I need to generate a key for a vendor, which they will use to encrypt a file with PGP. When I receive the file from them, I need to decrypt it using PHP. What’s the best way to generate the keys and decrypt the file?
I’m not aware if PHP supports PGP. The Crypt function supports Blowfish, DES, etc., but not PGP.
I think the solution is to execute a PGP command line function using “shell_exec” or “system” in PHP.
Good luck!
Decrypting an encrypted file with PHP and GnuPG can be a bit more complex than encrypting, since you are required to provide a GnuPG passphrase. The solution to having to type the passphrase every time the script is run lies in a handy little gpg switch called –passphrase-fd. This switch tells GnuPG to accept the passphrase from a file descriptor, which means that you can echo the passphrase and pipe the output to gpg, as seen in the following example.
< ?php
$gpg = '/usr/bin/gpg';
$passphrase = 'My secret pass phrase.';
$encrypted_file = 'foo.gpg';
$unencrypted_file = 'foo.txt';
echo shell_exec("echo $passphrase | $gpg --passphrase-fd 0 -o $unencrypted_file -d $encrypted_file");
?>
This script tells gpg to accept the passphrase from STDIN (indicated by the 0 following the switch) and decrypt the information into a file named “foo.txt”.
As with encrypting information, you can leave off the -oswitch to gpg and let the decrypted data be captured inside a variable.
It should be noted that the -o switch should always come before the -d switch.
I’m not aware if PHP supports PGP. The Crypt function supports Blowfish, DES, etc., but not PGP.
I think the solution is to execute a PGP command line function using “shell_exec” or “system” in PHP.
Good luck!
Decrypting an encrypted file with PHP and GnuPG can be a bit more complex than encrypting, since you are required to provide a GnuPG passphrase. The solution to having to type the passphrase every time the script is run lies in a handy little gpg switch called –passphrase-fd. This switch tells GnuPG to accept the passphrase from a file descriptor, which means that you can echo the passphrase and pipe the output to gpg, as seen in the following example.
< ?php
$gpg = '/usr/bin/gpg';
$passphrase = 'My secret pass phrase.';
$encrypted_file = 'foo.gpg';
$unencrypted_file = 'foo.txt';
echo shell_exec("echo $passphrase | $gpg --passphrase-fd 0 -o $unencrypted_file -d $encrypted_file");
?>
This script tells gpg to accept the passphrase from STDIN (indicated by the 0 following the switch) and decrypt the information into a file named “foo.txt”.
As with encrypting information, you can leave off the -oswitch to gpg and let the decrypted data be captured inside a variable.
It should be noted that the -o switch should always come before the -d switch.