Automated Decryption. Not JAVA PHP =)
Gold
gold@magick.com.au
Thu Nov 22 01:21:01 2001
bernardino lopez wrote:
>I'm working in get it done with PHP !!!.
>
Done it... :)
>
>This is what I have so far 3 files required :
>
>secret.txt.asc = File with Encryption
>demo.txt = Output File in TXT
>password = File with the GPG Key.
>
>[blopez@mylinux7 gpg]$
>
>With only 1 command line:
>
>gpg --decrypt --passphrase-fd 0 -o demo.txt
>secret.txt.asc < password
>
Are you using backticks to execute the command?
This is what I have;
$gpg_command = "$gpg --batch --no-tty --passphrase-fd 0";
$gpg_command .= " --no-secmem-warning --decrypt /tmp/$files.enc.gold";
$gpg_command .= " > /tmp/$files.txt 2> /tmp/$files.result";
$pp = popen($gpg_command, "w");
fputs($pp, $password);
pclose($pp);
umask(0111);
$message_decrypted = `cat /tmp/$files.txt`;
$decoderesult = `cat /tmp/$files.result'
$gpg is the call we use to a wrapper program. This takes a username and
anything after that is passed to gpg. This allows us to call gpg as any
user.
$gpg_command has been split up for better readability for those with
small screens.
$file was created earlier with the users uid and a datastamp.
$message_decrypted is kinda obvious.
$decoderesult is the gpg response. This can be checked for a good/bad
signature on encrypted and signed messages.
/tmp/$files.enc.gold is the encrypted message.
Pros:
Pass phrase is never written to disk.
It works...
Cons:
Some of the files written to /tmp by gpg are owned by the user calling
them. This means apache can not unlink() them from php. With them
being uniquly named and living in the /tmp dir they are regularly
cleaned up so it's not a biggie...
Regards,
Gold.