Help! Can anyone decrypt GPG in PHP?

escom

OK,

I'm not the worlds best PHP programmer but I've been having real problems decrypting a GPG message. Encryption works fine it's just getting me head around decrypting it in PHP.

Has anyone managed to do it. I'd really appreciate an example of some working code (for Linux).

Anyway here's my code so far. It's just a test program that encrypts, displays the encrytion then is suppose to decrypt it and display the encrypted result. Although it doesn't do the last bit! I just get:

gpg: encrypted with 2048-bit ELG-E key, ID 3CE28CF7, created 2003-11-24
"me (me) <me@mydomain.com>"

CODE:

<?php
#!/usr/bin/php

/* set up some strings */
$gnupghome = "/home/myusername/key";
$uid = "me@mydomain.com";
$msg = "This is a test message.";
$path_to_gpg ="/usr/bin/gpg";

putenv("GNUPGHOME=$gnupghome");

/* OK now let's encrypt the $msg */

$cmd = "/usr/bin/gpg --textmode --always-trust ";
$cmd .= "--armor --batch --no-secmem-warning --homedir '$gnupghome' ";
$cmd .= " --recipient '$uid' --encrypt
";
$pp = popen($cmd, "w");
fputs($pp, $msg);
pclose($pp);


$encrypted = `$cmd`;
print "<form><textarea NAME=txt ROWS=20 COLS=75 WRAP=VIRTUAL>";
print $encrypted;
print "</textarea>";


/* Now the decrypt part */


$passphrase = 'mysecretpassphrase'; 

global $gnupghome;
global $path_to_gpg;

$body = escapeshellarg ($encrypted);
$pre_pass =" | $path_to_gpg --passphrase-fd 0 --batch --no-tty --decrypt --homedir $gnupghome 2>&1";
if ($passphrase) {
echo "<br>Got passphrase.\n";
}
	echo "<br>Command string: echo [PassPhrase][Body]$pre_pass<br>\n";
	$passphrase = escapeshellarg($passphrase . "\n");
	$command = "echo $passphrase$body$pre_pass";
	exec($command, $plaintext, $returnval);

// make the result a string
if (is_array($plaintext)) {
    $plaintext_str = implode($plaintext,"\n");
};

	echo " <textarea cols=80 rows=20 name=plaintext>$plaintext_str</textarea>";

?>

parawizard

is it a encryption function?

if so can u give us link to look at it

escom

No it's not a function. I basically pulled the code from various scripts and edited it. I'm only just getting to grips with GPG.

Here's where this script is:

http://www.telfordsdirect.com/test.php

If I could get it working then I think it would be a great resource to every PHP coder. You're bound to find a need for it one day!

escom

Anyone?.................

escom

OK I actually figured out how to encrypt and decrypt using PHP and GPG. My original code (for some reason) didn't add the $msg to the popen function. Therefore I got an encryted file with nothing in it. It only took me about 15 hours to figure that out!!!!

Anyway using the shell_exec () command I've manged to successfully create a gpg key (mean't to be inputted into a database) then the decrypt part takes that variable and puts it into a temporary file which can then be read into gpg (I could find any way of taking a variable and decrypting it on the fly).

I really would appreciate it if anyone out there can tell me why my original popen and fputs commands didn't actually get entered into the command.

Anyway I guess theres going to be someone out there that'll want to see how they can encrypt and decrypt a gpg message within PHP so I've included the code below (maybe it'll save you the 15 hours I spent on it!!):

<?php
#!/usr/bin/php

/* set up some strings */
$gpgkeydir = "/home/userdir/keys";
$gpg = '/usr/bin/gpg';
$uid = "me@mydomain.com";
$msg = "This is a test message";
$passphrase = "mypassphrase"; 
$file = "/home/userdir/keys/encode.gpg";

putenv("GNUPGHOME=$gpg");

/* OK now let's encrypt the $msg */

$encrypted = shell_exec("echo $msg | $gpg --batch --no-secmem-warning --no-tty --yes -ea --always-trust --homedir $gpgkeydir -r $uid"); 

print "<form><textarea NAME=txt ROWS=20 COLS=75 WRAP=VIRTUAL>";
print $encrypted;
print "</textarea><br>";


/* Now the decrypt part */

// this bit makes a file

	touch($file);
	$df = fopen($file, "w") or die ("Couldn't open $file");
	fwrite($df, $encrypted);
	fclose($df);

// now decode that file

putenv("GNUPGHOME=$gpg");
	global $gnupghome;
	global $path_to_gpg;
$decrypted = shell_exec("echo $passphrase| $gpg --passphrase-fd 0 --batch --no-secmem-warning --no-tty --yes --homedir $gpgkeydir -d $file"); 

print "your decoded message is:<br>";

// 

	echo " <textarea cols=80 rows=20 name=plaintext>$decrypted</textarea>";

// delete file
		unlink($file);

?>

Apparently this method is less secure than the popen method. Again if anyone could tell me why (plus how I could get the other method to work) I'd appreciate it.