mod_auth_openpgp 0.1.0 released

UPDATE: Version 0.2.0 released.

Hi! mod_auth_openpgp 0.1.0, which is Apache’s counterpart for Firefox’s Enigform, is an OpenPGP verification module for incoming signed HTTP requests which, along mod_access, lets web administrators implement access authorization for valid, OpenPGP-signed requests.

Quick-Building instructions:

  1. Edit to suit your needs/desires.
  2. Run it: ./
  3. Modify your Apache’s configuration as needed (see below)


I’m using gpgme 1.1.2 and libgpg-error 1.0. It also benefits from mod_access, although the X-Auth-OpenPGP header that gets added to signed requests can be checked using PHP, CGI, etc.

Load it into Apache with:

LoadModule auth_openpgp_module modules/


Turn it on for specific virtual hosts (or server globally) using the «OpenPGPEngine on» command and with mod_access directives, for example:
<VirtualHost *:80>
ServerName localhost
ServerAdmin [email protected]
DocumentRoot «/var/www/localhost/htdocs»
Options FollowSymlinks

<ifmodule mpm_peruser_module>
ServerEnvironment apache apache

# Turn on the OpenPGP Engine for this VirtualHost
OpenPGPEngine on

# if the X-Auth-OpenPGP header has the «true» value,
# then set the valid_signature env var to be used as
# decisive factor in the Allow sentence of mod_access.
# X-Auth-OpenPGP cannot be spoofed, as it gets resetted
# if the module has been enabled for the vhost.
# In the future, valid signed requests will also
# have a header which tells mod_access the keyid, eMail address
# and fingerprint of each user [TODO for 0.2.0]

SetEnvIf X-Auth-OpenPGP ^true valid_signature
<directory «/var/www/localhost/htdocs/pba»>
Order Deny,Allow
Deny from all
Allow from env=valid_signature


And that’s it. Go grab Enigform and try it out. Of course, the ‘apache’ user needs a valid gpg configuration and keyring, or mod_auth_openpgp won’t be able to verify signed requests.

Arturo ‘Buanzo’ Busleiman
buanzo at buanzo com ar

Acerca de Buanzo

Io que se!
Esta entrada fue publicada en Sin categoría y etiquetada . Guarda el enlace permanente.

3 respuestas a mod_auth_openpgp 0.1.0 released

  1. Necdet Yücel dijo:

    Nice work, congrats…

  2. Arturo 'Buanzo' Busleiman dijo:

    Thanks! I’ve already seen your blog posts about mod_auth_openpgp, but couldn’t much understand them. Anyway, they seemed good ones 🙂

  3. Gabriel dijo:

    Yes, well done

Los comentarios están cerrados.