Search code examples
phpgnupg

Encrypt file using GPG with exec()

I'm trying to encrypt a file using GPG through exec(). The file I want to encrypt is created before running this command. 

$fesha = date("mdY");
$file_name = "FILE_$fesha.txt";
$myfile = fopen($file_name, "w");
//MySQL query
fwrite($myfile, $txt);
fclose($myfile);

$password = "*password*";
$commando = "gpg --encrypt --passphrase=\"$password\" --armor --batch --yes --trust-model always -r **email@public.key** \"$file_name\"";
echo  shell_exec($commando);
echo $commando;

I run the PHP script while watching the "output" folder, the text file is created without any issues, but the asc file is never created.

If I manually run the output from the PHP file (the actual GPG command) the encrypted file is created without any issue or error message.

I've been trying to solve this for a couple of hours.

I tried to use the class approach ($gpg = new gnupg();) but I was unable to install all the PECL modules/extensions.

Any help will be greatly appreciated.

Solution

  • After hours and hours of research, trial and error with more command parameters, trying with permissions on the server-side, tried to add www-data user to the admin realm, modifying permissions on /home/www-data/.gnupg and /home/mainuser/.gnupg folders...

    I did something "dumb" and send this command ($commando = "gpg --gen-key";) to see if I can generate a secret key through the PHP script because I kinda figure out it had to do with permissions at this point and I was not able to log in as www-data into the terminal.

    Obviously I got no interactive response, but I guess It just created an empty key or something because after I tried the original command again:

    $commando = "gpg --encrypt --passphrase=\"$password\" --armor --batch --yes --trust-model always -r email@public.key \"$file_name\"";

    It actually worked! The server created the text file and the encrypted file.

    So, I do not want to believe that silly thing ("gpg --gen-key") actually "solved the mystery", I want to believe it was a combination of all I did.

    Just in case someone else has this issue, I found these articles really helpful.

    Using GPG (GnuPG with PHP on Server.

    gpg: WARNING: unsafe ownership on homedir /home/user/.gnupg

    What are the correct permissions for the .gnupg enclosing folder?