Apparently, even though I thought I was generating keys that did not have a password, gnupg still expected a password for them (which the gnupg extension no longer supports). I regenerated a new keypair using Kleopatra on Windows and bypassed all the "no passphrase" warnings and I was able to successfully sign/encrypt with those keys.
So, the bottom line is be very sure that your key does not have a passphrase.
I am attempting to sign a message using PHP's gnupg extension. I have the environment setup correctly, and I can successfully import the key, and adding it using gnupg_addsignkey is successful (returns true).
When I attempt to sign the message using gnupg_sign($res, "my message"), I get the following error and gnupg_sign returns false:
gnupg_sign(): data signing failed
I can't seem to find any way to get more verbose information to figure out why it's failing.
I've tried the procedural methods, as well as the OO methods, and get the same result. The permission are all correct on the server.
Here's the OO code I've used:
# /tmp/.gnupg is there (but empty if that helps figure out the problem)
putenv("GNUPGHOME=/tmp/.gnupg");
$gpg = new gnupg();
$gpg->seterrormode(GNUPG_ERROR_WARNING);
$ascii = file_get_contents('/etc/my.key'); // Yes, this reads successfully
$start = strpos($ascii, '-----BEGIN PGP PRIVATE KEY BLOCK-----');
$end = strpos($ascii, '-----END PGP PRIVATE KEY BLOCK-----')+34;
$key = substr($ascii, $start, ($end-$start));
$info = $gpg->import($key); // Fingerprint is there and everything seems OK
$gpg->addsignkey($info['fingerprint']);
$signed = $gpg->sign("test!"); // fails with any string I try
$signed is false, and I get the PHP warning gnupg::sign(): data signing failed
Is your private key password protected?
According to pecl/gnupg documentation you cannot pass a plaintext password for gnupg ≥ version 2.
So all you can do is use a private key that has no password set, I guess.
IMO pecl/gnupg errors are quite misleading.