mod_auth_openpgp 0.2.1

mod_auth_openpgp is an Apache module that implements access authorization to servers, vhosts, etc.
mod_auth_openpgp is an Apache module that implements access authorization to servers, vhosts, or directories when incoming requests' HTTP OpenPGP signatures are valid and known by the local keyring

Quick-Building instructions:

Edit to suit your needs/desires.
Run it: ./
Modify your Apache's configuration as needed (see below)


· I'm using gpgme 1.1.2 and libgpg-error 1.0. It also benefits from mod_access, although the X-Auth-OpenPGP header that gets added to signed requests can be checked using PHP, CGI, etc.


Turn it on for specific virtual hosts (or server globally) using the "OpenPGPEngine on" command and with mod_access directives, for example:

< VirtualHost *:80 >
ServerName localhost
ServerAdmin root@localhost
DocumentRoot "/var/www/localhost/htdocs"
Options FollowSymlinks

< ifmodule mpm_peruser_module >
ServerEnvironment apache apache
< /ifmodule >

# Turn on the OpenPGP Engine for this VirtualHost
OpenPGPEngine on

# if the X-Auth-OpenPGP header has the "true" value,
# then set the valid_signature env var to be used as
# decisive factor in the Allow sentence of mod_access.
# X-Auth-OpenPGP cannot be spoofed, as it gets resetted
# if the module has been enabled for the vhost.
# In the future, valid signed requests will also
# have a header which tells mod_access the keyid, eMail address
# and fingerprint of each user [TODO for 0.2.0]

SetEnvIf X-Auth-OpenPGP ^true valid_signature

Order Deny,Allow
Deny from all
Allow from env=valid_signature
< /directory >

< /virtualhost >

And that's it. Go grab Enigform and try it out. Of course, the 'apache' user needs a valid gpg configuration and keyring, or mod_auth_openpgp won't be able to verify signed requests.

What's New in This Release:

· A new OpenPGP Discovery method that HTTP+OpenPGP aware clients (like Firefox+Enigform) can use to test if a host supports/announces mod_auth_openpgp was added.

last updated on:
June 19th, 2007, 20:35 GMT
license type:
The Apache License 2.0 
developed by:
Arturo Busleiman
ROOT \ Internet \ HTTP (WWW)
Download Button

In a hurry? Add it to your Download Basket!

user rating



Rate it!

Add your review!