Gnupg from a script

Peter Gillett peter@tallwomensclothing.com
Sun Sep 1 01:41:02 2002


This is a multi-part message in MIME format.

------=_NextPart_000_000B_01C2519B.E42361E0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_001_000C_01C2519B.E42361E0"


------=_NextPart_001_000C_01C2519B.E42361E0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit


From: gnupg-users-admin@gnupg.org [mailto:gnupg-users-admin@gnupg.org]On
Behalf Of Mark Empson
Sent: Saturday, 31 August 2002 20:07
To: gnupg-users@gnupg.org
Subject: Gnupg from a script


  Hello
  I am having difficulty running gpg from a script. I have tried PHP and
Perl. I can run gpg quite happily from telnet, but I get errors such as :
secring.gpg: can't create keyring: Permission denied
  when I call gpg from a script. I have set --home-dir to the correct
directory. (tested under telnet)
  Any clues??
Hello Mark,



I use the following perl script to encrypt orders using GPG, then have them
emailed to me. It has been modified to use gpg rather than pgp. It is used
in W2K / IIS, but will work fine with unix/linux/appache if you make the
paths unixy.

I found to make this script work, gpg needs pubring.gpg in the --home-dir
(this can be read only), and if secring.gpg does not exist in
the --home-dir, then gpg will create one with a length of 0 bytes. To do
this, it needs write permission in the --home-dir. But if you create a
sevring.gpg (of zero bytes length) via the command line, and copy this to
the --home-dir, the you can set its permissions to read only.

In this script, gpg also need read/write access to trustdb.gpg and
random_seed in the --home-dir.



hope this helps,
cheers
Peter Gillett
www.tallwomensclothing.com







------=_NextPart_001_000C_01C2519B.E42361E0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT face=3DTahoma size=3D2><BR><B>From:</B> =
gnupg-users-admin@gnupg.org=20
[mailto:gnupg-users-admin@gnupg.org]<B>On Behalf Of </B>Mark=20
Empson<BR><B>Sent:</B> Saturday, 31 August 2002 20:07<BR><B>To:</B>=20
gnupg-users@gnupg.org<BR><B>Subject:</B> Gnupg from a=20
script<BR><BR></FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px =
solid; MARGIN-RIGHT: 0px">
  <DIV><FONT face=3DArial size=3D2><SPAN=20
  class=3D799360210-31082002>Hello</SPAN></FONT></DIV>
  <DIV><FONT face=3DArial size=3D2><SPAN class=3D799360210-31082002>I am =
having=20
  difficulty running gpg from a script. I have tried PHP and Perl. I can =
run gpg=20
  quite happily from telnet, but I get errors such as : secring.gpg: =
can't=20
  create keyring: Permission denied</SPAN></FONT></DIV>
  <DIV><FONT face=3DArial size=3D2><SPAN class=3D799360210-31082002>when =
I call gpg=20
  from a script. I have set --home-dir to the correct directory. (tested =
under=20
  telnet)</SPAN></FONT></DIV>
  <DIV><FONT face=3DArial size=3D2><SPAN class=3D799360210-31082002>Any=20
  clues??</SPAN></FONT></DIV></BLOCKQUOTE>
<P dir=3Dltr><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D610371523-31082002>Hello Mark,</SPAN></FONT></P>
<P dir=3Dltr><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D610371523-31082002></SPAN></FONT>&nbsp;</P>
<P dir=3Dltr><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D610371523-31082002>I use the following perl script to encrypt=20
orders&nbsp;using GPG, then have them&nbsp;emailed to me. It has been =
modified=20
to use gpg rather than pgp. It is used in W2K / IIS, but will work fine =
with=20
unix/linux/appache if you make the paths unixy.</SPAN></FONT></P>
<P dir=3Dltr><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D610371523-31082002>I found to make this script work,&nbsp;gpg =
needs=20
pubring.gpg in the --home-dir (this can be read only), and if =
secring.gpg does=20
not exist in the --home-dir, then gpg will create one with a length of 0 =
bytes.=20
To do this, it needs write permission in the --home-dir. But if you =
create a=20
sevring.gpg (of zero bytes length) via the command line, and copy this =
to the=20
--home-dir, the you can set its permissions to read =
only.</SPAN></FONT></P>
<P dir=3Dltr><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D610371523-31082002>In this script, gpg also need read/write =
access to=20
trustdb.gpg and random_seed in the --home-dir.</SPAN></FONT></P>
<P dir=3Dltr><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D610371523-31082002></SPAN></FONT>&nbsp;</P>
<P dir=3Dltr><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D610371523-31082002>hope this helps,<BR></SPAN></FONT><FONT =
face=3DArial=20
color=3D#0000ff size=3D2><SPAN =
class=3D610371523-31082002>cheers<BR>Peter=20
Gillett<BR><A=20
href=3D"http://www.tallwomensclothing.com">www.tallwomensclothing.com</A>=
<BR></P></SPAN></FONT>
<P dir=3Dltr><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D610371523-31082002>&nbsp;</P></SPAN></FONT>
<P dir=3Dltr><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D610371523-31082002></SPAN></FONT>&nbsp;</P></BODY></HTML>

------=_NextPart_001_000C_01C2519B.E42361E0--

------=_NextPart_000_000B_01C2519B.E42361E0
Content-Type: application/octet-stream;
	name="pgp-lib.pl"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="pgp-lib.pl"

############################################################
#                       PGP-LIB.PL
#
# Summary: PGP stands for Pretty Good Privacy and it
#  is a utility on the internet that allows you to encrypt
#  and decrypt files.  This library interfaces with this
#  3rd party encryption program
#
# This script was written by Gunther Birznieks.
# Date Created: 11-5-96
# Date Last Modified: 11-25-96
#
#           Modified again 7th August 2002 by Peter Gillett
#        (peter@tallwomensclothing.com) to use gpg.exe V 1.1.91=20
#        for windows - see http://www.gnupg.org/
#
# Copyright:
#
#     You may use this code according to the terms specified in
#     the "Artistic License" included with this distribution.  The =
license
#     can be found in the "Documentation" subdirectory as a file named
#     README.LICENSE. If for some reason the license is not included, =
you
#     may also find it at www.extropia.com.
#
#     Though you are not obligated to do so, please let us know if you
#     have successfully installed this application.  Not only do we
#     appreciate seeing the wonderful things you've done with it, but we
#     will then be able to contact you in the case of bug reports or
#     security announcements.  To register yourself, simply send an
#     email to register@extropia.com.
#
#    Finally, if you have done some cool modifications to the scripts,
#    please consider submitting your code back to the public domain and
#    getting some community recognition by submitting your modifications
#    to the Extropia Cool Hacks page.  To do so, send email to
#    hacks@extropia.com
#
# Purpose: Provides a set of library routines to interface with
#   PGP to create an encrypted buffer
#
# MAIN PROCEDURE:
#  make_pgp_file - makes a PGP encrypted file and sends its
#                  contents back to the user
#
# Special Notes: Script ties into the PGP executable whose
#  location is specified in the variables below.
#=20
# VARIABLES:
#  $pgp_path =3D path to PGP executable
#  $pgp_options =3D command line options to the PGP program
#  $pgp_public_key_user_id =3D which key to use for encrypting
#  $pgp_config_files =3D path where configuration files are located=20
#
############################################################



$pgp_path =3D "e:\\InetPub\\svc327\\cgi-bin\\web_store\\gpg.exe";



# Command line options are the following:
#
#  --homedir e:\\inetpub\\svc327\\tmp\\gpg2 ........... where to=20
#  look for the files pubring.gpg, secring.gpg (these 2 can be read =
only)
#  trustdb.gpg and random_seed (these 2 need to be read / write)
#
#  --batch uses batch mode, never asks any questions and does not=20
#  allow any interactive commands
#
# --no-version removes the "Version: GnuPG v1.1.91 (MingW32)"=20
# from within the PGP encrypted message
#
# --always-trust skips key validation
#
# --no-tty this makes sure the TTY (terminal) is never used for output
#
# -ear my_email_address are options  -e says encrypt data, a says=20
# create ASCII armoured output, and r my_email_address=20
# says to encrypt using the user id my_email_address


$pgp_options =3D "--homedir e:\\inetpub\\svc327\\tmp\\gpg2 --batch =
--no-version --no-tty --always-trust -ear";

$pgp_public_key_user_id =3D "fred\@businessshirts.com.au";



############################################################
#
# subroutine: make_pgp_file
#   Usage:
#     &make_pgp_file($output_text, $output_file);
#=20
#   Parameters:
#     $output_text =3D unencrypted text that you want to scramble
#     $output_file =3D name of a file that you will use to
#                    temporarily create the encryption. It
#                    will be removed after it is created
#                    and its contents are assigned to a buffer.
#
#   Output:
#     $pgp_output =3D the encrypted text that was stored in
#          the $output_file results of running PGP
############################################################


sub make_pgp_file {
  local($output_text, $output_file) =3D @_; =20
  local($pgp_output);


# Set the PGPPATH environment to tell
# PGP *not* to go to the Web Server User's
# home directory by default to look for key
# files and public keys
#

  $ENV{"PGPPATH"} =3D $pgp_config_files;

# Generate the command that needs to be used
# to execute PGP. This consists of the PGP=20
# executable followed by command line options
# which is followed by the user id which you
# want to use a public key for and then output
# the encrypted results to an output file.
#

  $pgp_command =3D  "$pgp_path $pgp_options ";
  $pgp_command .=3D "$pgp_public_key_user_id ";
  $pgp_command .=3D ">$output_file";


# The command is opened using the special
# file open PIPE command which EXECUTES the
# command and then allows PERL to print to
# it as input for the command.
#
# The path manipulation is to satisfy taint mode
#=20
=20

    local($old_path) =3D $ENV{"PATH"};
    $ENV{"PATH"} =3D "";

    open (PGPCOMMAND, "|$pgp_command");

    $ENV{"PATH"} =3D $old_path;


# The text you want to encrypt is sent to
# the command.


  print PGPCOMMAND $output_text;
  close (PGPCOMMAND);


# The resulting output file is opened,
# read into $pgp_output and closed.
#

  open(PGPOUTPUT, $output_file);
  while (<PGPOUTPUT>)=20
  {
    $pgp_output .=3D $_;
  }=20
  close (PGPOUTPUT);


# we remove the temporary file

  unlink($output_file);



# we return PGP output

  return($pgp_output);



} # End of make_pgp_file



# We always return TRUE from requiring
# a library file (1;)

1;


------=_NextPart_000_000B_01C2519B.E42361E0--