PGP encryption from PHP

Question

If I run the command

gpg -e -r john@doe.com my_secret_file.txt

from unix command prompt, it is working fine. But when I try to use the same command using PHP, it's not working :

$gpg = '/usr/bin/gpg';
$recipient = 'john@doe.com';
$secret_file = 'secret_file.txt';

echo shell_exec("$gpg -e -r $recipient $secret_file");

Please guide me for a solution.

What does "not working" mean? Do you get an error message? Unexpected output? Pictures of unicorns appearing on the screen? — Wooble, May 10 '11 at 12:38
Thanks for the reply.It should create a file name as "secret_file.txt.pgp" in the same directory .it is not creating — Bidhu Bhusan Patra, May 10 '11 at 12:56
Do you run the php-script from the command line or from a web page? Are there any error messages if you run it directly from the command line? — Demento, May 10 '11 at 13:01
You could just add `error_reporting(E_ALL);` at the top of your script to help you find the error, or start debugging. It will most probably be a permission problem. — wimvds, May 10 '11 at 13:43

score 3 · Answer 1 · answered May 10 '11 at 13:25

Apart from permission issues as Demento suggests, it is also possible that the user the script runs as is not the same as when you work in the command line, and this user does not have the public key of john@doe.com, so it cannot encrypt the file for him. So... which user runs this script? Assuming it's www-data, if you do

carlos@server:~$ su - www-data
(insert www-data's password or do sudo su - www-data if sudo it's available)
www-data@server:~$ gpg --list-keys

do you see the key for john@doe.com?

Demento · Answer 2 · 2011-05-10T13:03:50.233

2

I tried your example on my machine and it works like expected. The result is an additional file in the local directory named secret_file.txt.gpg, encrypted for john@doe.com. This confirms that your actual script is fine and there might be other issues present.

You will not see any output from the script itself, the encrypted file is generated in silence. The echo in the last line of your program does nothing, because gpg does not generate any output if there are no problems. You should take a look at the manual of shell_exec.

If the file is not created on your machine, it might be a permission issue. If you do not call the script from the command line but from a web application, the webserver user needs the appropriate permissions on the file system to create a new file.

edited May 10 '11 at 13:03

answered May 10 '11 at 12:58

Demento

4,039
3
26
36

Thanks. I have change almost all file permission to 777 .Still it is not working . – Bidhu Bhusan Patra May 10 '11 at 13:43
Can you please tell.What is the permission you have for .gnupg and all the files inside .gnupg.".gnupg" is inside root directory – Bidhu Bhusan Patra May 12 '11 at 07:20
All the files in the ".gnupg" directory have "-rw-------". They are owned by the user that is running the PHP script. You are saying that you are looking inside the root directory - are you running the php script as root? If you run it as another user, you must work with the ".gnupg" directory from his "home" directory. – Demento May 12 '11 at 09:29

score 0 · Answer 3 · answered Jun 26 '11 at 17:16

You can see the error by using the following command:

$output = exec("$gpg -e -r $recipient $secret_file 2>&1", $out); 
echo "<pre>$output</pre>";

this will guide you.

possible problem to look at:

the file you are trying to encrypt is not in the right path..
GnuPG is trying to write to the /root/.gnupg directory with "apache" as a user. Obvisouly this is not possible unless you change you access rights to this dir (not recommended).
you don't have the right access to the GnuPG root dir (where ever it is)
you don't have WRITE in the dir apache is trying to create the new file..

Let me know what your code outputs and I'll be able to help. I ran into this already, it is tedious.

PGP encryption from PHP

3 Answers3