Works from the command line, but I can't get it to work with
PHP
Ralf Döring
rdoering@netsys-it.de
Thu Aug 21 11:59:13 2003
"Adam Cadieux" <acadieux@pcguardian.com> writes:
> Thanks Ralf for your advice. I think I need to get my gpg correct before I
> try to integrate it into PHP code.
>
> So I wrote the following command, but it doesn't seem to be working. I get
> the feeling that I am missing something basic.
>
> echo 1234 | gpg -o encrypted.gpg --symmetric --passphrase-fd 0 < pass.txt
Yes, you miss something basic about pipes and redirection. If you feed
input to a program via a pipe, this program reads this input via its
stdin-filedescriptor. This is fd 0 in most cases. So you can't simply
feed the passphrase via the same fd, as you do above. To mimic the
desired behaviour at a shell-prompt, try this (works with bash, maybe
also with all POSIX shells?):
The passphrase in our example should be "secret", we store it in
"pass" (And kids: Don't try this at home. *Never* store a sensible
passphrase in a file. *Never*. It's only to illustrate the example.)
Then we open this file as fd 5 and feed this fd to gpg.
ralf@argus:tmp$ echo "secret" > /tmp/pass
ralf@argus:tmp$ echo 1234|gpg -c -o t.gpg --passphrase-fd 5 5<pass
The point of interrest here is the (ba)sh construct "5<pass", which
opens the file pass as fd 5 for reading.
> What I am really trying to do is something like this
>
> echo $data | gpg -o encrypted_file.gpg --symmetric --passphrase-fd
> $password
As a simple way, (which could have some race conditions in its
simplicity , but should work in almost all cases) you can use two
pipes: one as stdin for gpg to read the data to encrypt, one to pass
as the passphrase-fd to gpg. As a C-Programmer you could use the
typical pipe/fork or pipe/popen combination to achieve this, but I'm
not really sure how to do this in PHP. Maybe PHPs proc_open would be
the right choice here. Simply open the pipes, start gpg and write the
passphrase to the "passphrase-pipe". Don't forget a terminating
newline. Start feeding the data to be encrypted via the "data-pipe".
HTH,
Ralf