benburkert-gpgme 0.1.0

data/lib/gpgme/compat.rb

@@ -0,0 +1,48 @@
+require 'gpgme'
+
+# TODO: Find why is this needed. I guess the name compat means it's just
+# backwards compatibility. Consider removing?
+module GPGME
+  GpgmeError = Error
+  GpgmeData = Data
+  GpgmeEngineInfo = EngineInfo
+  GpgmeCtx = Ctx
+  GpgmeKey = Key
+  GpgmeSubKey = SubKey
+  GpgmeUserID = UserID
+  GpgmeKeySig = KeySig
+  GpgmeVerifyResult = VerifyResult
+  GpgmeSignature = Signature
+  GpgmeDecryptResult = DecryptResult
+  GpgmeSignResult = SignResult
+  GpgmeEncryptResult = EncryptResult
+  GpgmeInvalidKey = InvalidKey
+  GpgmeNewSignature = NewSignature
+  GpgmeImportStatus = ImportStatus
+  GpgmeImportResult = ImportResult
+
+  class Ctx
+    # Set the data pointer to the beginning.
+    def rewind
+      seek(0)
+    end
+  end
+
+  def gpgme_data_rewind(dh)
+    begin
+      GPGME::gpgme_data_seek(dh, 0, IO::SEEK_SET)
+    rescue SystemCallError => e
+      return e.errno
+    end
+  end
+  module_function :gpgme_data_rewind
+
+  def gpgme_op_import_ext(ctx, keydata, nr)
+    err = GPGME::gpgme_op_import(ctx, keydata)
+    if GPGME::gpgme_err_code(err) == GPGME::GPG_ERR_NO_ERROR
+      result = GPGME::gpgme_op_import_result(ctx)
+      nr.push(result.considered)
+    end
+  end
+  module_function :gpgme_op_import_ext
+end

data/lib/gpgme/constants.rb

@@ -0,0 +1,187 @@
+module GPGME
+
+  ATTR_ALGO = GPGME_ATTR_ALGO
+  ATTR_CAN_CERTIFY = GPGME_ATTR_CAN_CERTIFY
+  ATTR_CAN_ENCRYPT = GPGME_ATTR_CAN_ENCRYPT
+  ATTR_CAN_SIGN = GPGME_ATTR_CAN_SIGN
+  ATTR_CHAINID = GPGME_ATTR_CHAINID
+  ATTR_COMMENT = GPGME_ATTR_COMMENT
+  ATTR_CREATED = GPGME_ATTR_CREATED
+  ATTR_EMAIL = GPGME_ATTR_EMAIL
+  ATTR_ERRTOK = GPGME_ATTR_ERRTOK
+  ATTR_EXPIRE = GPGME_ATTR_EXPIRE
+  ATTR_FPR = GPGME_ATTR_FPR
+  ATTR_ISSUER = GPGME_ATTR_ISSUER
+  ATTR_IS_SECRET = GPGME_ATTR_IS_SECRET
+  ATTR_KEYID = GPGME_ATTR_KEYID
+  ATTR_KEY_CAPS = GPGME_ATTR_KEY_CAPS
+  ATTR_KEY_DISABLED = GPGME_ATTR_KEY_DISABLED
+  ATTR_KEY_EXPIRED = GPGME_ATTR_KEY_EXPIRED
+  ATTR_KEY_INVALID = GPGME_ATTR_KEY_INVALID
+  ATTR_KEY_REVOKED = GPGME_ATTR_KEY_REVOKED
+  ATTR_LEN = GPGME_ATTR_LEN
+  ATTR_LEVEL = GPGME_ATTR_LEVEL
+  ATTR_NAME = GPGME_ATTR_NAME
+  ATTR_OTRUST = GPGME_ATTR_OTRUST
+  ATTR_SERIAL = GPGME_ATTR_SERIAL
+  ATTR_SIG_STATUS = GPGME_ATTR_SIG_STATUS
+  ATTR_SIG_SUMMARY = GPGME_ATTR_SIG_SUMMARY
+  ATTR_TYPE = GPGME_ATTR_TYPE
+  ATTR_UID_INVALID = GPGME_ATTR_UID_INVALID
+  ATTR_UID_REVOKED = GPGME_ATTR_UID_REVOKED
+  ATTR_USERID = GPGME_ATTR_USERID
+  ATTR_VALIDITY = GPGME_ATTR_VALIDITY
+  DATA_ENCODING_ARMOR = GPGME_DATA_ENCODING_ARMOR
+  DATA_ENCODING_BASE64 = GPGME_DATA_ENCODING_BASE64
+  DATA_ENCODING_BINARY = GPGME_DATA_ENCODING_BINARY
+  DATA_ENCODING_NONE = GPGME_DATA_ENCODING_NONE
+  ENCRYPT_ALWAYS_TRUST = GPGME_ENCRYPT_ALWAYS_TRUST
+  IMPORT_NEW = GPGME_IMPORT_NEW
+  IMPORT_SECRET = GPGME_IMPORT_SECRET
+  IMPORT_SIG = GPGME_IMPORT_SIG
+  IMPORT_SUBKEY = GPGME_IMPORT_SUBKEY
+  IMPORT_UID = GPGME_IMPORT_UID
+  KEYLIST_MODE_EXTERN = GPGME_KEYLIST_MODE_EXTERN
+  KEYLIST_MODE_LOCAL = GPGME_KEYLIST_MODE_LOCAL
+  KEYLIST_MODE_SIGS = GPGME_KEYLIST_MODE_SIGS
+  KEYLIST_MODE_VALIDATE = GPGME_KEYLIST_MODE_VALIDATE
+  MD_CRC24_RFC2440 = GPGME_MD_CRC24_RFC2440
+  MD_CRC32 = GPGME_MD_CRC32
+  MD_CRC32_RFC1510 = GPGME_MD_CRC32_RFC1510
+  MD_HAVAL = GPGME_MD_HAVAL
+  MD_MD2 = GPGME_MD_MD2
+  MD_MD4 = GPGME_MD_MD4
+  MD_MD5 = GPGME_MD_MD5
+  MD_RMD160 = GPGME_MD_RMD160
+  MD_SHA1 = GPGME_MD_SHA1
+  MD_SHA256 = GPGME_MD_SHA256
+  MD_SHA384 = GPGME_MD_SHA384
+  MD_SHA512 = GPGME_MD_SHA512
+  MD_TIGER = GPGME_MD_TIGER
+  PK_DSA = GPGME_PK_DSA
+  PK_ELG = GPGME_PK_ELG
+  PK_ELG_E = GPGME_PK_ELG_E
+  PK_RSA = GPGME_PK_RSA
+  PROTOCOL_CMS = GPGME_PROTOCOL_CMS
+  PROTOCOL_OpenPGP = GPGME_PROTOCOL_OpenPGP
+  SIGSUM_BAD_POLICY = GPGME_SIGSUM_BAD_POLICY
+  SIGSUM_CRL_MISSING = GPGME_SIGSUM_CRL_MISSING
+  SIGSUM_CRL_TOO_OLD = GPGME_SIGSUM_CRL_TOO_OLD
+  SIGSUM_GREEN = GPGME_SIGSUM_GREEN
+  SIGSUM_KEY_EXPIRED = GPGME_SIGSUM_KEY_EXPIRED
+  SIGSUM_KEY_MISSING = GPGME_SIGSUM_KEY_MISSING
+  SIGSUM_KEY_REVOKED = GPGME_SIGSUM_KEY_REVOKED
+  SIGSUM_RED = GPGME_SIGSUM_RED
+  SIGSUM_SIG_EXPIRED = GPGME_SIGSUM_SIG_EXPIRED
+  SIGSUM_SYS_ERROR = GPGME_SIGSUM_SYS_ERROR
+  SIGSUM_VALID = GPGME_SIGSUM_VALID
+  SIG_MODE_CLEAR = GPGME_SIG_MODE_CLEAR
+  SIG_MODE_DETACH = GPGME_SIG_MODE_DETACH
+  SIG_MODE_NORMAL = GPGME_SIG_MODE_NORMAL
+  SIG_STAT_BAD = GPGME_SIG_STAT_BAD
+  SIG_STAT_DIFF = GPGME_SIG_STAT_DIFF
+  SIG_STAT_ERROR = GPGME_SIG_STAT_ERROR
+  SIG_STAT_GOOD = GPGME_SIG_STAT_GOOD
+  SIG_STAT_GOOD_EXP = GPGME_SIG_STAT_GOOD_EXP
+  SIG_STAT_GOOD_EXPKEY = GPGME_SIG_STAT_GOOD_EXPKEY
+  SIG_STAT_NOKEY = GPGME_SIG_STAT_NOKEY
+  SIG_STAT_NONE = GPGME_SIG_STAT_NONE
+  SIG_STAT_NOSIG = GPGME_SIG_STAT_NOSIG
+  STATUS_ABORT = GPGME_STATUS_ABORT
+  STATUS_ALREADY_SIGNED = GPGME_STATUS_ALREADY_SIGNED
+  STATUS_BADARMOR = GPGME_STATUS_BADARMOR
+  STATUS_BADMDC = GPGME_STATUS_BADMDC
+  STATUS_BADSIG = GPGME_STATUS_BADSIG
+  STATUS_BAD_PASSPHRASE = GPGME_STATUS_BAD_PASSPHRASE
+  STATUS_BEGIN_DECRYPTION = GPGME_STATUS_BEGIN_DECRYPTION
+  STATUS_BEGIN_ENCRYPTION = GPGME_STATUS_BEGIN_ENCRYPTION
+  STATUS_BEGIN_STREAM = GPGME_STATUS_BEGIN_STREAM
+  STATUS_DECRYPTION_FAILED = GPGME_STATUS_DECRYPTION_FAILED
+  STATUS_DECRYPTION_OKAY = GPGME_STATUS_DECRYPTION_OKAY
+  STATUS_DELETE_PROBLEM = GPGME_STATUS_DELETE_PROBLEM
+  STATUS_ENC_TO = GPGME_STATUS_ENC_TO
+  STATUS_END_DECRYPTION = GPGME_STATUS_END_DECRYPTION
+  STATUS_END_ENCRYPTION = GPGME_STATUS_END_ENCRYPTION
+  STATUS_END_STREAM = GPGME_STATUS_END_STREAM
+  STATUS_ENTER = GPGME_STATUS_ENTER
+  STATUS_EOF = GPGME_STATUS_EOF
+  STATUS_ERRMDC = GPGME_STATUS_ERRMDC
+  STATUS_ERROR = GPGME_STATUS_ERROR
+  STATUS_ERRSIG = GPGME_STATUS_ERRSIG
+  STATUS_EXPKEYSIG = GPGME_STATUS_EXPKEYSIG
+  STATUS_EXPSIG = GPGME_STATUS_EXPSIG
+  STATUS_FILE_DONE = GPGME_STATUS_FILE_DONE
+  STATUS_FILE_ERROR = GPGME_STATUS_FILE_ERROR
+  STATUS_FILE_START = GPGME_STATUS_FILE_START
+  STATUS_GET_BOOL = GPGME_STATUS_GET_BOOL
+  STATUS_GET_HIDDEN = GPGME_STATUS_GET_HIDDEN
+  STATUS_GET_LINE = GPGME_STATUS_GET_LINE
+  STATUS_GOODMDC = GPGME_STATUS_GOODMDC
+  STATUS_GOODSIG = GPGME_STATUS_GOODSIG
+  STATUS_GOOD_PASSPHRASE = GPGME_STATUS_GOOD_PASSPHRASE
+  STATUS_GOT_IT = GPGME_STATUS_GOT_IT
+  STATUS_IMPORTED = GPGME_STATUS_IMPORTED
+  STATUS_IMPORT_RES = GPGME_STATUS_IMPORT_RES
+  STATUS_INV_RECP = GPGME_STATUS_INV_RECP
+  STATUS_KEYEXPIRED = GPGME_STATUS_KEYEXPIRED
+  STATUS_KEYREVOKED = GPGME_STATUS_KEYREVOKED
+  STATUS_KEY_CREATED = GPGME_STATUS_KEY_CREATED
+  STATUS_LEAVE = GPGME_STATUS_LEAVE
+  STATUS_MISSING_PASSPHRASE = GPGME_STATUS_MISSING_PASSPHRASE
+  STATUS_NEED_PASSPHRASE = GPGME_STATUS_NEED_PASSPHRASE
+  STATUS_NEED_PASSPHRASE_SYM = GPGME_STATUS_NEED_PASSPHRASE_SYM
+  STATUS_NODATA = GPGME_STATUS_NODATA
+  STATUS_NOTATION_DATA = GPGME_STATUS_NOTATION_DATA
+  STATUS_NOTATION_NAME = GPGME_STATUS_NOTATION_NAME
+  STATUS_NO_PUBKEY = GPGME_STATUS_NO_PUBKEY
+  STATUS_NO_RECP = GPGME_STATUS_NO_RECP
+  STATUS_NO_SECKEY = GPGME_STATUS_NO_SECKEY
+  STATUS_POLICY_URL = GPGME_STATUS_POLICY_URL
+  STATUS_PROGRESS = GPGME_STATUS_PROGRESS
+  STATUS_RSA_OR_IDEA = GPGME_STATUS_RSA_OR_IDEA
+  STATUS_SESSION_KEY = GPGME_STATUS_SESSION_KEY
+  STATUS_SHM_GET = GPGME_STATUS_SHM_GET
+  STATUS_SHM_GET_BOOL = GPGME_STATUS_SHM_GET_BOOL
+  STATUS_SHM_GET_HIDDEN = GPGME_STATUS_SHM_GET_HIDDEN
+  STATUS_SHM_INFO = GPGME_STATUS_SHM_INFO
+  STATUS_SIGEXPIRED = GPGME_STATUS_SIGEXPIRED
+  STATUS_SIG_CREATED = GPGME_STATUS_SIG_CREATED
+  STATUS_SIG_ID = GPGME_STATUS_SIG_ID
+  STATUS_TRUNCATED = GPGME_STATUS_TRUNCATED
+  STATUS_TRUST_FULLY = GPGME_STATUS_TRUST_FULLY
+  STATUS_TRUST_MARGINAL = GPGME_STATUS_TRUST_MARGINAL
+  STATUS_TRUST_NEVER = GPGME_STATUS_TRUST_NEVER
+  STATUS_TRUST_ULTIMATE = GPGME_STATUS_TRUST_ULTIMATE
+  STATUS_TRUST_UNDEFINED = GPGME_STATUS_TRUST_UNDEFINED
+  STATUS_UNEXPECTED = GPGME_STATUS_UNEXPECTED
+  STATUS_USERID_HINT = GPGME_STATUS_USERID_HINT
+  STATUS_VALIDSIG = GPGME_STATUS_VALIDSIG
+  VALIDITY_FULL = GPGME_VALIDITY_FULL
+  VALIDITY_MARGINAL = GPGME_VALIDITY_MARGINAL
+  VALIDITY_NEVER = GPGME_VALIDITY_NEVER
+  VALIDITY_ULTIMATE = GPGME_VALIDITY_ULTIMATE
+  VALIDITY_UNDEFINED = GPGME_VALIDITY_UNDEFINED
+  VALIDITY_UNKNOWN = GPGME_VALIDITY_UNKNOWN
+
+  PROTOCOL_NAMES = {
+    PROTOCOL_OpenPGP  => :OpenPGP,
+    PROTOCOL_CMS      => :CMS
+  }
+
+  KEYLIST_MODE_NAMES = {
+    KEYLIST_MODE_LOCAL    => :local,
+    KEYLIST_MODE_EXTERN   => :extern,
+    KEYLIST_MODE_SIGS     => :sigs,
+    KEYLIST_MODE_VALIDATE => :validate
+  }
+
+  VALIDITY_NAMES = {
+    VALIDITY_UNKNOWN    => :unknown,
+    VALIDITY_UNDEFINED  => :undefined,
+    VALIDITY_NEVER      => :never,
+    VALIDITY_MARGINAL   => :marginal,
+    VALIDITY_FULL       => :full,
+    VALIDITY_ULTIMATE   => :ultimate
+  }
+
+end

data/lib/gpgme/crypto.rb

@@ -0,0 +1,357 @@
+module GPGME
+
+  ##
+  # Different, independent methods providing the simplest possible API to
+  # execute crypto operations via GPG. All methods accept as options the same
+  # common options as {GPGME::Ctx.new}. Read the documentation for that class to
+  # know how to customize things further (like output stuff in ASCII armored
+  # format, for example).
+  #
+  # @example
+  #   crypto = GPGME::Crypto.new :armor => true
+  #   encrypted = crypto.encrypt 'Plain text'
+  #
+  class Crypto
+
+    attr_reader :default_options
+
+    def initialize(options = {})
+      @default_options = options
+    end
+
+    ##
+    # Encrypts an element
+    #
+    #  crypto.encrypt something, options
+    #
+    # Will return a {GPGME::Data} element which can then be read.
+    #
+    # Must have some key imported, look for {GPGME::Key.import} to know how
+    # to import one, or the gpg documentation to know how to create one
+    #
+    # @param plain
+    #  Must be something that can be converted into a {GPGME::Data} object, or
+    #  a {GPGME::Data} object itself.
+    #
+    # @param [Hash] options
+    #  The optional parameters are as follows:
+    #   * +:recipients+ for which recipient do you want to encrypt this file. It
+    #     will pick the first one available if none specified. Can be an array of
+    #     identifiers or just one (a string).
+    #   * +:symmetric+ if set to true, will ignore +:recipients+, and will perform
+    #     a symmetric encryption. Must provide a password via the +:password+
+    #     option.
+    #   * +:always_trust+ if set to true specifies all the recipients to be
+    #     trusted, thus not requiring confirmation.
+    #   * +:sign+ if set to true, performs a combined sign and encrypt operation.
+    #   * +:signers+ if +:sign+ specified to true, a list of additional possible
+    #     signers. Must be an array of sign identifiers.
+    #   * +:output+ if specified, it will write the output into it. It will be
+    #     converted to a {GPGME::Data} object, so it could be a file for example.
+    #   * Any other option accepted by {GPGME::Ctx.new}
+    #
+    # @return [GPGME::Data] a {GPGME::Data} object that can be read.
+    #
+    # @example returns a {GPGME::Data} that can be later encrypted
+    #  encrypted = crypto.encrypt "Hello world!"
+    #  encrypted.read # => Encrypted stuff
+    #
+    # @example to be decrypted by someone@example.com.
+    #  crypto.encrypt "Hello", :recipients => "someone@example.com"
+    #
+    # @example If I didn't trust any of my keys by default
+    #  crypto.encrypt "Hello" # => GPGME::Error::General
+    #  crypto.encrypt "Hello", :always_trust => true # => Will work fine
+    #
+    # @example encrypted string that can be decrypted and/or *verified*
+    #  crypto.encrypt "Hello", :sign => true
+    #
+    # @example multiple signers
+    #  crypto.encrypt "Hello", :sign => true, :signers => "extra@example.com"
+    #
+    # @example writing to a file instead
+    #  file = File.open("signed.sec","w+")
+    #  crypto.encrypt "Hello", :output => file # output written to signed.sec
+    #
+    # @raise [GPGME::Error::General] when trying to encrypt with a key that is
+    #   not trusted, and +:always_trust+ wasn't specified
+    #
+    def encrypt(plain, options = {})
+      options = @default_options.merge options
+
+      plain_data  = Data.new(plain)
+      cipher_data = Data.new(options[:output])
+      keys        = Key.find(:public, options[:recipients])
+      keys        = nil if options[:symmetric]
+
+      flags = 0
+      flags |= GPGME::ENCRYPT_ALWAYS_TRUST if options[:always_trust]
+
+      GPGME::Ctx.new(options) do |ctx|
+        begin
+          if options[:sign]
+            if options[:signers]
+              signers = Key.find(:public, options[:signers], :sign)
+              ctx.add_signer(*signers)
+            end
+            ctx.encrypt_sign(keys, plain_data, cipher_data, flags)
+          else
+            ctx.encrypt(keys, plain_data, cipher_data, flags)
+          end
+        rescue GPGME::Error::UnusablePublicKey => exc
+          exc.keys = ctx.encrypt_result.invalid_recipients
+          raise exc
+        rescue GPGME::Error::UnusableSecretKey => exc
+          exc.keys = ctx.sign_result.invalid_signers
+          raise exc
+        end
+      end
+
+      cipher_data.seek(0)
+      cipher_data
+    end
+
+    ##
+    # Decrypts a previously encrypted element
+    #
+    #   crypto.decrypt cipher, options, &block
+    #
+    # Must have the appropiate key to be able to decrypt, of course. Returns
+    # a {GPGME::Data} object which can then be read.
+    #
+    # @param cipher
+    #   Must be something that can be converted into a {GPGME::Data} object,
+    #   or a {GPGME::Data} object itself. It is the element that will be
+    #   decrypted.
+    #
+    # @param [Hash] options
+    #   The optional parameters:
+    #   * +:output+ if specified, it will write the output into it. It will
+    #     me converted to a {GPGME::Data} object, so it can also be a file,
+    #     for example.
+    #   * If the file was encrypted with symmentric encryption, must provide
+    #     a :password option.
+    #   * Any other option accepted by {GPGME::Ctx.new}
+    #
+    # @param &block
+    #   In the block all the signatures are yielded, so one could verify them.
+    #   See examples.
+    #
+    # @return [GPGME::Data] a {GPGME::Data} that can be read.
+    #
+    # @example Simple decrypt
+    #   crypto.decrypt encrypted_data
+    #
+    # @example symmetric encryption, or passwored key
+    #   crypto.decrypt encrypted_data, :password => "gpgme"
+    #
+    # @example Output to file
+    #   file = File.open("decrypted.txt", "w+")
+    #   crypto.decrypt encrypted_data, :output => file
+    #
+    # @example Verifying signatures
+    #   crypto.decrypt encrypted_data do |signature|
+    #     raise "Signature could not be verified" unless signature.valid?
+    #   end
+    #
+    # @raise [GPGME::Error::UnsupportedAlgorithm] when the cipher was encrypted
+    #   using an algorithm that's not supported currently.
+    #
+    # @raise [GPGME::Error::WrongKeyUsage] TODO Don't know when
+    #
+    # @raise [GPGME::Error::DecryptFailed] when the cipher was encrypted
+    #   for a key that's not available currently.
+    def decrypt(cipher, options = {})
+      options = @default_options.merge options
+
+      plain_data   = Data.new(options[:output])
+      cipher_data  = Data.new(cipher)
+
+      GPGME::Ctx.new(options) do |ctx|
+        begin
+          ctx.decrypt_verify(cipher_data, plain_data)
+        rescue GPGME::Error::UnsupportedAlgorithm => exc
+          exc.algorithm = ctx.decrypt_result.unsupported_algorithm
+          raise exc
+        rescue GPGME::Error::WrongKeyUsage => exc
+          exc.key_usage = ctx.decrypt_result.wrong_key_usage
+          raise exc
+        end
+
+        verify_result = ctx.verify_result
+        if verify_result && block_given?
+          verify_result.signatures.each do |signature|
+            yield signature
+          end
+        end
+
+      end
+
+      plain_data.seek(0)
+      plain_data
+    end
+
+    ##
+    # Creates a signature of a text
+    #
+    #   crypto.sign text, options
+    #
+    # Must have the appropiate key to be able to decrypt, of course. Returns
+    # a {GPGME::Data} object which can then be read.
+    #
+    # @param text
+    #   The object that will be signed. Must be something that can be converted
+    #   to {GPGME::Data}.
+    #
+    # @param [Hash] options
+    #  Optional parameters.
+    #   * +:signer+ sign identifier to sign the text with. Will use the first
+    #    key it finds if none specified.
+    #   * +:output+ if specified, it will write the output into it. It will be
+    #     converted to a {GPGME::Data} object, so it could be a file for example.
+    #   * +:mode+ Desired type of signature. Options are:
+    #    - +GPGME::SIG_MODE_NORMAL+ for a normal signature. The default one if
+    #      not specified.
+    #    - +GPGME::SIG_MODE_DETACH+ for a detached signature
+    #    - +GPGME::SIG_MODE_CLEAR+ for a cleartext signature
+    #   * Any other option accepted by {GPGME::Ctx.new}
+    #
+    # @return [GPGME::Data] a {GPGME::Data} that can be read.
+    #
+    # @example normal sign
+    #   crypto.sign "Hi there"
+    #
+    # @example outputing to a file
+    #   file = File.open("text.sign", "w+")
+    #   crypto.sign "Hi there", :options => file
+    #
+    # @example doing a detached signature
+    #   crypto.sign "Hi there", :mode => GPGME::SIG_MODE_DETACH
+    #
+    # @example specifying the signer
+    #   crypto.sign "Hi there", :signer => "mrsimo@example.com"
+    #
+    # @raise [GPGME::Error::UnusableSecretKey] TODO don't know when
+    def sign(text, options = {})
+      options = @default_options.merge options
+
+      plain  = Data.new(text)
+      output = Data.new(options[:output])
+      mode   = options[:mode] || GPGME::SIG_MODE_NORMAL
+
+      GPGME::Ctx.new(options) do |ctx|
+        if options[:signer]
+          signers = Key.find(:secret, options[:signer], :sign)
+          ctx.add_signer(*signers)
+        end
+
+        begin
+          ctx.sign(plain, output, mode)
+        rescue GPGME::Error::UnusableSecretKey => exc
+          exc.keys = ctx.sign_result.invalid_signers
+          raise exc
+        end
+      end
+
+      output.seek(0)
+      output
+    end
+
+    # Verifies a previously signed element
+    #
+    #   crypto.verify sig, options, &block
+    #
+    # Must have the proper keys available.
+    #
+    # @param sig
+    #   The signature itself. Must be possible to convert into a {GPGME::Data}
+    #   object, so can be a file.
+    #
+    # @param [Hash] options
+    #   * +:signed_text+ if the sign is detached, then must be the plain text
+    #     for which the signature was created.
+    #   * +:output+ where to store the result of the signature. Will be
+    #     converted to a {GPGME::Data} object.
+    #   * Any other option accepted by {GPGME::Ctx.new}
+    #
+    # @param &block
+    #   In the block all the signatures are yielded, so one could verify them.
+    #   See examples.
+    #
+    # @return [GPGME::Data] unless the sign is detached, the {GPGME::Data}
+    #   object with the plain text. If the sign is detached, will return nil.
+    #
+    # @example simple verification
+    #   sign = crypto.sign("Hi there")
+    #   data = crypto.verify(sign) { |signature| signature.valid? }
+    #   data.read # => "Hi there"
+    #
+    # @example saving output to file
+    #   sign = crypto.sign("Hi there")
+    #   out  = File.open("test.asc", "w+")
+    #   crypto.verify(sign, :output => out) {|signature| signature.valid?}
+    #   out.read # => "Hi there"
+    #
+    # @example verifying a detached signature
+    #   sign = crypto.detach_sign("Hi there")
+    #   # Will fail
+    #   crypto.verify(sign) { |signature| signature.valid? }
+    #   # Will succeed
+    #   crypto.verify(sign, :signed_text => "hi there") do |signature|
+    #     signature.valid?
+    #   end
+    #
+    def verify(sig, options = {})
+      options = @default_options.merge options
+
+      sig         = Data.new(sig)
+      signed_text = Data.new(options[:signed_text])
+      output      = Data.new(options[:output]) unless options[:signed_text]
+
+      GPGME::Ctx.new(options) do |ctx|
+        ctx.verify(sig, signed_text, output)
+        ctx.verify_result.signatures.each do |signature|
+          yield signature
+        end
+      end
+
+      if output
+        output.seek(0)
+        output
+      end
+    end
+
+    # Clearsigns an element
+    #
+    #   crypto.clearsign text, options
+    #
+    # Same functionality of {.sign} only doing clearsigns by default.
+    #
+    def clearsign(text, options = {})
+      sign text, options.merge(:mode => GPGME::SIG_MODE_CLEAR)
+    end
+
+    # Creates a detached signature of an element
+    #
+    #   crypto.detach_sign text, options
+    #
+    # Same functionality of {.sign} only doing detached signs by default.
+    #
+    def detach_sign(text, options = {})
+      sign text, options.merge(:mode => GPGME::SIG_MODE_DETACH)
+    end
+
+    ##
+    # Allows calling of methods directly in the module without the need to
+    # create a new instance.
+    def self.method_missing(method, *args, &block)
+      if GPGME::Crypto.instance_methods(false).include?(method)
+        crypto = GPGME::Crypto.new
+        crypto.send method, *args, &block
+      else
+        super
+      end
+    end
+
+  end # module Crypto
+end # module GPGME