NYCPHP Meetup

[nycphp-talk] cookbook: gpg

Rolan rolan at datawhorehouse.com
Mon Aug 11 13:41:13 EDT 2003


This is what I've been using for a while. It's probably dirty and unorthodox
but since I am the only user on the system, I'm not that worried about other
users snooping on the /tmp dir.

Feel free to clean this up, anyone...

~Rolan

<?
function gpgdecrypt($data) {
        $pgp="/usr/local/bin/gpg"; # change to location of your gpg
        $username="login of gpg key owner";
        srand((double)microtime()*1000000);
        $unique_str = md5(rand(0,9999999));
        $file="/tmp/".$unique_str;
        $fp=fopen($file,"w");
        fputs($fp,$data);
        fclose($fp);
        $command = "$pgp -quiet --no-secmem-warning -d $file";
        $oldhome = getEnv("HOME");
        putenv("HOME=/home/$username");
        $result = exec($command, $decrypted, $errorcode);
        unlink($file);
        putenv("HOME=$oldhome");
        $message = implode("\n", $decrypted);
        return ($message);
}
?>

function gpgencrypt($data) {
        $username = "owner of pgp private key";
        $publicuser = "owner of pgp public key";
        $pgp="/usr/local/bin/gpg";  # change to location of your gpg
        srand((double)microtime()*1000000);
        $unique_str = md5(rand(0,9999999));
        $file="/tmp/".$unique_str;
        $fp=fopen($file,"w");
        fputs($fp,$data);
        fclose($fp);
        $command = "cat $file | $pgp --always-trust --batch 
--no-secmem-warning -e -r $publicuser --output $file"."b";
        $oldhome = getEnv("HOME");
        putenv("HOME=/home/$username");
        $result = exec($command, $encrypted, $errorcode);
        $fp=fopen("$file"."b","r");
        $message=fread($fp,9999999);
        fclose($fp);
        unlink($file);
        unlink($file."b");
        putenv("HOME=$oldhome");
        return ($message);
}



David Mintz wrote:

>On Mon, 11 Aug 2003, David Sklar wrote:
>
>  
>
>>gpg has to run as a user that has access to your secret key ring.
>>
>>Doing gpg encryption with a passphrase-protected key on a shared server has
>>many risks: can anyone else on the server (through misadministration or a
>>hole in pages on your site) alter any of your cgi-wrapped scripts and do
>>their own encryption/decryption/steal your key? Separately, putting your
>>passphrase in a file readable by other users is no better than just having a
>>passphraseless key.
>>
>>What are you trying to encrypt?
>>    
>>
>
>
>Last question first: credit card information, which will then be emailed
>and/or written to a database.
>
>As for the first question, well... maybe I'm confused. When I run the
>snippet
>
>
>$encrypted = shell_exec( "echo 'secret stuff'|/usr/bin/gpg
>--no-secmem-warning --homedir /my/.gnupg -ear recipient at example.com");
>
>from the command line or as a wrapped script, it does not require a
>passphrase in order to encrypt. Since gpg needs the user's secret key in
>order to encrypt and sign, a copy of that secret key has to live on the
>server -- is there any way around that? The permissions are as restrictive
>as possible and I guess the key is as safe/vulnerable as anything else in
>the house that's similarly chmoded.
>
>The private key for decrypting is not going to be anywhere near the
>server, nor will my secret key passphrase.
>
>So how, if at all, does one safely gpg-encrypt on a shared server?
>
>Thanks,
>
>---
>David Mintz
>http://davidmintz.org/
>Email: See http://dmintzweb.com/whitelist.php first!
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk
>
>  
>




More information about the talk mailing list