.
*
*************************************************************/
// check that data has arrived here via HTTPS
if ($_SERVER['HTTPS'] != "on") {
die ("Use a secure HTTPS connection to the server. Aborting ...");
}
if (strtoupper($_SERVER['REQUEST_METHOD']) != "POST") {
//check if there is a query string, then abort.
if (count($_GET) != 0){
die ("Always use POST to prevent recording of query strings. Aborting ...");
}
}
if (! is_file("gpgconfig.php")){
die ("Config file does not exist.");
}
require_once('gpgconfig.php');
if (! is_dir($GPGDIR)){
die ("GPG directory $GPGDIR does not exist.");
}
else {
$ERRORFILE = $GPGDIR."/gpgerrors";
}
if (! isset($SIGSHOWTEXTAREA)){
$SIGSHOWTEXTAREA = "no";
}
if (isset($_REQUEST[$SIGTEXTAREA])) {
$TEXT = $_REQUEST[$SIGTEXTAREA];
}
if (isset($_REQUEST['secret'])) {
$SECRET = checkinput($_REQUEST['secret'],"noscript");
}
if (! isset($KEYSELECTION)){
$KEYSELECTION = "no";
}
if (! isset($SIGIFRAMENUMBER)){
$SIGIFRAMENUMBER = 0;
}
if (isset($_REQUEST['signingkey'])){
$SIGNINGKEY = checkinput($_REQUEST['signingkey'],"noscript");
}
echo "
\n";
echo "
\n";
if (isset($SIGNINGKEY) && isset($TEXT) && isset($SECRET))
{
// perform clear text signing
if ((strlen($SECRET) > 0) && (strlen($SIGNINGKEY) > 0)) {
$SIGNATURE = $GPGDIR."/signature";
unix("rm ".$GPGDIR."/signature");
echo "
Signing with key: \"".htmlentities($SIGNINGKEY)."\"
\n";
}
} else {
// read a secret key from the keyring and get the message from the opening window
if (! isset($SIGNINGKEY)) {
if ($KEYSELECTION == "yes") {
echo "
Signing A Message
\n";
echo "
Please choose one of the following secret keys
\n";
$Keys = unix("/usr/bin/gpg --homedir $GPGDIR --list-secret-keys");
$List = explode ("\n", $Keys);
if (count($List) < 2 ) {
die ("
No keys available. Aborting ...
");
}
echo "
\n";
foreach ($List as $Line){
$KEYID = htmlentities(trim(substr($Line,4)));
if ( substr_count($Line, "sec ") == 1){
echo "