summaryrefslogtreecommitdiffstats
path: root/mutt-gpg-time-check
diff options
context:
space:
mode:
Diffstat (limited to 'mutt-gpg-time-check')
-rwxr-xr-xmutt-gpg-time-check52
1 files changed, 52 insertions, 0 deletions
diff --git a/mutt-gpg-time-check b/mutt-gpg-time-check
new file mode 100755
index 0000000..4203ef2
--- /dev/null
+++ b/mutt-gpg-time-check
@@ -0,0 +1,52 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use Date::Parse;
+
+my $gpg_verification_line_distance = 0;
+
+while (<STDIN>) {
+ my $in_header = 1 .. /^$/;
+ my $in_body = /^$/ .. eof;
+
+ if ($in_header) {
+ print $_;
+ } else {
+ print;
+ $gpg_verification_line_distance++;
+ if (m/PGP output follows \(current time: (?<time>[^(]+)\)/) {
+ my $timestamp = str2time($+{time});
+ if (abs(time() - $timestamp) > 2) {
+ print "WARNING: GPG signature verification time is different from current time\n";
+ print "WARNING: The signature may be a fake!\n";
+ } else {
+ $gpg_verification_line_distance = 0;
+ }
+ }
+
+ if (m/^gpg: Signature made .*/) {
+ if ($gpg_verification_line_distance != 1) {
+ print "WARNING: GPG signature without valid verification timestamp!\n";
+ print "WARNING: The signature may be a fake!\n";
+ }
+ }
+
+ if (m/^gpg:\s+issuer ".*"$/) {
+ if ($gpg_verification_line_distance == 3) {
+ $gpg_verification_line_distance--;
+ }
+ }
+
+ if (m/^gpg: Good signature from .*/) {
+ if ($gpg_verification_line_distance != 3) {
+ print "WARNING: GPG signature without valid verification timestamp!\n";
+ print "WARNING: The signature may be a fake!\n";
+ }
+ }
+
+ }
+}
+
+# vim:set ft=perl: