Works from the command line, but I can't get it to work with PHP

Ralf Döring
Thu Aug 21 11:59:13 2003

"Adam Cadieux" <> writes:

> Thanks Ralf for your advice. I think I need to get my gpg correct before I
> try to integrate it into PHP code.
> So I wrote the following command, but it doesn't seem to be working. I get
> the feeling that I am missing something basic.
> echo 1234 | gpg -o encrypted.gpg --symmetric --passphrase-fd 0 < pass.txt

Yes, you miss something basic about pipes and redirection. If you feed
input to a program via a pipe, this program reads this input via its
stdin-filedescriptor. This is fd 0 in most cases. So you can't simply
feed the passphrase via the same fd, as you do above.  To mimic the
desired behaviour at a shell-prompt, try this (works with bash, maybe
also with all POSIX shells?):
The passphrase in our example should be "secret", we store it in
"pass" (And kids: Don't try this at home. *Never* store a sensible
passphrase in a file. *Never*. It's only to illustrate the example.)
Then we open this file as fd 5 and feed this fd to gpg.

ralf@argus:tmp$ echo "secret" > /tmp/pass
ralf@argus:tmp$ echo 1234|gpg -c -o t.gpg --passphrase-fd 5 5<pass

The point of interrest here is the (ba)sh construct "5<pass", which
opens the file pass as fd 5 for reading.

> What I am really trying to do is something like this
> echo $data | gpg -o encrypted_file.gpg --symmetric --passphrase-fd
> $password

As a simple way, (which could have some race conditions in its
simplicity , but should work in almost all cases) you can use two
pipes: one as stdin for gpg to read the data to encrypt, one to pass
as the passphrase-fd to gpg.  As a C-Programmer you could use the
typical pipe/fork or pipe/popen combination to achieve this, but I'm
not really sure how to do this in PHP. Maybe PHPs proc_open would be
the right choice here.  Simply open the pipes, start gpg and write the
passphrase to the "passphrase-pipe". Don't forget a terminating
newline. Start feeding the data to be encrypted via the "data-pipe".