I am writing php scripts to extract gpg encrypted parameters from a URL.

I'm not sure if this is a coding problem or a package install problem but I'm at a loss at this point. There is so little documentation of gpg php use.

Here it goes:

[root@mirage enrollment]# php encrypt.php
PHP Warning: gnupg_addencryptkey(): get_key failed in /var/www/vhosts/somedomain.com/httpdocs/enrollment/encrypt.php on line 10
PHP Warning: gnupg_encrypt(): no key for encryption set in /var/www/vhosts/somedomain.com/httpdocs/enrollment/encrypt.php on line 13
/var/www/.gnupg

[root@mirage enrollment]# gpg --homedir /var/www/.gnupg --fingerprint
gpg: WARNING: unsafe ownership on homedir `/var/www/.gnupg'

/var/www/.gnupg/pubring.gpg

pub 1024D/24F0C25E 2009-10-29
Key fingerprint = 61EC B598 C01B 3DD4 2543 FB1A 1A16 8972 24F0 C25E
uid dummy <dummy@dummy.com>
sub 2048g/3F9A5055 2009-10-29

[root@mirage enrollment]# cat encrypt.php
<?php
$gpg = new gnupg();
$gpg -> seterrormode(gnupg::ERROR_EXCEPTION); // throw an exception in case of an error

// set the environment so gnupg can find the keyring
putenv("GNUPGHOME=/var/www/.gnupg");

$res = gnupg_init();
gnupg_seterrormode($res,GNUPG_ERROR_WARNING); // raise a PHP-Warning in case of an error
gnupg_addencryptkey($res,"61ECB598C01B3DD42543FB1A1A16897224F0C25E");
#gnupg_addencryptkey($res,"61EC B598 C01B 3DD4 2543 FB1A 1A16 8972 24F0 C25E");
#gnupg_addencryptkey($res,"5C798B98314176C041DD66324A83C80EF1817BFB");
$enc = gnupg_encrypt($res, "just a test");
echo $enc;
echo getenv("GNUPGHOME"). "\n";
?>

[root@mirage enrollment]# ls -al /var/www/.gnupg
total 32
drwxrwxrwx 2 apache apache 4096 Oct 29 11:39 .
drwxr-xr-x 11 root root 4096 Oct 28 20:42 ..
-rwxrwxrwx 1 apache apache 1155 Oct 28 20:47 pubring.gpg
-rwxrwxrwx 1 apache apache 1155 Oct 28 20:47 pubring.gpg~
-rwxrwxrwx 1 apache apache 600 Oct 28 20:47 random_seed
-rwxrwxrwx 1 apache apache 1304 Oct 28 20:47 secring.gpg
-rwxrwxrwx 1 apache apache 1280 Oct 28 20:47 trustdb.gpg
[root@mirage enrollment]# php -m | grep gnugp
[root@mirage enrollment]# php -m

[root@mirage enrollment]# php -m | grep gnupg
gnupg <--proof gnupg module is loaded.

References:
http://pecl.php.net/bugs/bug.php?id=11371
http://devzone.zend.com/article/3753
http://www.brandonchecketts.com/archives/gnupg-encryption-with-php

Notes:

I've tried both gnupgme as shown above as well as an attempt to use crypt_gpg below. I've triple checked the keys as well.

[root@mirage enrollment]# php test.php
PHP Warning: require_once(Crypt/GPG/VerifyStatusHandler.php): failed to open stream: No such file or directory in /usr/share/pear/Crypt/GPG.php on line 61
PHP Fatal error: require_once(): Failed opening required 'Crypt/GPG/VerifyStatusHandler.php' (include_path='.:') in /usr/share/pear/Crypt/GPG.php on line 61

[root@mirage enrollment]# more test.php
<?php

require_once '/usr/share/pear/Crypt/GPG.php';

// Specify homedir as an existing writeable directory if the web user
// does not have a home directory, or if the web user's home directory
// is not writeable.
$gpg = new Crypt_GPG(array('debug' => true));
$gpg = new Crypt_GPG(array('homedir' => '/var/www/.gnupg'));

?>

😕 2 day obsession

my gosh please get rid of the annoying sitepal talking ads

    Please use the formatting tags described in the FAQ when posting to make it easier to eyeball-parse and hence read. Thank you.

    I don't have any experience with the GNUPG package, but there are a couple of small observations I can make:

    totus wrote:
    [root@mirage enrollment]# php -m | grep gnupg
gnupg <--proof gnupg module is loaded.

    The phpinfo() function will also tell you this

    PHP Warning: require_once(Crypt/GPG/VerifyStatusHandler.php): failed to open stream: No such file or directory in /usr/share/pear/Crypt/GPG.php on line 61

    This is saying that the file you're trying to open (VerifyStatusHandler.php) could not be found. Judging from the error message on the next line, you haven't updated the include_path in php.ini to include the PEAR directory.

      WeedPacket, thanks! that did!

      However, I just realized that for what we are trying to do using gpg may be way overkill.

      We are simply wanting to share a public key in which the provider will use to encrypt parameters in a URL that is being passed to us, then decrypt them and place them in a db.

      mcrypt and blowfish sha1 may suffice. more later.

        Yah; it sounds like mcrypt would be sufficient: presumably you have a sufficiently private channel with your provider to exchange an encryption/decryption key with them. It's not like you're publishing one encryption key publically for everyone to use while preventing members of the public from being able to decrypt each others' messages.

          Well after todays meeting it looks like we're back to making use of GPG. We're planning on passing the encrypted data within the header of the http post 🙂

          I seem to have gotten the environment and packages straight on the system and I'm able to run the following sample code which encrypted a webpage and stores it. Then displays it.

          <?php

require_once 'Crypt/GPG.php';

$gpg = new Crypt_GPG();
$gpg->addEncryptKey('dummy@dummy.com');
// you can use any fopen-able stream
$gpg->encryptFile('http://dummy.com/', './file.html.asc');
#echo Complete<p>;
$file = file_get_contents('./file.html.asc', true);
echo $file;

          My new issue is that is executes fine via cli "php encrypt.php" as apache. However when I make an http request I get nothing. The http logs show this:

          [Fri Oct 30 16:51:20 2009] [error] [client 24.243.34.79] PHP Warning:  require_once(Crypt/GPG.php) [<a href='function.require-once'>function.require-once</a>]: failed to open stream: No such file or directory in /var/www/vhosts/dummy.com/httpdocs/enrollment/encrypt.php on line 3
[Fri Oct 30 16:51:20 2009] [error] [client 24.243.34.79] PHP Fatal error:  require_once() [<a href='function.require'>function.require</a>]: Failed opening required 'Crypt/GPG.php' (include_path='.:/usr/share/pear') in /var/www/vhosts/dummy.com/httpdocs/enrollment/encrypt.php on line 3

          The /usr/share/pear path is set properly in /etc/php.ini, I noticed there is another php.ini file in /usr/local/psa/admin/conf/php.ini and I tried adding it there as well. Apache hup and still same results :mad:

            Once this is working my next step to extract the encrypted data from the http post. I'm waiting on a sample.

            <?php echo $_SERVER['[COLOR="Red"]DATA_KEY[/COLOR]']; ?>

            Then, I need to decrypt it and hide the data all while showing the end user a form. The form will have checkboxes and submit.

            Upon submit, all data will be placed into the db and a thankyou page displayed.

            Thank you page must carry over checked items and list and provide a print button.

            I have the form and db setup and functional. My challenge is going to be the encryption and logic list in thankyou page.

            Happy Halloween Everyone! :xbones:

              correction, extract the encrypted data from the http post "header"

                totus;10932589 wrote:

                Well after todays meeting it looks like we're back to making use of GPG. We're planning on passing the encrypted data within the header of the http post 🙂

                I seem to have gotten the environment and packages straight on the system and I'm able to run the following sample code which encrypted a webpage and stores it. Then displays it.

                <?php

require_once 'Crypt/GPG.php';

$gpg = new Crypt_GPG();
$gpg->addEncryptKey('dummy@dummy.com');
// you can use any fopen-able stream
$gpg->encryptFile('http://dummy.com/', './file.html.asc');
#echo Complete<p>;
$file = file_get_contents('./file.html.asc', true);
echo $file;

                My new issue is that is executes fine via cli "php encrypt.php" as apache. However when I make an http request I get nothing. The http logs show this:

                [Fri Oct 30 16:51:20 2009] [error] [client 24.243.34.79] PHP Warning:  require_once(Crypt/GPG.php) [<a href='function.require-once'>function.require-once</a>]: failed to open stream: No such file or directory in /var/www/vhosts/dummy.com/httpdocs/enrollment/encrypt.php on line 3
[Fri Oct 30 16:51:20 2009] [error] [client 24.243.34.79] PHP Fatal error:  require_once() [<a href='function.require'>function.require</a>]: Failed opening required 'Crypt/GPG.php' (include_path='.:/usr/share/pear') in /var/www/vhosts/dummy.com/httpdocs/enrollment/encrypt.php on line 3

                The /usr/share/pear path is set properly in /etc/php.ini, I noticed there is another php.ini file in /usr/local/psa/admin/conf/php.ini and I tried adding it there as well. Apache hup and still same results :mad:

                I searched high and low for a remedy to this. Anyone have any ideas??? 😕

                  Plesk was the issue in pear, gpg and crypt_gpg execution. Make sure if your using plesk to add the base_dir and includes to the domains vhost.conf file. :rolleyes:

                    Write a Reply...