Automated Decryption. Not JAVA PHP =)

Thu Nov 22 01:21:01 2001

bernardino lopez wrote:

>I'm working in get it done with PHP !!!.

Done it...  :)

>This is what I have so far 3 files required :
>secret.txt.asc	= File with Encryption
>demo.txt	= Output File in TXT
>password	= File with the GPG Key.
>[blopez@mylinux7 gpg]$
>With only 1 command line:
>gpg --decrypt --passphrase-fd 0 -o demo.txt
>secret.txt.asc < password

Are you using backticks to execute the command?

This is what I have;

  $gpg_command = "$gpg --batch --no-tty --passphrase-fd 0";
  $gpg_command .= " --no-secmem-warning --decrypt /tmp/$";
  $gpg_command .= " > /tmp/$files.txt 2> /tmp/$files.result";
  $pp = popen($gpg_command, "w");
  fputs($pp, $password);
  $message_decrypted = `cat /tmp/$files.txt`;
  $decoderesult = `cat /tmp/$files.result'

$gpg is the call we use to a wrapper program.  This takes a username and 
anything after that is passed to gpg.  This allows us to call gpg as any 
$gpg_command has been split up for better readability for those with 
small screens.
$file was created earlier with the users uid and a datastamp.
$message_decrypted is kinda obvious.
$decoderesult is the gpg response.  This can be checked for a good/bad 
signature on encrypted and signed messages.
/tmp/$ is the encrypted message.

Pass phrase is never written to disk.
It works...

Some of the files written to /tmp by gpg are owned by the user calling 
them.  This means apache can not unlink() them from php.  With them 
being uniquly named and living in the /tmp dir they are regularly 
cleaned up so it's not a biggie...