2

I'm using gnupg PHP module from pecl. Specifically: gpgme-devel 1.1.8 gnupg module 1.3.3

Encryption works fine, and is fast. Using gpg at the commandline decryption is fast. When I try to decrypt from PHP the page never loads, even messages before the call to decrypt don't print.

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
putenv('GNUPGHOME=/var/www/.gnupg/');
$gpg = new gnupg();
$gpg->seterrormode(gnupg::ERROR_EXCEPTION);

$key_finger_print = 'XXXX'; // Censored for posting...
$phrase = 'XXXX'; // Censored for posting...
$message = 'XXX'; // Censored for posting...

try
{
  $gpg->adddecryptkey($key_finger_print,$phrase);
  $message = $gpg->decrypt($message)
}
catch(Exception $e)
{
  echo 'ERROR: ' . $e->getMessage();
}
?>

No errors are displayed or show up in the log.

Edit: So, running the same script from the command line instead of through apache causes the gpg-agent to prompt me for the pass phrase even though it was supplied in the library call.

J. A. Streich
  • 1,683
  • 10
  • 13
  • I'm assuming you're not getting something from the web server. Have you checked whether gnupg is loaded in the web server's php.ini and not just the CLI one? – Aeveus Feb 27 '14 at 17:34
  • Well isn't that interesting.... using cli, it prompts me for the passphrase even though it was supplied to the library. – J. A. Streich Feb 27 '14 at 18:52
  • This points to a wrong password. Reverify that it is the correct one (and make sure not having copied any weird characters from PDF documents or anything like this). If you're using non-ASCII-characters (so everything with ASCII code up to 128), have a look at the file's encoding, maybe the GnuPG interface messes something up here. – Jens Erat Feb 27 '14 at 19:34
  • Nice thought, but I'm sure it is the right password. Moreover, the library is supposed to throw an exception if the pass phrase is bad. Pass Phrase is in all ASCII, although changing the passed passphrase to one I know is wrong shows the same behavior. Maybe I'll have to generate a key without pass phrase? Trying that now... – J. A. Streich Feb 27 '14 at 19:42
  • Well, without a pass phrase it works. I'd prefer a pass phrase, so I'll leave this open; but at least I can move on to the next part of the project. – J. A. Streich Feb 27 '14 at 19:47
  • @J.A.Streich what happens if you change the new keys password and try again? Also, try `echo $gpg->geterror();` after adding the decrypt key and see what the message says. When you were attempting the use the gpg key as the same user that the php script runs under with the webserver? Maybe gpg needs to be `--init`'d – Tim Groeneveld May 14 '14 at 00:32
  • possible duplicate of [PHP GnuPG segfaults in a webserver](http://stackoverflow.com/questions/14323334/php-gnupg-segfaults-in-a-webserver) – Paul Sweatte Jan 28 '15 at 19:29
  • Paul, It is not the same issue. For now I'll just avoid using passphrases, but underlying problem doesn't cause a segfault nor is it a permission issue (without passphrase is fine) – J. A. Streich Jan 28 '15 at 21:30

0 Answers0