securemail: update library and readme

securemail/README.md

@@ -2,10 +2,12 @@ Secure Mail
 -----------
 
 Send notification mails to user encrypted with GPG.
-Each user can enable it and submit his public key under Settings-> Addon 
+Each user can enable it and submit his public key under Settings-> Addon
 -> "Secure Mail" Settings.
 
-Use 'php-gpg' library, a pure PHP implementation of GPG/PGP, released 
+Use 'php-gpg' library, a pure PHP implementation of GPG/PGP, released
 under GPL. See [project repo](https://github.com/jasonhinkle/php-gpg).
 
-This plugin need Friendica version > 3.3.2 to work.
+This plugin could have some problems with keys larger than 2048 ([see issue](https://github.com/jasonhinkle/php-gpg/issues/7))
+
+Need Friendica version > 3.3.2 to work.

securemail/php-gpg/.gitignore

@@ -1,3 +0,0 @@
-/.buildpath
-/.settings
-.DS_Store

securemail/php-gpg/libs/GPG.php

@@ -35,8 +35,6 @@ class GPG
 	private function gpg_encrypt($key, $text) {
 
 		$i = 0;
-		$i = 0;
-		$len = strlen($text);
 		$len = strlen($text);
 		$iblock = array_fill(0, $this->width, 0);
 		$rblock = array_fill(0, $this->width, 0);
@@ -82,14 +80,32 @@ class GPG
 
 	private function gpg_header($tag, $len)
 	{
-		if ($len > 0xff) $tag += 1;
-		$h = chr($tag);
-		if ($len > 0xff) $h .= chr($len / 0x100);
-		$h .= chr($len % 0x100);
-
+		$h = "";
+		if ($len < 0x100) {
+		  $h .= chr($tag);
+		  $h .= chr($len);
+		} else if ($len < 0x10000) {
+		  $tag+=1;
+		  $h .= chr($tag);
+		  $h .= $this->writeNumber($len, 2);
+		} else {
+		  $tag+=2;
+		  $h .= chr($tag);
+		  $h .= $this->writeNumber($len, 4);
+		}
 		return $h;
 	}
 
+	private function writeNumber($n, $bytes)
+	{
+		// credits for this function go to OpenPGP.js
+		$b = '';
+		for ($i = 0; $i < $bytes; $i++) {
+		  $b .= chr(($n >> (8 * ($bytes - $i - 1))) & 0xff);
+		}
+		return $b;
+	}
+
 	private function gpg_session($key_id, $key_type, $session_key, $public_key)
 	{ 
 
@@ -174,7 +190,7 @@ class GPG
 			$this->gpg_data($session_key, $plaintext);
 
 		$code = base64_encode($cp);
-		$code = wordwrap($code, 60, "\n", 1);
+		$code = wordwrap($code, 64, "\n", 1);
 
 		return
 			"-----BEGIN PGP MESSAGE-----\nVersion: VerySimple PHP-GPG v".$this->version."\n\n" .
@@ -183,4 +199,4 @@ class GPG
 	}
 }
 
-?>
+?>

securemail/php-gpg/libs/GPG/Public_Key.php

@@ -89,7 +89,7 @@ class GPG_Public_Key {
 				$len = ord($sa[$i++]);
 				if ($len > 191 && $len < 224) $len = (($len - 192) << 8) + ord($sa[$i++]);
 				else if ($len == 255) $len = (ord($sa[$i++]) << 24) + (ord($sa[$i++]) << 16) + (ord($sa[$i++]) << 8) + ord($sa[$i++]);
-					else if ($len > 223 && len < 255) $len = (1 << ($len & 0x1f));
+					else if ($len > 223 && $len < 255) $len = (1 << ($len & 0x1f));
 			} else {
 				$len = $tag & 3;
 				$tag = ($tag >> 2) & 15;
@@ -137,10 +137,11 @@ class GPG_Public_Key {
 						
 						// echo "POSITION: $delimPos\n";
 						
-						$pkt = chr(0x99) . chr($delimPos >> 8) . chr($delimPos & 255) . substr($s, $headerPos, $delimPos);
+						// this does not work, tried it with RSA 1024 and RSA 4096 keys generated by GnuPG v2 (2.0.29) on Windows running Apache and PHP 5.6.3
+						// $pkt = chr(0x99) . chr($delimPos >> 8) . chr($delimPos & 255) . substr($s, $headerPos, $delimPos);
 						
 						// this is the original signing string which seems to have only worked for key lengths of 1024 or less
-						//$pkt = chr(0x99) . chr($len >> 8) . chr($len & 255) . substr($s, $k, $len);
+						$pkt = chr(0x99) . chr($len >> 8) . chr($len & 255) . substr($s, $k, $len); // use this for now
 						
 						$fp = sha1($pkt);
 						$this->fp = $fp;
@@ -214,4 +215,4 @@ class GPG_Public_Key {
 	}
 }
 
-?>
+?>