GNUPG and PGP with PHP

CO Group Support CO Group Support" <support@cogroupinc.com
Sat Aug 25 05:07:02 2001 

Thomas.

Yes!  Finally.  Well, your solution wasn't quite right, but your
identification of the PROBLEM was right on.  The problem was being caused by
the extraneous output generated by pgp on STDERR, even with +force and
+batchmode turned on.  I finally fixed the problem by putting a 2>/dev/null
into the pgp command to send all that STDERR noise down the toilet.

I can't sign the message because, when I include the -s option, pgp needs my
a pass-phrase, which I don't want to put on the command line in clear text.
So, I am just sending the messages unsigned, unless you can think of a way
around this problem. :-)

Anyway, thanks for the help.  I am including the working code below in case
someone finds it useful.  There are a lot of questions on the message boards
and mailing lists about how to get this done.

<script language="php">

/* set up some strings */
$pgppath = "/usr/home/myhome/.pgp";
$ruid = "Recipient Name <recip@isp.com>";
$suid = "Sender Name <sender@isp.com>";
$to = "recip@isp.com";
$subject = "Seekwit Message";
$from = "me@isp.com";
$msg = "This is a vewy, vewy seekwit message.";

putenv("PGPPATH=$pgppath");

/*
 * the following code snippets work fine as long as the 2>/dev/null is in
there to send the extraneous output
 * that PGP generates on STDERR into the bit bucket
*/

/*
 * I think the following is the most secure way to do it because it doesn't
include the clear text message
 * in the command line, so it should be invisible to people running, for
example, ps -auxxx
 */
$cmd = "/usr/local/bin/pgp -feat +force +batchmode '$ruid' -u '$suid'
2>/dev/null | /usr/bin/mail -s '$subject' $to";
$pp = popen($cmd, "w");
fputs($pp, $msg);
pclose($pp);

/* this one  does a straight echo | pgp | mail */
$cmd = "echo '$msg' | /usr/local/bin/pgp -feat +force +batchmode '$ruid' -u
'$suid' 2>/dev/null | /usr/bin/mail -s '$subject' $to";
`$cmd`;

/* this one does an echo | pg, captures the stdout using backtick, and mails
it using php mail */
$cmd = "echo '$msg' | /usr/local/bin/pgp -feat +force +batchmode '$ruid' -u
'$suid' 2>/dev/null";
$encrypted = `$cmd`;
$encrypted = "From: $from\n\n" . $encrypted;
mail($to, $subject, "", "$encrypted");

</script>


----- Original Message -----
From: "Thomas R. Hall" <trhall@pobox.com>
To: "Kurt Bertone" <kurt@cogroupinc.com>
Cc: <gnupg-users@gnupg.org>
Sent: Friday, August 24, 2001 7:05 PM
Subject: Re: GNUPG and PGP with PHP


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kurt,

The PGP question is a bit off-topic, but here's a question for you.  What
version of PGP are you using?  Also, you may want to try to add the
following to your PGP command:

+force +batchmode

We have an automated system that encrypts/decrypts files, and those two
flags keep the system from outputting any additional messages or
prompting, which is probably why it's causing you problems.  PGP is
"noisy" by default.

Also, you aren't signing the output.  Don't you want -feast?

Here's what your modified line should look like:

pgp -feast +force +batchmode '$uid' |
        ^  ^^^^^^ ^^^^^^^^^^

We usually specify the +force and +batchmode at the end, but since you are
using it as a UNIX-style filter, I think it's probably okay.

Hope that helps.

- --
Thomas R. Hall <trhall@pobox.com> http://www.trhall.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Public Keys: http://www.trhall.org/pgp/

iD8DBQE7ht2yB5DJA0Q66C0RAuxlAKDngxlQ6aGwAUV0t2Ct2ANCoWVnJgCgv801
c/AqOEKihF/EvRn9/KvN4iE=
=OjpC
-----END PGP SIGNATURE-----


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users