| Russ Allbery > Software > PGP::Sign |
Here's a list of things that have occurred to me that I'd like to see added to PGP::Sign at some point, in no particular order. The amount of development time I have for PGP::Sign is extremely limited, and therefore most of these are unlikely to ever be done without help. Pull requests or mailed patches are welcome.
PGP::Sign currently hard-codes --textmode processing. This should be configurable via the object constructor to allow use with binary data.
All of the information about a signature should be available, not just the user ID and whether or not it verified. The most important additional information to provide is the full key ID (fingerprint). This probably implies there should be a separate method call alongside verify() that returns a rich object.
Information about why a signature verification failed isn't provided to the caller, and the additional parsable error tokens returned by GnuPG aren't taken advantage of. The caller should be able to get information about exactly why a signature verification failed (no public key found, bad signature, malformed data, etc.).
PGP::Sign throws text exceptions on errors, which doesn't allow the caller to cleanly separate the type of failure, the exit status of GnuPG, and GnuPG's standard output and standard error. It should instead throw a rich object that supports accessor methods for those details.
| Russ Allbery > Software > PGP::Sign |