Blank encrypted messages

Matthew Reeve
Wed Apr 30 09:24:02 2003

> Does the variable "$msg" exist in the subshell? If it's not=20
> defined the=20
> you would be just echoing nothing into the left-hand side of the pipe.

It's an interesting thought - I rewrote the script to look like this, =
addressing Adam's concerns about the security of echoing $msg.

The file called $plainTxt is created and contains the correct data. The =
called $crypted is also created and contains a PGP message. However,
decrypting the contents of $crypted gives an empty string.

The 'echo' shows the encryption command is the following.

/usr/bin/gpg --encrypt -v -ao
/var/www/tempFiles/1195e9ed7ad15a57907ff4b87bc4653aoutput --always-trust =
-r /var/www/tempFiles/1195e9ed7ad15a57907ff4b87bc4653adata

If I copy and paste the encryption command into a shell running as the
apache user (instead of calling it from PHP), an encrypted file is =
containing a PGP message which contains the correct data when decrypted.

Is there any way to see what is going on with gpg while it's running?=20

function _encrypt($msg)=20
	$oldhome =3D getEnv("HOME");=20

	$tmpToken =3D md5(uniqid(rand()));
	$plainTxt =3D "/var/www/tempFiles/" . $tmpToken . "data";
	$crypted =3D "/var/www/tempFiles/" . $tmpToken . "output";
	$fp =3D fopen($plainTxt, "w+");
	fputs($fp, $msg);

	echo "/usr/bin/gpg --encrypt -v -ao $crypted --always-trust -r $plainTxt";
	passthru("/usr/bin/gpg --encrypt -v -ao $crypted --always-trust -r $plainTxt");

	$fd =3D fopen($crypted, "r");
	$message =3D fread($fd, filesize($crypted));

	return $message;

Thanks for the help!

Matthew Reeve