
1178     *         if the input file is not readable.
1179     *
1180     * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
1181     *         Use the <kbd>debug</kbd> option and file a bug report if these
1182     *         exceptions occur.
1183     */
1184    public function decryptFile($encryptedFile, $decryptedFile = null)
1185    {
1186        return $this->_decrypt($encryptedFile, true, $decryptedFile);
1187    }
1188
1189    // }}}
1190    // {{{ decryptAndVerify()
1191
1192    /**
1193     * Decrypts and verifies string data
1194     *
1195     * This method assumes the required private key is available in the keyring
1196     * and throws an exception if the private key is not available. To add a
1197     * private key to the keyring, use the {@link Crypt_GPG::importKey()} or
1198     * {@link Crypt_GPG::importKeyFile()} methods.
1199     *
1200     * @param string $encryptedData the encrypted, signed data to be decrypted
1201     *                              and verified.
1202     *
1203     * @return array two element array. The array has an element 'data'
1204     *               containing the decrypted data and an element
1205     *               'signatures' containing an array of
1206     *               {@link Crypt_GPG_Signature} objects for the signed data.
1207     *
1208     * @throws Crypt_GPG_KeyNotFoundException if the private key needed to
1209     *         decrypt the data is not in the user's keyring.
1210     *
1211     * @throws Crypt_GPG_NoDataException if specified data does not contain
1212     *         GPG encrypted data.
1213     *
1214     * @throws Crypt_GPG_BadPassphraseException if a required passphrase is
1215     *         incorrect or if a required passphrase is not specified. See
1216     *         {@link Crypt_GPG::addDecryptKey()}.
1217     *
1218     * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
1219     *         Use the <kbd>debug</kbd> option and file a bug report if these
1220     *         exceptions occur.
1221     */
1222    public function decryptAndVerify($encryptedData)
1223    {
1224        return $this->_decryptAndVerify($encryptedData, false, null);
1225    }
1226
1227    // }}}
1228    // {{{ decryptAndVerifyFile()
1229
1230    /**
1231     * Decrypts and verifies a signed, encrypted file
1232     *
1233     * This method assumes the required private key is available in the keyring
1234     * and throws an exception if the private key is not available. To add a
1235     * private key to the keyring, use the {@link Crypt_GPG::importKey()} or
1236     * {@link Crypt_GPG::importKeyFile()} methods.
1237     *
1238     * @param string $encryptedFile the name of the signed, encrypted file to
1239     *                              to decrypt and verify.
1240     * @param string $decryptedFile optional. The name of the file to which the
1241     *                              decrypted data should be written. If null
1242     *                              or unspecified, the decrypted data is
1243     *                              returned in the results array.
1244     *
1245     * @return array two element array. The array has an element 'data'
1246     *               containing the decrypted data and an element
1247     *               'signatures' containing an array of
1248     *               {@link Crypt_GPG_Signature} objects for the signed data.
1249     *               If the decrypted data is written to a file, the 'data'
1250     *               element is null.
1251     *
1252     * @throws Crypt_GPG_KeyNotFoundException if the private key needed to
1253     *         decrypt the data is not in the user's keyring.
1254     *
1255     * @throws Crypt_GPG_NoDataException if specified data does not contain
1256     *         GPG encrypted data.
1257     *
1258     * @throws Crypt_GPG_BadPassphraseException if a required passphrase is
1259     *         incorrect or if a required passphrase is not specified. See
1260     *         {@link Crypt_GPG::addDecryptKey()}.
1261     *
1262     * @throws Crypt_GPG_FileException if the output file is not writeable or
1263     *         if the input file is not readable.
1264     *
1265     * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
1266     *         Use the <kbd>debug</kbd> option and file a bug report if these
1267     *         exceptions occur.
1268     */
1269    public function decryptAndVerifyFile($encryptedFile, $decryptedFile = null)
1270    {
1271        return $this->_decryptAndVerify($encryptedFile, true, $decryptedFile);
1272    }
1273
1274    // }}}
1275    // {{{ sign()
1276
1277    /**
1278     * Signs data
1279     *
1280     * Data may be signed using any one of the three available signing modes:
1281     * - {@link Crypt_GPG::SIGN_MODE_NORMAL}
1282     * - {@link Crypt_GPG::SIGN_MODE_CLEAR}
1283     * - {@link Crypt_GPG::SIGN_MODE_DETACHED}
1284     *
1285     * @param string  $data     the data to be signed.
1286     * @param boolean $mode     optional. The data signing mode to use. Should
1287     *                          be one of {@link Crypt_GPG::SIGN_MODE_NORMAL},
1288     *                          {@link Crypt_GPG::SIGN_MODE_CLEAR} or
1289     *                          {@link Crypt_GPG::SIGN_MODE_DETACHED}. If not
1290     *                          specified, defaults to
1291     *                          <kbd>Crypt_GPG::SIGN_MODE_NORMAL</kbd>.
1292     * @param boolean $armor    optional. If true, ASCII armored data is
1293     *                          returned; otherwise, binary data is returned.
1294     *                          Defaults to true. This has no effect if the
1295     *                          mode <kbd>Crypt_GPG::SIGN_MODE_CLEAR</kbd> is
1296     *                          used.
1297     * @param boolean $textmode optional. If true, line-breaks in signed data
1298     *                          are normalized. Use this option when signing
1299     *                          e-mail, or for greater compatibility between
1300     *                          systems with different line-break formats.
1301     *                          Defaults to false. This has no effect if the
1302     *                          mode <kbd>Crypt_GPG::SIGN_MODE_CLEAR</kbd> is
1303     *                          used as clear-signing always uses textmode.
1304     *
1305     * @return string the signed data, or the signature data if a detached
1306     *                signature is requested.
1307     *
1308     * @throws Crypt_GPG_KeyNotFoundException if no signing key is specified.
1309     *         See {@link Crypt_GPG::addSignKey()}.
1310     *
1311     * @throws Crypt_GPG_BadPassphraseException if a specified passphrase is
1312     *         incorrect or if a required passphrase is not specified.
1313     *
1314     * @throws Crypt_GPG_Exception if an unknown or unexpected error occurs.
1315     *         Use the <kbd>debug</kbd> option and file a bug report if these
1316     *         exceptions occur.
1317     */
1318    public function sign($data, $mode = Crypt_GPG::SIGN_MODE_NORMAL,
1319        $armor = true, $textmode = false
1320    ) {
1321        return $this->_sign($data, false, null, $mode, $armor, $textmode);
1322    }
1323
1324    // }}}
1325 

Large files files are truncated, but you can click here to view the full file