GNUPG and/or PGP with PHP

CO Group Support CO Group Support" <support@cogroupinc.com
Fri Aug 24 17:06:01 2001 

This is a multi-part message in MIME format.

------=_NextPart_000_0273_01C12C8C.12108280
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Hi all.  I am writing a PHP program that generates PGP-encrypted email
messages by calling either GNUPG or PGP from within the PHP script.  It
works perfectly with GNUPG and almost-perfectly with PGP.  I am posting both
the GNUPG and PGP code snippets to this list in hopes that (1) someone wil
find them useful and (2) someone will tell me why the PGP version of the
code takes an Apache error when the script terminates.

Regards.

Kurt Bertone

Note: I am running my PHP script through a program called php-cgiwrap which
makes the PHP script execute as me on the server rather than as "nobody".  I
can't let the script execute as "nobody" because "nobody" doesn't have
permission to run PGP, but I do.

/**************************************************************************/
The following GNUPG code works perfectly - no problems at all.

<script language="php">

/* set up some strings */
$pgppath = "/usr/home/myhome/.pgp";
$uid = "Recipient Name <recip@isp.com>";
$to = "recip@isp.com";
$subject = "Seekwit Message";
$from = "me@isp.com";
$msg = "This is a vewy, vewy seekwit message.";

putenv("GNUPGHOME=$gnupghome");

/* following works perfectly */
$cmd = "/usr/local/bin/gpg --textmode --always-trust ";
$cmd .= "--armor --batch --no-secmem-warning --homedir '$gnupghome' ";
$cmd .= "--compress-algo 1 --cipher-algo cast5 --recipient '$uid' --encrypt
";
$cmd .= "| /usr/bin/mail -s '$subject' $to";
$pp = popen($cmd, "w");
fputs($pp, $msg);
pclose($pp);

/* following works perfectly */
$cmd = "echo '$msg' | /usr/local/bin/gpg --textmode --always-trust ";
$cmd .= "--armor --batch --no-secmem-warning --homedir '$gnupghome' ";
$cmd .= "--compress-algo 1 --cipher-algo cast5 --recipient '$uid' --encrypt
";
$cmd .= "| /usr/bin/mail -s '$subject' $to";
`$cmd`;

/* following works perfectly */
$cmd = "echo '$msg' | /usr/local/bin/gpg --textmode --always-trust ";
$cmd .= "--armor --batch --no-secmem-warning --homedir '$gnupghome' ";
$cmd .= "--compress-algo 1 --cipher-algo cast5 --recipient
'$uid' --encrypt";
$encrypted = `$cmd`;
$encrypted = "From: $from\n\n" . $encrypted;
mail($to, $subject, "", $encrypted);

</script>


/**************************************************************************/
Here are some code snippets where the PGP works fine, but Apache complains:

<script language="php">

/* set up some strings */
$pgppath = "/usr/home/myhome/.pgp";
$uid = "Recipient Name <recip@isp.com>";
$to = "recip@isp.com";
$subject = "Seekwit Message";
$from = "me@isp.com";
$msg = "This is a vewy, vewy seekwit message.";

putenv("PGPPATH=$pgppath");

/* following works fine, except we get the Apache error */
$cmd = "/usr/local/bin/pgp -feat '$uid' | /usr/bin/mail -s '$subject' $to";
$pp = popen($cmd, "w");
fputs($pp, $msg);
pclose($pp);

/* following works fine, except we get the Apache error */
$cmd = "echo '$msg' | /usr/local/bin/pgp -feat '$uid' | /usr/bin/mail -s
'$subject' $to";
`$cmd`;

/* following works fine, except we get the Apache error */
$cmd = "echo '$msg' | /usr/local/bin/pgp -feat '$uid'";
$encrypted = `$cmd`;
$encrypted = "From: $from\n\n" . $encrypted;
mail($to, $subject, "", "$encrypted");

</script>


------=_NextPart_000_0273_01C12C8C.12108280
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4611.1300" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>
<DIV><FONT face=3DArial size=3D2>
<DIV><FONT face=3DArial size=3D2>Hi all.&nbsp; I am writing a PHP =
program that=20
generates PGP-encrypted email messages by calling either GNUPG or PGP =
from=20
within the PHP script.&nbsp; It works perfectly with GNUPG and =
almost-perfectly=20
with PGP.&nbsp; I am posting both the GNUPG and PGP code snippets to =
this list=20
in hopes that (1) someone wil find them useful and (2) someone will tell =
me why=20
the PGP version of the code takes an Apache error when the script=20
terminates.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV>Regards.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Kurt Bertone</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Note: I am running my PHP script =
through a program=20
called php-cgiwrap which makes the PHP script execute as me on the =
server rather=20
than as "nobody".&nbsp; I can't let the script execute as "nobody" =
because=20
"nobody" doesn't have permission to run PGP, but I do.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV>
<DIV>
<DIV><FONT face=3DArial=20
size=3D2>/***************************************************************=
***********/</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>The following GNUPG code works =
perfectly - no=20
problems at all.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>&lt;script =
language=3D"php"&gt;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>/* set up some strings */<BR>$pgppath =
=3D=20
"/usr/home/myhome/.pgp";<BR>$uid =3D "Recipient Name &lt;<A=20
href=3D"mailto:recip@isp.com">recip@isp.com</A>&gt;";<BR>$to =3D "<A=20
href=3D"mailto:recip@isp.com">recip@isp.com</A>";<BR>$subject =3D =
"Seekwit=20
Message";<BR>$from =3D "<A =
href=3D"mailto:me@isp.com">me@isp.com</A>";<BR>$msg =3D=20
"This is a vewy, vewy seekwit message.";</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial =
size=3D2>putenv("GNUPGHOME=3D$gnupghome");</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>/* following works perfectly */<BR>$cmd =
=3D=20
"/usr/local/bin/gpg --textmode --always-trust ";<BR>$cmd .=3D "--armor =
--batch=20
--no-secmem-warning --homedir '$gnupghome' ";<BR>$cmd .=3D =
"--compress-algo 1=20
--cipher-algo cast5 --recipient '$uid' --encrypt ";<BR>$cmd .=3D "| =
/usr/bin/mail=20
-s '$subject' $to";<BR>$pp =3D popen($cmd, "w");<BR>fputs($pp,=20
$msg);<BR>pclose($pp);</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>/* following works perfectly */<BR>$cmd =
=3D "echo=20
'$msg' | /usr/local/bin/gpg --textmode --always-trust ";<BR>$cmd .=3D =
"--armor=20
--batch --no-secmem-warning --homedir '$gnupghome' ";<BR>$cmd .=3D=20
"--compress-algo 1 --cipher-algo cast5 --recipient '$uid' --encrypt =
";<BR>$cmd=20
.=3D "| /usr/bin/mail -s '$subject' $to";<BR>`$cmd`;</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>/* following works perfectly */<BR>$cmd =
=3D "echo=20
'$msg' | /usr/local/bin/gpg --textmode --always-trust ";<BR>$cmd .=3D =
"--armor=20
--batch --no-secmem-warning --homedir '$gnupghome' ";<BR>$cmd .=3D=20
"--compress-algo 1 --cipher-algo cast5 --recipient '$uid'=20
--encrypt";<BR>$encrypted =3D `$cmd`;<BR>$encrypted =3D "From: =
$from\n\n" .=20
$encrypted;<BR>mail($to, $subject, "", $encrypted);</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>&lt;/script&gt; =
</FONT></DIV></DIV></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial=20
size=3D2>/***************************************************************=
***********/</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Here are some code snippets where the =
PGP works=20
fine, but Apache complains:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>&lt;script =
language=3D"php"&gt;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>/* set up some strings */<BR>$pgppath =
=3D=20
"/usr/home/myhome/.pgp";<BR>$uid =3D "Recipient Name &lt;<A=20
href=3D"mailto:recip@isp.com">recip@isp.com</A>&gt;";<BR>$to =3D "<A=20
href=3D"mailto:recip@isp.com">recip@isp.com</A>";<BR>$subject =3D =
"Seekwit=20
Message";<BR>$from =3D "<A =
href=3D"mailto:me@isp.com">me@isp.com</A>";<BR>$msg =3D=20
"This is a vewy, vewy seekwit message.";</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial =
size=3D2>putenv("PGPPATH=3D$pgppath");</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>/* following works fine, except we get =
the Apache=20
error */<BR>$cmd =3D "/usr/local/bin/pgp -feat '$uid' | /usr/bin/mail -s =

'$subject' $to";<BR>$pp =3D popen($cmd, "w");<BR>fputs($pp,=20
$msg);<BR>pclose($pp);</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>/* following works fine, except we get =
the Apache=20
error */<BR>$cmd =3D "echo '$msg' | /usr/local/bin/pgp -feat '$uid' |=20
/usr/bin/mail -s '$subject' $to";<BR>`$cmd`;</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>/* following works fine, except we get =
the Apache=20
error */<BR>$cmd =3D "echo '$msg' | /usr/local/bin/pgp -feat=20
'$uid'";<BR>$encrypted =3D `$cmd`;<BR>$encrypted =3D "From: $from\n\n" . =

$encrypted;<BR>mail($to, $subject, "", "$encrypted");</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>&lt;/script&gt;</FONT></DIV>
<DIV>&nbsp;</DIV></FONT></DIV></FONT></DIV></BODY></HTML>

------=_NextPart_000_0273_01C12C8C.12108280--