I have a issue when calling gnupg_get_keys without specifying $key_id. Two single quotes get added to the end of the gpg command line where the $key_id would have been if specified. This results in the following gpg error:

gpg: error reading key: Invalid user ID

The issue is in gnupg_exec, in the bit of code that parses the $options array:

  foreach ($options as $k => $vs) {
    foreach (is_array($vs) ? $vs : array($vs) as $v) {
      if ($v !== FALSE) {
        $command .= !is_numeric($k) ?
          ' --'. $k . ($v === TRUE ? '' : ' ' . escapeshellarg((string)$v)) :
          ' ' . escapeshellarg((string)$v);
      }
    }
  }

The escapeshellarg function is returning a string of two single quotes (''), not an empty string. The two single quotes get added to the end of the gpg command line.

Replacing the above bit of code with the following bit fixes this issue for me:

  foreach ($options as $k => $vs) {
    foreach (is_array($vs) ? $vs : array($vs) as $v) {
      if ($v !== FALSE) {
        $command .= !is_numeric($k) ?
          ' --'. $k . ($v === TRUE ? '' : ' ' . escapeshellarg((string)$v)) :
          ' ' . (!empty($v) ? escapeshellarg((string)$v) : '');
      }
    }
  }

However, if there are any instances where the $options key is numeric and the value is an empty string and the command line really should have two single quotes appended, this change could break that. I haven't tested all the other functions that call gnupg_exec. FYI, I'm using PHP 5.2.6. This sounds like it may be related to the issue pokey was experiencing: http://drupal.org/node/366982.

Comments

Arto’s picture

Arto commented
Title: gnupg_get_keys fails if key is not specified » GnuPG::get_keys() fails if key is not specified
Project: GnuPG » OpenPGP
Component: Code » GnuPG compatibility
Assigned: Unassigned » Arto
Issue tags: +GnuPG, +OpenPGP, +get_keys

I'm moving this bug report over to the OpenPGP module which obsoletes the GnuPG module.

I need to double-check whether this issue is still a problem for the OpenPGP module. The GnuPG code (in openpgp/openpgp_gpg/openpgp_gpg.inc - quite the mouthful) was mostly a straight port of the previous code in gnupg.module, so this bug may well still be present.

By the way, Adam, given your expertise demonstrated on the GnuPG project, I'd like to give you CVS access to (and co-maintainership of) the OpenPGP project, if you are interested? This way you could directly fix any problems like this one that you happen to stumble across when developing your Ubercart payment gateway module. Let me know...

adamo’s picture

adamo commented

I recently migrated to the new module and this doesn't seem to be an issue anymore. I can call get_keys() with no arguments and get a list of all the keys.

I'm more than happy to help out, but I'm not ready for CVS access yet. I have a CVS account for one of my own modules but I haven't got around to publishing it yet. After I do that, and get familiar with how it all works, then I'll be happy to co-maintain this with you. For now I'll just submit bug reports and patches if I find anything.

Arto’s picture

Arto commented
Status: Active » Fixed

Sounds good, Adam; the offer stands, so just let me know when/if you want CVS access to the project.

Arto’s picture

Arto commented
Title: GnuPG::get_keys() fails if key is not specified » OpenPGP_GPG::get_keys() fails if key is not specified

The GnuPG class has now been renamed to OpenPGP_GPG per issue #586696: Compatibility with GnuPG PECL extension.

Status: Fixed » Closed (fixed)
Issue tags: -GnuPG, -OpenPGP, -get_keys

Automatically closed -- issue fixed for 2 weeks with no activity.

Issue tags: +GnuPG, +OpenPGP, +get_keys

Restoring issue tags, see #2125755: System messages removed all issue tags during D7 upgrade.