问题
I want to verify a GPG signed file (Verify archive.tar.gz with archive.tar.gz.sign).
ATM I simply call gpg directly and parse the exit code and output. While this is a works-for-me solution, I figure there must be a nicer way to do this in a more perlish way.
But as a programming novice I fail to understand how I can use the GPG CPAN modules.
Any hints are much appreciated!
回答1:
The GnuPG module on CPAN contains this in the synopsis:
use GnuPG qw( :algo );
my $gpg = new GnuPG();
$gpg->verify( signature => "file.txt.asc", file => "file.txt" );
It seems very clean.
回答2:
The Crypt::OpenPGP module may be of help. It's a pure Perl implementation of the the OpenPGP spec.
DESCRIPTION
Crypt::OpenPGP is a pure-Perl implementation of the OpenPGP standard. In addition to support for the standard itself, Crypt::OpenPGP claims compatibility with many other PGP implementations, both those that support the standard and those that preceded it.
Crypt::OpenPGP provides signing/verification, encryption/decryption, keyring management, and key-pair generation; in short it should provide you with everything you need to PGP-enable yourself.
Here's an example of using it to verify a file:
my $pgp = Crypt::OpenPGP->new;
# Verify the detached signature $signature, which should be of the
# source file $file.
my $is_valid = $pgp->verify(
Signature => $signature,
Files => [ $file ],
);
来源:https://stackoverflow.com/questions/5211655/verify-gpg-file-signature-with-perl