PGP/GPG, security, popen, pipes & files

Anon

In writing PHP code to do PGP encryption, I've come across three general methods of invoking PGP after receiving the data by SSL (sample code is below):

use popen,
use a pipe in an exec statement,
write the plaintext to disk then encrypt.

To me, the third option seems the most undesirable (least secure).

What about options 1 or 2? Are there any issues that would favour 1 method over the other? Would the unencrypted data be accessible to others using either option 1 or 2 (as it is with option 3)?

For those who are interested, we are currently using a perl script on our site to encrypted communications to a lawyer (although I know this method is also used for an inexpensive method of send credit card numbers).

Thank you.

Rob

<?
putenv("PGPPATH=/home2/csandw/.pgp");

echo date("Y-m-d h:i:s")." start ";
$msg = date("Y-m-d h:i:s",time()+36060)."\n"."Test data to encrypt";

echo "original: ".$msg." ";

// UNCOMMENT ONE OF THE THREE BLOCKS BELOW
//0x7552A4F7 is the KeyID

/ 1
$pp = popen("/usr/local/bin/pgpe -r 0x7552A4F7 -o /home2/csandw/pgp_enc.txt", w);
fwrite($pp, $msg);
pclose($pp);
/

/ 2
$command = "echo '$msg' | /usr/local/bin/pgpe -r 0x7552A4F7 -o /home2/csandw/pgp_enc.txt";
$result = exec($command, $msg_crypted, $errorcode);
/

/ 3
$fp = fopen("/home2/csandw/pgp_plain.txt", "w+");
fputs($fp, $msg);
fclose($fp);
system("/usr/local/bin/pgpe -r 0x7552A4F7 -o /home2/csandw/pgp_enc.txt -a /home2/csandw/pgp_plain.txt");
unlink("/home2/csandw/pgp_plain.txt");
/

// retrieve and display the data
$fp = fopen("/home2/csandw/pgp_enc.txt", r);
$msg_crypted = fread($fp, filesize("/home2/csandw/pgp_enc.txt"));
fclose($fp);

echo " crypted: ".$msg_crypted." ";

unlink("/home2/csandw/pgp_enc.txt");

mail("webmaster@CSandW.on.ca","pgp test",$msg_crypted);

Anon

Option 2 in your script / pipes gives me an encrypted output of

¨PGPÁÁN?ôáfUTýs"rw!?tZsSK"zIC>W6~Gý;'à44JÃÕßwa¹§n»âÑözVæ.DÏö
'ï)þâºÁ"{¯Ë#>ÄK"û8^Z?åÅ ]Û¿6lé'YÁ.VPÙz¦P±úkå<U*ì,-7jkE7]´d°""°°â'Î[.YXÚllL}

which PGP dosen't understand

Any ideas
Mike.

robertjackson

Hi Mike,

It works for me. Perhaps try ascii armouring the output (option -a, I think - you'll have to check the documentation). That might make is recognizable to PGP after doing copy and paste or whatever.

Did the other two alternative methods work out?

Rob

Anon

Excellent. The -a option worked on both examples. I did not want to use the third example due to the obvious security problem.
I am not yet very well up on PGP and I was wondering if you knew of any security issues using either of the other 2 methods.

Thanks for the help, this info is really scarce.

Mike.

robertjackson

Hi Mike,

Glad it worked.

I agree that info on PGP/PHP is really scarce. I didn't receive any replies to my original request as to whether popen or pipes is more secure than the method that writes the files. I presume that these other two methods work entirely in the memory and do not use the disk, but I don't know.

One issue I came across using GPG is that it must be executable as the superuser (I've probably stated that incorrectly, but I'm fuzzy on the specifics). On Linux, I would receive an error that it was working with insecure memory. The situation was corrected by using a
chmod u+s /usr/local/bin/gpg

I don't know if this is an issue with PGP.

Good luck and please post whatever new info you can add.

Rob

Anon

Has anyone managed to get any variations of this PGP/PHP script to actually encrypt data.
I tried this code with my file paths with a variety of command calls to pgp without any success whatsoever on 2 systems:
Redhat and Solaris both with pgp2.6.2

I am obviously missing something !

Would really appreciate any posting of anyones code that actually encrypts.

Many thanks,
Peter

Anon

Hopefullu one of you can cast some light on the problem I am facing !

No matter which variation/option 1,2 or 3 I try, of the pgp/php encryption script posted in this thread, I'm always getting the same error:

Warning:fopen{"/web/my_domain/tmp/pgp_enc.txt","r")- No such file or directory in /web/my_domain/pgptes.php on line

It would appear that PGP is not outputing anything. UserID/key is there so that's not the problem.

Anyone have any ideas ?
Thanks,
Peter

Anon

Try this it works for me.
I created a dir called secure and put another dir inside it called .pgp. You may have to chmod 777 these directories. You also have to be careful how you upload your public key to this dir. It has to be uploaded in ascii mode using ws ftp or the like NOT DREAMWEAVER.

//build the message string
$msg = "Sender's Full Name: ".$sender_name;
$msg .= "Sender's E-Mail: ".$sender_email;
$msg .= "Secret Message?: ". $secret_msg;

//set the environment variable for PGPPATH
putenv("PGPPATH=./secure/.pgp");

//generate token for unique filenames
$tmpToken = md5(uniqid(rand()));

//create vars to hold paths and filenames
$crypted = "./secure/.pgp/" . "$tmpToken" . "pgpdata";

//invoke PGP to encrypt file contents
$command = "echo '$msg' | /usr/local/bin/pgpe -a -r 'Your Name <your reged pgp email@email.com>' -o $crypted";
$result = exec($command, $msg_crypted, $errorcode);

if ($errorcode == 0)
{

//open file and read encrypted contents into var
$fd = fopen($crypted, "r");
$mail_cont = fread($fd, filesize($crypted));

fclose($fd);

//delete files!
unlink($crypted);

// Build mail message and send it to target recipient.
$recipient = "your recipients";
$subject = "Test PGP";

$additional_headers = "From: your email";

mail("$recipient", "$subject", $mail_cont, $additional_headers);

robertjackson

Hi Peter,

I got it to work. ;-)

I ran into this problem a few weeks ago with setting up GPG with PHP. For me, it came down to something about GPP having to work in superuser mode (or something like that - my permissions on gpg are:
-rwsr-xr-x 1 nnroot root 1584745 Sep 28 22:27 gpg
This was something I found searching groups.google.com).

I also found I had two keyrings. For some reason I could only load keys into one keyring, but gpg wanted to pull it's keys for encryption from another key ring. So, I'd have to load them into the one ring and copy to the other.

That's all I remember without digging through my note (which unfortunately I don't ahve time for this week, nor, perhaps, next week - sorry).

Good luck. Please post the solution when you find it.

Rob

bjblackmore

Using GPG, This is my code for GPG, but it doesn't work, seems the system() command fails, not sure why, like robert jackson said its something to do with permissions on the gpg command. If anyone knows how to solve this, please help.

putenv("/users/schoolhh/.gnupg");

//generate token for unique filenames
$tmpToken = md5(uniqid(rand()));

//create vars to hold paths and filenames
$crypted = ("/users/tmpdata/" . "$tmpToken" . "gpgdata");
$plainTxt = ("/users/tmpdata/" . "$tmpToken" . "data");

//open file and dump in plaintext contents
$fp = fopen($plainTxt, "w+");
fputs($fp, $message);
fclose($fp);

//invoke GPG to encrypt file contents
system("/usr/bin/gpg --encrypt --no-secmem-warning -ao $crypted -r 'MyKey' $plainTxt ");

//open file and read encrypted contents into var
$fd = fopen($crypted, "r");
$mail_cont = fread($fd, filesize($crypted));
fclose($fd);

//delete files!
unlink($plainTxt);
unlink($crypted);

The 1st file is created, so I know its nothing to do with permissions on the directory, but when the system command runs to create the 2nd encrypted file, the file isn't created, so I cxan only imagine a user from the web, can't execute gpg.
Cheers
Ben

Anon

I know its a while since these posts about php and PGP. But here goes...

Using gpg, I found that the abreviations for options didn't work, but using

system("c:/Progra~1/GnuPG/gpg.exe --armor --output $crypted --encrypt-to $sender_email --encrypt $plainTxt");

seemed fine. I added the --encrypt-to $sender_email to allow the sender to upload their public key to my keyring and have the message encrypted to them as well. (--encrypt-to doesn't check the trust of the key, so if they have just uploaded it to my keyring, it doesn't cause any problems.

I'm trying to build a series of scripts that are essentially a 'mailing list manager', that will allow me to send messages from my website that will check the keyring and encrypt to my client's key if I have it. If I don't, it will simply send plain text. This is to allow me to say to them 'give me your public key and all mail will be encrypted, otherwise it will be plain text'.

I need to sort out the --import-key functions, though, as they're proving difficult. As for pipes/text files etc, I don't like the idea of the text files. A couple of times pgp hung, and the script didn't complete, leaving a clear text file on the server.

I would appreciate any help anyone can offer!

Paul