Page 1 of 1

PLEASE SOME HELP WITH GNUPG

Posted: Mon Feb 09, 2004 2:39 pm
by vasilis
I have finished setting up a web database-driven site with php and mysql. THe only thing that is left to finish is the pgp encryption part to which I am stuck now for some days without being able to make it work. Anyway, I am testing the site on the final server, and I have created a temporary pgp key-pair through a "Manage OpenPGP Keys" utility of the server in order to test the pgp encryption (if this is of any help, the server has a cPanelX utilities page through which the site administrator can do certain things). So, after I have generated a keypair, when I click on this utility I see a page which gives me the name of the Public and Private key which are the same, say the format is like '4239879 username <my email address>' (not exactly the same, but similar to that). This name is created from the data I feed the utility when I generate a key pair.
The characteristics of the server are:
Operating system Linux
Kernel version 2.4.23-ow2
Apache version 1.3.29 (Unix)
Path to sendmail /usr/sbin/sendmail
PHP version 4.3.4
MySQL version 4.0.15-standard
cPanel Build 8.5.3-STABLE 3

I give you some paths from the server:
gpg path: /usr/bin
$keyring_location: /home/patrino/.gnupg

I have written a php script which just runs a gpg command to check if gpg is working (before I use pipes and the rest stuff for the real code).

Code: Select all

<?php
$public_key_id='4239879 username <my email address>';
$gpg="/usr/bin";
$keyring_location="/home/patrino/.gnupg";
$key_id = EscapeShellArg($public_key_id);
$infile="/home/testing/public_html/viotopos/product_images/uncoded.txt";
$outfile="/home/testing/public_html/viotopos/product_images/coded.txt";
$fp = fopen($infile, "w");
fwrite($fp, "check text to encrypt");
fclose($fp);
$command = "$gpg/gpg --output $outfile --recipient $key_id --armor --encrypt $infile";
$command_return=system($command, $result);
$fp = fopen($outfile, "r");
$encrypted_text= fread ($fp, filesize ($outfile));
echo "<br>\$encrypted_text=" . $encrypted_text;
?>
I know that the above code is insecure but I am using it just for checking the gpg functionality.
I get the "/home/testing/public_html/viotopos/product_images/uncoded.txt" file created, but no output file ($outfile) is produced. I get a status return from the '$result' variable equal to 1 or 2 (changes with slight modification of the syntax of the gpg command). I know for sure that the gpg executable is in the path i am using (e.g. the "gpg --help" command works in combination with the above code, since I get the online gpg help on my screen). I also noticed that there is a .gnupg dir in my testing directory which is a different directory from the one referred above (i.e. $keyring_location: /home/patrino/.gnupg). I have tried every possible combination of the gpg command syntax (using also parts of the key id, as the gnupg manual in the GnuPg Privacy Guard http://www.gnupg.org refers).
I have really got frustrated.
1)I wonder if the above command can utilize the public key that I generated with the server utility, or should I setup my own gnupg executable on this server? And if yes, how could I do it?

2) Is there any need to use "--homedir" options since my keypair is supposed to be in the server's keyring (i.e. ="/home/patrino/.gnupg") and it has been produced with the server's utility?

3) Is there anybody in the board that has any experience with the "Manage OpenPGP Keys" utility?
I really appreciate any help