3

I want to integrate PGP encryption into my web application, after looking for what to use(extensions, libraries, etc.) I decided to go with the gnupg extension for php. Now, I do have a PGP key in one of my desktop folders and I've tried to use it's fingerprint as a string for addencryptkey, the error I receive is get_key failed which I don't understand why, my PGP key is valid.

There are two very similar questions on SO:

php gnupg get_key failed error ,

gnupg get_key failed in php ,

Based on these, I've updated my code somewhat to no success, here's what it currently looks like:

  putenv("GNUPGHOME=/home/user/Desktop/Keys/.gnupg/");

  $pgp = new gnupg();

  $pgp->addencryptkey("F0E2DF9C82ECE67935171F4939D8599A923820D9");
  echo $pgp->geterror();

In the folder specified in putenv, I have my public key saved in a .asc file. I can't see what the problem really is, unless it only works with keys stored on the server?

frogman578
  • 359
  • 1
  • 10
  • I just ran into this problem and I solved it by calling import with the contents of the public key I was using rather than pointing it to an existing public key folder. – rlorenzo May 04 '22 at 23:29

1 Answers1

0

I just wanted to share my fix for this issue. Given that this is one of the more recent questions on this topic I thought it best to share it here.

At the time I was able to encrypt messages fine (PHP 7.4 with the GNUPG PECL extension).

To address the get_key_failed error, after setting up/importing my keys I copied my entire .gnupg directory to the root of my webserver (/var/www/html in my case) and updated its permissions so that it was accessible by the webserver.

putenv("GNUPGHOME=/var/www/html/.gnupg");

I assumed that this would fix it, however I then encountered a new error when attemping to decrypt a message:

Uncaught Exception: decrypt failed

The only way I could resolve this was by ensuring my key pair did not have a passphrase. Some comments on the PHP GNUPG docs suggest that that passphrase which is the second argument on adddecryptkey() is ignored regardless. However, in my case decryption only worked with a private key that didn't have a passphrase set.

This worked on my local instance (Ubuntu 18) and when deployed to an EC2 instance running Amazon Linux 2.

Tom
  • 109
  • 1
  • 15