Results 1 to 5 of 5
  1. #1
    Join Date
    Jun 2002

    PHP + MySQL + PGP?

    I'm working on a little script to let me create, and read, files encrypted with PGP. You submit the text in a form, which is then encrypted in PGP (my plan is to generate a new key pair just for the project, separate from my normal one, so uploading the keys to the server isn't hazardous), and then stored in a MySQL database.

    Is there an easy way to do PGP encryption / decryption from within PHP (or MySQL)? The best I've been able to come up with is to write the text out to a text file, write the passphrase to a text file (the passphrase is sent with the form over HTTP, not stored in the code), then shell PGP with the -fd (or something... I know how, I just forget the exact flag) flag, which tells it to read the passphrase from a file, redirecting the output to another file, delete the passphrase file and the original, and then read the newly-encrypted file back in, storing it in MySQL.

    This sounds like a horrible hack job to me, but I can't see a way around it. It irks me that it'll end up with three temporary files, two of which are unencrypted 'secret' files, so it seems like a blatant security risk to do this, too.

    Recommendations, anyone?

  2. #2

    A few ways

    Take a look at the command line options for gpg. You can get gpg to work using a pipe (--decrypt for example will read stdin if there is no filename).

    The other option is to take a look at gpgme (GPG made easy).

    Neither solution is super elegant, but better than writing a pile of temp files.

  3. #3
    Join Date
    Oct 2002
    Not sure but this might help, you might be able to combine this with --passphrase-fd 0 option and then send pass through the pipe. I used this for sending encrypted email attachemnts.

    PHP Code:

    //  this is web server readable directory with 2 files in it
    //   pubring.gpg  and   trustdb.gpg  , both of which i copied from /home/user/.gnupg/ directory
    //  !!!! i chmoded 666 to  trustdb.gpg , this does not look smart, but I could not find better way to do it
    $CONF['gpgdir'] = '/home/user/public_html/passwordprotecteddir/.gnupg' ;

    // this is web server writable tmp directory 
    $CONF['tmpdir'] = ''/home/user/public_html/passwordprotecteddir/tmp/' ;

    function makePGP ($string , $key){
        GLOBAL $CONF;
        // you might need full path to gpg like /usr/bin/gpg
        $command = '
    gpg --encrypt --armor --no-tty --batch --no-secmem-warning   --homedir '. $CONF['gpgdir']  .'   --lock-never  --always-trust  --recipient "'.$key.'"';
        $output = '';    
        $tmpfile = tempnam($CONF['
    tmpdir'], 'gpg');
        $pipe = popen("$command 2>&1 >$tmpfile", '
        if (!$pipe) {
        } else {
            fwrite($pipe, $string, strlen($string));
            $fd = fopen($tmpfile, "rb");
            $output = fread($fd, filesize($tmpfile));
        return $output ;

  4. #4
    Join Date
    Jun 2002
    sasha: I'm playing with the code, but I'm not sure what the $key is supposed to be -- the passphrase? User ID? Or the key itself? Regardless of what I provide, makePGP never returns a value. I'm essentially doing:

    $out = makePGP($text, $pass1);

    With $text being a textarea, and pass1 being a password box.

  5. #5
    Join Date
    Oct 2002
    the key is the key id or the key you wish to use

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts