[nycphp-talk] cookbook: gpg
Rolan
rolan at datawhorehouse.com
Mon Aug 11 13:41:13 EDT 2003
This is what I've been using for a while. It's probably dirty and unorthodox
but since I am the only user on the system, I'm not that worried about other
users snooping on the /tmp dir.
Feel free to clean this up, anyone...
~Rolan
<?
function gpgdecrypt($data) {
$pgp="/usr/local/bin/gpg"; # change to location of your gpg
$username="login of gpg key owner";
srand((double)microtime()*1000000);
$unique_str = md5(rand(0,9999999));
$file="/tmp/".$unique_str;
$fp=fopen($file,"w");
fputs($fp,$data);
fclose($fp);
$command = "$pgp -quiet --no-secmem-warning -d $file";
$oldhome = getEnv("HOME");
putenv("HOME=/home/$username");
$result = exec($command, $decrypted, $errorcode);
unlink($file);
putenv("HOME=$oldhome");
$message = implode("\n", $decrypted);
return ($message);
}
?>
function gpgencrypt($data) {
$username = "owner of pgp private key";
$publicuser = "owner of pgp public key";
$pgp="/usr/local/bin/gpg"; # change to location of your gpg
srand((double)microtime()*1000000);
$unique_str = md5(rand(0,9999999));
$file="/tmp/".$unique_str;
$fp=fopen($file,"w");
fputs($fp,$data);
fclose($fp);
$command = "cat $file | $pgp --always-trust --batch
--no-secmem-warning -e -r $publicuser --output $file"."b";
$oldhome = getEnv("HOME");
putenv("HOME=/home/$username");
$result = exec($command, $encrypted, $errorcode);
$fp=fopen("$file"."b","r");
$message=fread($fp,9999999);
fclose($fp);
unlink($file);
unlink($file."b");
putenv("HOME=$oldhome");
return ($message);
}
David Mintz wrote:
>On Mon, 11 Aug 2003, David Sklar wrote:
>
>
>
>>gpg has to run as a user that has access to your secret key ring.
>>
>>Doing gpg encryption with a passphrase-protected key on a shared server has
>>many risks: can anyone else on the server (through misadministration or a
>>hole in pages on your site) alter any of your cgi-wrapped scripts and do
>>their own encryption/decryption/steal your key? Separately, putting your
>>passphrase in a file readable by other users is no better than just having a
>>passphraseless key.
>>
>>What are you trying to encrypt?
>>
>>
>
>
>Last question first: credit card information, which will then be emailed
>and/or written to a database.
>
>As for the first question, well... maybe I'm confused. When I run the
>snippet
>
>
>$encrypted = shell_exec( "echo 'secret stuff'|/usr/bin/gpg
>--no-secmem-warning --homedir /my/.gnupg -ear recipient at example.com");
>
>from the command line or as a wrapped script, it does not require a
>passphrase in order to encrypt. Since gpg needs the user's secret key in
>order to encrypt and sign, a copy of that secret key has to live on the
>server -- is there any way around that? The permissions are as restrictive
>as possible and I guess the key is as safe/vulnerable as anything else in
>the house that's similarly chmoded.
>
>The private key for decrypting is not going to be anywhere near the
>server, nor will my secret key passphrase.
>
>So how, if at all, does one safely gpg-encrypt on a shared server?
>
>Thanks,
>
>---
>David Mintz
>http://davidmintz.org/
>Email: See http://dmintzweb.com/whitelist.php first!
>_______________________________________________
>talk mailing list
>talk at lists.nyphp.org
>http://lists.nyphp.org/mailman/listinfo/talk
>
>
>
More information about the talk
mailing list