My problem is not only writting unencrypted files to disk:
My web server runs as user "nobody" and anyone
with an account in the machine has access to every file user "nobody" does by mean of writting a simple php script. So cannot store any kind of key as user nobody

I use a little trick to bypass this problem when accessing to a database: Just use a directory-dependent environment variables DBUSER y DBPASSWD in my httpd.conf (owned by root, mode 400 ) file. Thus I can solve my problem by storeing the keyring in the database. So I'm looking for a db-oriented patch for management of the keyrings on PGP/GnuPG

I'm getting the "insufficient random bits" error when attempting to use pgp on NT Webserver. I can list the keyring no problem. I found a mention on the Network Associates page on the PGP sdk that pgp is looking to use human interaction on the machine (via keyboard and mouse) to generate random bits, and the webserver doesn't get much of that. There doesn't appear to be a parameter to override this (good in a way because the randomness ensures good security).

Did you manage to get going in your situation ?

Hi,

I am trying to use PGP with PHP in order to encrypt data via web, and actually it works, but it is extremely slow, it needs almost a minute to encrypt a message.

Any idea why it is so slow ??

What I do is:

============================================================
$msg="Text to encrypt";
$pp = popen("/opt/PGP/pgp -eaf $userID -o myfile.output", w);
fputs($pp, $msg,strlen($msg));
pclose($pp);

$fp = fopen("myfile.output", r);
while (!feof ($fp)) {
$msg_crypted .= fgets($fp, 512);
}

fclose($fp);

thanks

I want to do almost the same except that I want to write the encrypted message to a file and also email the message.
Where you able to speed up the encryption process ?

Thanx

Hello there,

I am facing the same problem as Sam. I get an error message that says that the server can't find my public key. Does this means that i have to export my public key which i have created into my server?? Please help. Thanks.

Maegan.

Hi Meagan,

If I understand you question correctly, you have created your keys on your local machine. Then, yes, you have to export these keys from your local keyring and ftp them to your server. The folder to save them in on your server is the folder specified by the line
putenv("PGPPATH=/homedir/of/PHP/user/.pgp");
in your PHP script (this line is copied from Julie Meloni's article at http://hotwired.lycos.com/webmonkey/00/20/index3a_page5.html?tw=programming).

Hope that helps. Getting pgp and php working can be nasty at times, eh?

Rob

Hi Rob,

Perhaps you can help me out a little.
I have followed Julie Meloni's example for enrcypting/emailing some data but haven't been able to get the encryption process to fire. I do receive an the email but it is empty. Can you see any obvious errors in my code ?
I checked the directory for file $clear, it exists and contains the data/variables to be encrypted.
I checked the directory for file $crypted, it exists but the file is empty.

Here is my test file running on Linux:
<?
$sender_name="Peter Sender";
$sender_email="vist@emi.net";
$secret_msg=" Secret message PGP test";

$time = time();
$msg = "Sender's Full Name:\t
$sender_name\n";
$msg .= "Sender's E-Mail:\t$sender_email\n";
$msg .= "Secret Message\t$secret_msg\n\n";

putenv("PGPPATH=/home/mydomain/.pgp/pubring.pgp");

$clear = "/home/mydomain/www/ecom/tmp/";
$clear .= "$time";

$crypted = "/home/mydomain/www/ecom/temp/";
$crypted .= "$time";

$fp = fopen("$clear", "w+");
fwrite($fp, "$msg");
fclose($fp);
//unlink("$clear");

/ This system() call gives me an error: Warning: fopen("/home/mydomain/www/ecom/temp/997460177","r") - No such file or directory
/
system("/usr/local/bin/pgpe -r 'MyKey <vista@emi.net>' -o $crypted -a $clear");

/ This one gives error:
Recipients' public key(s) will be used to encrypt. Preparing random session key...
Warning: fopen("/home/mydomain/www/ecom/temp/997464194","r") /
system("/usr/local/bin/pgp -e -a $clear 'MyKey' -o $crypted");

/ This does not give any error messages but the email is empty (no encrypted message) /
system("/usr/local/bin/pgp -feat $clear MyKey >$crypted");

$fd = fopen($crypted, "r");
$mail_cont = fread($fd, filesize($crypted));
fclose($fd);
//unlink("$crypted");

$recipient = "vista@emi.net";
$subject = "Secret Message";
$mailheaders = "From: My Web Site <\"\">\n";
$mailheaders .= "Reply-To: $sender_email\n\n";

mail("$recipient", "$subject", $mail_cont, $mailheaders);

echo "<H1 align=center>Thank You, $sender_name</h1>";
echo "<p align=center>Your secret message has been sent.</p>";

?>

Hi Peter,

I notice a couple of things, but I don't know if they solve the problem.

1. the path for $clear has /tmp instead of /temp.

2. $clear and $crypted seem to refer to the same file.

Try:
$clear = "/home/mydomain/www/ecom/temp/";
$clear .= "$time.data";

$crypted = "/home/mydomain/www/ecom/temp/";
$crypted .= "$time.pgpdata";
to solve both issues.

The other thing that might help your debugging is to echo $mail_cont and comment out the mailing (saves you having to always check your e-mail).

Try this and let me know.

Rob

Hi there,

sorry to bother you again. Is the command to extract the key from my machine to the server : pgp -kx <userID><keyfile><URL>??

i'm serving on apache, does this mean that i have to key in
http://localhost as my <URL>
and
/root/.pgp as my <keyfile>??

i have specified the folder as
putenv("PGPPATH=/root/.pgp");
and still i get an error that says cannot open key ring file. do i have to use the pgp -ka command as well?? i am so confused. thanks in advance.

Maegan.

I'm not sure this comment will help much.

Are you certain that your keyring is stored in /root/.pgp? Telnet or ftp to the folder will tell give you the path. (this question is not meant to sound condescending).

I don't think you have to specify the URL.

As for the key, perhaps you are identifying it incorrectly. That was a problem I had when I started. The key can be identified by an 8 or 10 character KeyID or by something of the form name <e-mail address> (I forget the specific format of these).

You shouldn't have to use a -k option. If you're finding the keyring properly, the code from Julie Meloni should work.

However, you might find it helpful to telnet to your host (if possible) and try accessing pgp using the commend line. The online manuals, if they're installed, should be helpful (type 'man pgp' or 'man pgpe' and there are a couple of others that I don't remember at the moment).

(I assume you are still trying to get your first message encrypted as opposed to now trying something more fancy like using php to manipulate the key itself).

Rob

Hi Peter,

I posted some code a while back at
http://www.phpbuilder.com/forum/read.php3?num=2&id=115223&loc=0&thread=115223
Perhaps that might shed some light on things in that it is a little more simplified than Julie's code since the files are hard coded. On the other hand, it is a little more complicated since I present three ways to go the encryption.

I just checked on my server, and I can manually execute the command from option 3 in the code at the above URL.

You'll have to create a small test file - pgp_plain.txt is what I called it. You'll also have to change the paths appropriately.

I doubt the signed versus unsigned keys affect this process.

I hope you and Meagan get this stuff working soon. I'm starting to run out of suggestions. ;-)

Rob

Hi Rob,

Thanks for the help, it means a lot to me.

after trying to extract the key to the server by issuing the command :
./pgp -kx maegan /root/.pgp/pubring.pkr http://localhost/.pgp/pubring.pkr

I still I get the stupid error :

key not found in key ring '(null)'
keyring extract error

i've checked the folder, and the key is indeed in there.

i tried to run my php script too, and i got an error that says :

can't open key rings. Encryption error. For usage summary, type bla bla bla...

and here's what i wrote in my php file, please have a look and see what's wrong :

$plainTxt = "/root/.pgp/"."abc" ;

putenv("PGPPATH=/root/.pgp/pubring.pkr");

//open file and dump in plaintext contents
$fp = fopen($plainTxt, "w+");
fputs($fp, $cardinfo);
fclose($fp);

system("/IE-Setup-Files/pgp-6.5.8/./pgp -c $plainTxt");

this is giving me a real headache. please advice. thanks.

Hi Meagan,

I'll ignore the last part of you message (about the php) for now.

Have you tried just listing the keys in your keyring from the shell? That would tell you whether the keyring is being found and tell you the valid key id's.

On my host, pgpk is used for keyring management (pgp by itself doesnt' get executed directly). I changed directories to my .pgp folder (which contains the keyring pubring.pkr. Then used
/usr/local/bin/pgpk help
to find out what's allowed, and
/usr/local/bin/pgpk -l
to list the keys.

Does that work for you?

On my host, I get a bunch of lines with one like:
uid CSandW webmaster <webmaster@CSandW.on.ca>
This is the user id. It should be used in place of the 'meagan' in your example (omitting the 'uid' and assuming that your user id isn't simply 'meagan' when listed as I describe).

Let me know what happens.

Rob

Hi Rob,

I made a test file from your posted code, the only time I can get pgp to encrypt is from the command line and I tried this on 2 different Unix servers, one Linux and the other Solaris both with PGP2.6.2

So I am going to have to give up on using PHP to execute PGP.

I have an old Perl/PGP script that work well except that I need to find someone who can make some changes in it for me.
Do you know of anyone who knows Perl and with experience in executing a Perl script from PHP using the exec() function ?

Lastly I stiil want to use PHP to install a public key on the server ! have you gotten that far ?

Thanks for all the help.
Peter

Hi Peter,

It's puzzling that pgp will execute from the command line but not from the exec() or system() calls (perhaps try system instead of exec if you're not already using it; that should show any errors).

Perhaps it's a permissions kind of thing. I've always struggled trying to understand permissions.

Here's a long shot:
Can you execute a php script from another php script? For example

test1.php
<?php
system("/path/to/php /path/to/test2.php");

?

test2.php
<?php
echo 'php and pgp is driving me crazy';
?>

It works for me. Don't know why it wouldn't work for you. But then I don't really know why your command line pgp works by your call from php doesn't.

As for the Perl: No, I don't know one that has integrated the two (but there's probably lots on phpbuilder about it). It should be just another system call, but I don't know how you would pass variables to it (through a file, perhaps?).

For what it's worth, the site I use pgp on uses Perl for parsing the form. I found Perl cumbersome at grabbing form data, but then I don't really know what I'm doing with Perl.

As for installing a public key on the server: I don't really understand what you want to do (that's probably my shortcoming, not your's). I created my public keys on my local windows machine and then uploaded them. Is that what you mean?

Fun stuff, eh?

Rob

Rob,

There is definately something weird someplace with permissions or ??
I tried both exec and system but don't get any errors.

So I think it's time to try passing my variables to a Perl encryption script using the exec() function.

As for uploading a public key ! I always thought that once the key has been uploaded to the server, it then needs to be installed into PGP via the command line !!

So it would be very nice to have a PHP script that would handle the key upload and then install it through a system call.

Can a key simply be uploaded directly into pubring.pgp ?

I appreciate all the help !
Many thanks,
Peter

Hi Peter,

On passing variables to Perl: In the absence of a better solution, you could use PHP to write a file containing the variables as I aluded to in my last note. Perl would then read the file and then delete the file to obtain the variables (this in analogous to using the plain text file to pass the message to pgp). But this all hinges on PHP being able to invoke a Perl routine (which might be problematic if something is screwing with the system).

I now understand what you were referring to about 'installing a public key'. Yes, a new key has to be added to the pubring.pkr. I've always just done this on my Windows machine and then uploaded the new key ring. And, no, I don't think a new key can be directly uploaded into the key ring (as opposed to added in with the pgp program).

While it should be possible to both generate a new key and add a key to the public key ring using PHP and an exec or system function calling the appropriate PGP routine, you may have problems doing this if you can't encrypt a message with PGP/PHP. Just a thought.

Rob

Hi Rob,

Yes, I have tried to list out the keys, and the path is indeed correct. What do you mean when you said that my keyID has to be 8-10 char? cause my ID is definitely less than that, and it's without the <e-mail> as well. I set the ID when I first created my key.

The funny thing is that why is it that i can encrypt using command lines in Linux but i can't do so when using PHP??? Is there any step which i have missed out??? and anyway, is it necessary to extract my public key to my server? Thanks once again.

Maegan.

Maegan,

Did you ever get PHP to encrypt with PGP, if so could you share the info with me as I was never able to get it running !

Thanks,
Peter