1

Im using Gnupg to decrypt a file:

gpg --decrypt -o file.xml file.gpg

You need a passphrase to unlock the secret key for
user: "TEST-COMPANY (DAM Key) <test@test.de>"
4096-bit RSA key, ID 257C2D21, created 2018-04-23

Enter passphrase: 

Then I write this passphrase and then works.

And now I want to make it automatic using this command on PHP:

$command = 'gpg --decrypt -o file.xml file.gpg'
exec($command);

The problem came when system ask for phassphrase.

I tried this:

$command = 'gpg --decrypt -o file.xml file.gpg | [Passphrase]'

but doesn't work.

Any idea about this?

Thank you

Adrián Silvestre
  • 145
  • 1
  • 1
  • 11
  • 1
    Try [this](https://unix.stackexchange.com/questions/60213/gpg-asks-for-password-even-with-passphrase) if `--passphrase [passphrase]` doesn't work; you might also need `--batch` (to prevent it waiting for a response) – CD001 Jun 21 '18 at 14:11
  • `gpg --decrypt -o file.xml file.gpg --passphrase [Passphrase]` doesn't work – Adrián Silvestre Jun 21 '18 at 14:28
  • 1
    Did you look at the link in my previous comment? https://unix.stackexchange.com/questions/60213/gpg-asks-for-password-even-with-passphrase – CD001 Jun 21 '18 at 14:30
  • `echo [Passphrase] | gpg --passphrase-fd 0 --batch file.gpg` I realized that works on Terminal but not in php -we are so close- – Adrián Silvestre Jun 21 '18 at 14:40
  • 1
    Are you missing the `--decrypt` option? `echo [passphrase] | gpg --passphrase-fd 0 --batch --no-tty --yes --decrypt file.gpg` ... I've not done this for a while mind, last time was encrypting files on the server using gpg and `popen()` – CD001 Jun 21 '18 at 14:50
  • ... actually, if you're outputting to an XML file, you might need to use `popen()` -> `fwrite()` rather than `shell_exec()` – CD001 Jun 21 '18 at 14:53
  • 1
    Ach - forgot the `--homedir` to tell it where the keyrings are stored... this is working on my dev box: `exec("gpg --passphrase \"{$passphrase}\" --homedir \"{$keyringpath}\" --batch --no-tty --yes --output {$filename} --decrypt {$filename}.gpg")` – CD001 Jun 21 '18 at 16:05
  • 1
    `echo [PassPhrase] | gpg --passphrase-fd 0 --batch --yes file.gpg` -> It Works! :D Thank you!!! – Adrián Silvestre Jun 22 '18 at 08:53
  • Hah! I knew you'd get there in the end :) Just a matter of finding the right options for GPG. – CD001 Jun 22 '18 at 08:55

1 Answers1

3

Just adding the answer that the OP and @CD001 figured out in the comments, because it helped me immensely (thanks!), and seems like a common issue (secret key was generated with passphrase, and generating new keys isn't an option). I was pulling my hair out trying to decrypt with the GnuPG functions, before learning that as of GnuPG 2.1, it can't decrypt a file with passphrase-generated key (as noted in comment here). Configuring gpg-agent with a preset passphrase may work fine, but I much prefer what the OP here did.

$encrypted_file = "file.csv.pgp";
$path_to_file = $_SERVER["DOCUMENT_ROOT"]."/dir1/dir2";
$passphrase = "passphrase";
$command = "echo {$passphrase} | gpg --passphrase-fd 0 --batch --yes {$path_to_file}/{$encrypted_file}";
exec($command);

If successful, the decrypted file will be in the same directory, without the .pgp extension. So make sure it was successful...

$decrypted_file = str_replace(".pgp", "", $encrypted_file );
if (file_exists("{$path_to_file}/{$decrypted_file}")) {
    echo "Successfully decrypted $encrypted_file to $decrypted_file";
}
Josh888
  • 31
  • 6
  • 1
    Holy hell, this is the ONLY solution that worked for me using php out of like 1,000 "solutions" tried. Had to also do exec("gpg --import /path/to/private/key.gpg") and exec("gpg --import /path/to/public/key.asc") and I want to stress the need to use escapeshellargs on the passphrase. THANK YOU FOR THIS –  Apr 03 '20 at 20:54