OpenPGPComment

About:

This plugin strips PGP/GPG headers and signatures from digitally signed comments to make them look nicely. Additionaly a link to a plain text version of the signed comment and feedback on the verification process is provided.

It is very much like Srijiths MovableType plugin OpenPGPComment. In fact some of the ideas have been taken from his plugin.

The GPG-handling within PHP is being taken from Atom Emets gpg_encrypt v1.04. Thanks a lot for that one too.

Requirements:

• WordPress
• GnuPG
• PHP >= 4.3.0 (function proc_open() required)

License:

As WordPress and GnuPG are released under GPL, so is OpenPGPComment, too.

Download:

OpenPGPComment v1.2 (detached GPG-signature - README - Changes)

Installation:

1. Copy openpgpcomment.php and cleancomments.phpto $WORDPRESS/wp-content/plugins
   You have to activate it in “Plugins”, keyring administration can be found in “Manage”.
2. CCopy signature-popup.php into your WordPress-directory.
   This file is more or less a stripped down version of wp-comments-popup.php without the bells and whistles.
3. If you only want to get rid of the signature stuff around the comment, set
   

   $do_verify = 'false';
   

   to skip the whole GnuPG-stuff. Skip the next step.

4. Create a directory to keep the GnuPG-stuff.
   Then use gpg to add your own public key.

   mkdir /path/to/gpgkeyring/dir
   gpg --export -a 0x123456 > mypubkey.asc
   gpg --homedir /path/to/gpgkeyring/dir --import mypubkey.asc
   

   You have to tweak this in gpgsignedcomment.php and openpgpcommentadmin.php to make the skript know where to find the key and where to find the GnuPG-binary.

   $gpg_binary = "/usr/local/bin/gpg";
   $gpg_home = "/path/to/gpgkeyring/dir";
   

   This directory should only be readable and writable by the user the webserver runs as. Actually that is not a good idea to have files writable by the webserver-user but in this case GnuPG needs write the trustdb.

   chown -R user:group /path/to/gpgkeyring/dir
   chmod 700 /path/to/gpgkeyring/dir
   

   The permissions can be 755, but in that case GnuPG would complain.
   The default options care for that:

   $gpg_options = "--always-trust --no-permission-warning --no-secmem-warning";
   

5. Adjust the variables at the top of openpgpcomment.php to point to your blog and translate or adjust the strings given.
6. Phil Ringnalda suggested to do a change to wp-admin/post.php. Look for the part where it says “case 'confirmdeletecomment':” and look for a line containing (probably line 528):
   

   stripslashes($commentdata["comment_content"])

   Change it to

   htmlspecialchars(stripslashes($commentdata["comment_content"]))

7. Activate the plugin.

Todo:

• whatever comes to my mind later

Known issues:

• there is code in openpgpcomment.php for searching keys by emailaddress. but as each keyID usually has several emailaddresses the user is asked interactively which one to chose. but as a TTY is needed for that and PHP doesn’t have a TTY this does not work. that is why it is commented out. (this code has been removed for now)

Feedback:

Feel free to leave comments.