That tutorial is actually where I started, and I've emailed Julie herself about it and asked her about it.

What I am trying to do is conventional encryption of a file. I just wanted to know if that was possible.

I am trying to do something similar to what she does in her tutorial, which is encrypt some files. It's just that I don't have extremely computer savvy users and they probably won't be able to handle public and private keyrings, and decrypting their messages.

If you guys have any other suggestions I'm open to them.

¿Is there any way of making a php/pgp script to extract
public key from a database instead of a keyring file?

The idea is not to use at all any file, just database and
redirecting I/O of pgp from/to the php script to compose,
crypt and send mail

thanks in advance

Just a quick answer now, and I'll return to this later since I'm working on the same problem.

If I understand you correctly, I think you want to avoid writing unencrypted data to the disk (I'm working on this problem this week). Julie Meloni's tutorial DOES write unencrypted data. I'm thinking that the 'popen' command will be one way to go.

As for having pgp get keys from a database, I don't think that is possible. However, we may be able to use 'exec' to create/add a new key to our keyring. That's another issue I'm thinking about.

More later.

Rob

My problem is not only writting unencrypted files to disk:
My web server runs as user "nobody" and anyone
with an account in the machine has access to every file user "nobody" does by mean of writting a simple php script. So cannot store any kind of key as user nobody

I use a little trick to bypass this problem when accessing to a database: Just use a directory-dependent environment variables DBUSER y DBPASSWD in my httpd.conf (owned by root, mode 400 ) file. Thus I can solve my problem by storeing the keyring in the database. So I'm looking for a db-oriented patch for management of the keyrings on PGP/GnuPG

I'm getting the "insufficient random bits" error when attempting to use pgp on NT Webserver. I can list the keyring no problem. I found a mention on the Network Associates page on the PGP sdk that pgp is looking to use human interaction on the machine (via keyboard and mouse) to generate random bits, and the webserver doesn't get much of that. There doesn't appear to be a parameter to override this (good in a way because the randomness ensures good security).

Did you manage to get going in your situation ?

Hi,

I am trying to use PGP with PHP in order to encrypt data via web, and actually it works, but it is extremely slow, it needs almost a minute to encrypt a message.

Any idea why it is so slow ??

What I do is:

============================================================
$msg="Text to encrypt";
$pp = popen("/opt/PGP/pgp -eaf $userID -o myfile.output", w);
fputs($pp, $msg,strlen($msg));
pclose($pp);

$fp = fopen("myfile.output", r);
while (!feof ($fp)) {
$msg_crypted .= fgets($fp, 512);
}

fclose($fp);

thanks

I want to do almost the same except that I want to write the encrypted message to a file and also email the message.
Where you able to speed up the encryption process ?

Thanx

Hello there,

I am facing the same problem as Sam. I get an error message that says that the server can't find my public key. Does this means that i have to export my public key which i have created into my server?? Please help. Thanks.

Maegan.

Hi Meagan,

If I understand you question correctly, you have created your keys on your local machine. Then, yes, you have to export these keys from your local keyring and ftp them to your server. The folder to save them in on your server is the folder specified by the line
putenv("PGPPATH=/homedir/of/PHP/user/.pgp");
in your PHP script (this line is copied from Julie Meloni's article at http://hotwired.lycos.com/webmonkey/00/20/index3a_page5.html?tw=programming).

Hope that helps. Getting pgp and php working can be nasty at times, eh?

Rob

Hi Rob,

Perhaps you can help me out a little.
I have followed Julie Meloni's example for enrcypting/emailing some data but haven't been able to get the encryption process to fire. I do receive an the email but it is empty. Can you see any obvious errors in my code ?
I checked the directory for file $clear, it exists and contains the data/variables to be encrypted.
I checked the directory for file $crypted, it exists but the file is empty.

Here is my test file running on Linux:
<?
$sender_name="Peter Sender";
$sender_email="vist@emi.net";
$secret_msg=" Secret message PGP test";

$time = time();
$msg = "Sender's Full Name:\t
$sender_name\n";
$msg .= "Sender's E-Mail:\t$sender_email\n";
$msg .= "Secret Message\t$secret_msg\n\n";

putenv("PGPPATH=/home/mydomain/.pgp/pubring.pgp");

$clear = "/home/mydomain/www/ecom/tmp/";
$clear .= "$time";

$crypted = "/home/mydomain/www/ecom/temp/";
$crypted .= "$time";

$fp = fopen("$clear", "w+");
fwrite($fp, "$msg");
fclose($fp);
//unlink("$clear");

/ This system() call gives me an error: Warning: fopen("/home/mydomain/www/ecom/temp/997460177","r") - No such file or directory
/
system("/usr/local/bin/pgpe -r 'MyKey <vista@emi.net>' -o $crypted -a $clear");

/ This one gives error:
Recipients' public key(s) will be used to encrypt. Preparing random session key...
Warning: fopen("/home/mydomain/www/ecom/temp/997464194","r") /
system("/usr/local/bin/pgp -e -a $clear 'MyKey' -o $crypted");

/ This does not give any error messages but the email is empty (no encrypted message) /
system("/usr/local/bin/pgp -feat $clear MyKey >$crypted");

$fd = fopen($crypted, "r");
$mail_cont = fread($fd, filesize($crypted));
fclose($fd);
//unlink("$crypted");

$recipient = "vista@emi.net";
$subject = "Secret Message";
$mailheaders = "From: My Web Site <\"\">\n";
$mailheaders .= "Reply-To: $sender_email\n\n";

mail("$recipient", "$subject", $mail_cont, $mailheaders);

echo "<H1 align=center>Thank You, $sender_name</h1>";
echo "<p align=center>Your secret message has been sent.</p>";

?>

Hi there,

sorry to bother you again. Is the command to extract the key from my machine to the server : pgp -kx <userID><keyfile><URL>??

i'm serving on apache, does this mean that i have to key in
http://localhost as my <URL>
and
/root/.pgp as my <keyfile>??

i have specified the folder as
putenv("PGPPATH=/root/.pgp");
and still i get an error that says cannot open key ring file. do i have to use the pgp -ka command as well?? i am so confused. thanks in advance.

Maegan.

I'm not sure this comment will help much.

Are you certain that your keyring is stored in /root/.pgp? Telnet or ftp to the folder will tell give you the path. (this question is not meant to sound condescending).

I don't think you have to specify the URL.

As for the key, perhaps you are identifying it incorrectly. That was a problem I had when I started. The key can be identified by an 8 or 10 character KeyID or by something of the form name <e-mail address> (I forget the specific format of these).

You shouldn't have to use a -k option. If you're finding the keyring properly, the code from Julie Meloni should work.

However, you might find it helpful to telnet to your host (if possible) and try accessing pgp using the commend line. The online manuals, if they're installed, should be helpful (type 'man pgp' or 'man pgpe' and there are a couple of others that I don't remember at the moment).

(I assume you are still trying to get your first message encrypted as opposed to now trying something more fancy like using php to manipulate the key itself).

Rob

Hi Rob,

I made those changes you suggested including
echo $mail_cont .

I've telneted in and checked to make sure my key name is correct.

The files are being created alright but $crypted is always empty !

I even tried the keyID instead of the key name but it made no difference.

Could it have anything to do with a signed/unsigned key ?

Thanx,
Peter

Hi Peter,

I posted some code a while back at
http://www.phpbuilder.com/forum/read.php3?num=2&id=115223&loc=0&thread=115223
Perhaps that might shed some light on things in that it is a little more simplified than Julie's code since the files are hard coded. On the other hand, it is a little more complicated since I present three ways to go the encryption.

I just checked on my server, and I can manually execute the command from option 3 in the code at the above URL.

You'll have to create a small test file - pgp_plain.txt is what I called it. You'll also have to change the paths appropriately.

I doubt the signed versus unsigned keys affect this process.

I hope you and Meagan get this stuff working soon. I'm starting to run out of suggestions. ;-)

Rob

Hi Rob,

Thanks for the help, it means a lot to me.

after trying to extract the key to the server by issuing the command :
./pgp -kx maegan /root/.pgp/pubring.pkr http://localhost/.pgp/pubring.pkr

I still I get the stupid error :

key not found in key ring '(null)'
keyring extract error

i've checked the folder, and the key is indeed in there.

i tried to run my php script too, and i got an error that says :

can't open key rings. Encryption error. For usage summary, type bla bla bla...

and here's what i wrote in my php file, please have a look and see what's wrong :

$plainTxt = "/root/.pgp/"."abc" ;

putenv("PGPPATH=/root/.pgp/pubring.pkr");

//open file and dump in plaintext contents
$fp = fopen($plainTxt, "w+");
fputs($fp, $cardinfo);
fclose($fp);

system("/IE-Setup-Files/pgp-6.5.8/./pgp -c $plainTxt");

this is giving me a real headache. please advice. thanks.

Hi Meagan,

I'll ignore the last part of you message (about the php) for now.

Have you tried just listing the keys in your keyring from the shell? That would tell you whether the keyring is being found and tell you the valid key id's.

On my host, pgpk is used for keyring management (pgp by itself doesnt' get executed directly). I changed directories to my .pgp folder (which contains the keyring pubring.pkr. Then used
/usr/local/bin/pgpk help
to find out what's allowed, and
/usr/local/bin/pgpk -l
to list the keys.

Does that work for you?

On my host, I get a bunch of lines with one like:
uid CSandW webmaster <webmaster@CSandW.on.ca>
This is the user id. It should be used in place of the 'meagan' in your example (omitting the 'uid' and assuming that your user id isn't simply 'meagan' when listed as I describe).

Let me know what happens.

Rob

Hi Rob,

I made a test file from your posted code, the only time I can get pgp to encrypt is from the command line and I tried this on 2 different Unix servers, one Linux and the other Solaris both with PGP2.6.2

So I am going to have to give up on using PHP to execute PGP.

I have an old Perl/PGP script that work well except that I need to find someone who can make some changes in it for me.
Do you know of anyone who knows Perl and with experience in executing a Perl script from PHP using the exec() function ?

Lastly I stiil want to use PHP to install a public key on the server ! have you gotten that far ?

Thanks for all the help.
Peter

Hi Peter,

It's puzzling that pgp will execute from the command line but not from the exec() or system() calls (perhaps try system instead of exec if you're not already using it; that should show any errors).

Perhaps it's a permissions kind of thing. I've always struggled trying to understand permissions.

Here's a long shot:
Can you execute a php script from another php script? For example

test1.php
<?php
system("/path/to/php /path/to/test2.php");

?

test2.php
<?php
echo 'php and pgp is driving me crazy';
?>

It works for me. Don't know why it wouldn't work for you. But then I don't really know why your command line pgp works by your call from php doesn't.

As for the Perl: No, I don't know one that has integrated the two (but there's probably lots on phpbuilder about it). It should be just another system call, but I don't know how you would pass variables to it (through a file, perhaps?).

For what it's worth, the site I use pgp on uses Perl for parsing the form. I found Perl cumbersome at grabbing form data, but then I don't really know what I'm doing with Perl.

As for installing a public key on the server: I don't really understand what you want to do (that's probably my shortcoming, not your's). I created my public keys on my local windows machine and then uploaded them. Is that what you mean?

Fun stuff, eh?

Rob

Rob,

There is definately something weird someplace with permissions or ??
I tried both exec and system but don't get any errors.

So I think it's time to try passing my variables to a Perl encryption script using the exec() function.

As for uploading a public key ! I always thought that once the key has been uploaded to the server, it then needs to be installed into PGP via the command line !!

So it would be very nice to have a PHP script that would handle the key upload and then install it through a system call.

Can a key simply be uploaded directly into pubring.pgp ?

I appreciate all the help !
Many thanks,
Peter