Decryption problems using php

Philipp Schafft lion at lion.leolix.org
Tue Jun 5 12:09:22 CEST 2012


reflum,

On Tue, 2012-06-05 at 10:20 +0530, Amol Patil wrote:
> Currenlty I am having problem with the decryption of the file my code
> is like this 
> 
>     echo shell_exec("echo $passphrase | $gpg --passphrase-fd 0 -o
> $unencrypted_file -d $encrypted_file"); 

If you do this the passphrase can be shown by any user on the system
(for example using the ps(1) command). The window for this is small yet
this adds an attack vector. This attack becomes more easy as you may
trigger it via your web application (don't know what kind of
webapplication this is so just gussing here).

Also if you store the passphrase in your scripts it is plain on your FS.
Anyone with FS access can read it. This also includes explits in your
and other software running on your webserver. Even worse: of your
webserver's config is broken at some point it may handle your files as
plain text or something and allowing remote users to just read your
passphrase with a web browser.

I suggest you to drop the passphrase from the key as it does not add any
security in this case but makes stuff like this more complex.

You can actually improve the security by only storing the needed
subkey(s) on your server and have the primary key protected off-side
(for example on your work/devel system). If you need only decrypting
on-side this will perfectly protect you from attacks doing signatures or
certificates (sigs on other keys) or changing the key's crypto material
or options. So if there was a successfull attack somewhere in the future
you can just revoke this subkey and add a new one so your clients can
update using normal keyservers/... without needing to pass fingerprints
around again.

Hope I was of at least some help :)


PS: another attack which is fully off-topic to this list is injecting
something in $unencrypted_file or $encrypted_file. You need to fully
trust the content of those vars.

-- 
Philipp.
 (Rah of PH2)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20120605/4fb5eae0/attachment.pgp>


More information about the Gnupg-users mailing list