PHP GnuPG - 签名消息失败

PHP GnuPG - Signing message fails

更新

Apparently, even though I thought I was generating keys that did not have a password, gnupg still expected a password for them (which the gnupg extension no longer supports). I regenerated a new keypair using Kleopatra on Windows and bypassed all the "no passphrase" warnings and I was able to successfully sign/encrypt with those keys.

So, the bottom line is be very sure that your key does not have a passphrase.


我正在尝试使用 PHP 的 gnupg 扩展来签署消息。我已经正确设置了环境,并且我可以成功导入密钥,并且使用 gnupg_addsignkey 添加它是成功的(returns true)。

当我尝试使用 gnupg_sign($res, "my message") 对消息进行签名时,出现以下错误并且 gnupg_sign returns false:

gnupg_sign(): data signing failed

我似乎找不到任何方法来获取更详细的信息来找出失败的原因。

我已经尝试了过程方法和 OO 方法,并得到了相同的结果。权限在服务器上都是正确的。

这是我使用的 OO 代码:

# /tmp/.gnupg is there (but empty if that helps figure out the problem)
putenv("GNUPGHOME=/tmp/.gnupg");
$gpg = new gnupg();
$gpg->seterrormode(GNUPG_ERROR_WARNING);
$ascii = file_get_contents('/etc/my.key'); // Yes, this reads successfully

$start = strpos($ascii, '-----BEGIN PGP PRIVATE KEY BLOCK-----');
$end = strpos($ascii, '-----END PGP PRIVATE KEY BLOCK-----')+34;
$key = substr($ascii, $start, ($end-$start));

$info = $gpg->import($key); // Fingerprint is there and everything seems OK
$gpg->addsignkey($info['fingerprint']);
$signed = $gpg->sign("test!"); // fails with any string I try

$signed 为假,我收到 PHP 警告 gnupg::sign(): data signing failed

你的私钥密码有保护吗? 根据 pecl/gnupg documentation,您不能为 gnupg ≥ 版本 2 传递明文密码。 因此,我猜你所能做的就是使用 未设置密码 的私钥。

IMO pecl/gnupg 错误具有误导性。