Blank encrypted messages

Matthew Reeve matt@rangie.com
Wed Apr 30 09:24:02 2003


> Does the variable "$msg" exist in the subshell? If it's not=20
> defined the=20
> you would be just echoing nothing into the left-hand side of the pipe.

It's an interesting thought - I rewrote the script to look like this, =
also
addressing Adam's concerns about the security of echoing $msg.

The file called $plainTxt is created and contains the correct data. The =
file
called $crypted is also created and contains a PGP message. However,
decrypting the contents of $crypted gives an empty string.

The 'echo' shows the encryption command is the following.

/usr/bin/gpg --encrypt -v -ao
/var/www/tempFiles/1195e9ed7ad15a57907ff4b87bc4653aoutput --always-trust =
-r
matt@rangie.com /var/www/tempFiles/1195e9ed7ad15a57907ff4b87bc4653adata


If I copy and paste the encryption command into a shell running as the
apache user (instead of calling it from PHP), an encrypted file is =
created
containing a PGP message which contains the correct data when decrypted.

Is there any way to see what is going on with gpg while it's running?=20

*********
function _encrypt($msg)=20
{=20
	$oldhome =3D getEnv("HOME");=20
	putenv("HOME=3D/var/www");=20

	$tmpToken =3D md5(uniqid(rand()));
	$plainTxt =3D "/var/www/tempFiles/" . $tmpToken . "data";
	$crypted =3D "/var/www/tempFiles/" . $tmpToken . "output";
	$fp =3D fopen($plainTxt, "w+");
	fputs($fp, $msg);

	echo "/usr/bin/gpg --encrypt -v -ao $crypted --always-trust -r
matt@rangie.com $plainTxt";
	passthru("/usr/bin/gpg --encrypt -v -ao $crypted --always-trust -r
matt@rangie.com $plainTxt");
	putenv("HOME=3D$oldhome");=20

	$fd =3D fopen($crypted, "r");
	$message =3D fread($fd, filesize($crypted));
	fclose($fd);

	return $message;
}=20
***************

Thanks for the help!

Matthew Reeve