| Question : | How can I use PGP with PHP? | |
| | Answer : | We would recomend using GnUPG not PGP, GnUPG can be used for comercial sites without a license.
You will need shell access, i.e. telnet or SSH. SSH is more secure. Also a linux machine and a copy of PGP installed on your machine. You will also need to generate a key pair, this consists of a public and private key. The public key is uploaded to the server the private key is kept on your machine. See the PGP help file for more information.
GnUPG must be installed, (Check with your server admin)
Access the shell as your user then do the following command :-
mkdir .gnupg
chmod 777 .gnupg
gpg --gen-key
use a dummy name and when it gets to the bit where it generates the keys make sure the machine is doing I/O to get the entropy.. ie. telnet in again and do a du / or something its best to have this ready and just hit enter as you finish the key creation
This creates a dummy key pair, this is not used but is needed.
This takes anything from a few seconds to a few minutes depending on the speed of the server.
as the user, just ftp the ascii public key to the server. This will be called something.asc. Upload it making sure its ASCII not binary (See your FTP software help file)
then type ..
gpg --import file.asc
Then ..
gpg --list-keys
get the name of the new key that was uploaded, this will be something like :-
pub 1024D/FA46F142 2000-11-03 Darren Casey
The next part is to set the permissions for the .gnupg directory so the webserver can access the files. Type the following commands :-
cd .gnupg
chmod 666 trustdb.gpg
chmod 604 secring.gpg
chmod 604 random_seed
chmod 644 pubring.gpg
cd ..
Example code is as follows :-
<?
//Set the username to the user on the server
$username = "dummy";
$pgp="/usr/local/bin/gpg";
// User that is sending the e-mail (In the from address etc..)
$user="Darren Casey <updates@alt-php-faq.org>";
//This is the key that was uploaded, i.e. the recipent of the PGP message
$recp="First Last <user@domain.com>";
$data="Text that will be encrypted";
$command = 'echo "'.$data.'" | '.$pgp.' -a --always-trust --batch --no-secmem-warning -e -u "'.$user.'" -r "'.$recp.'"';
$oldhome = getEnv("HOME");
putenv("HOME=/home/$username");
$result = exec($command, $encrypted, $errorcode);
putenv("HOME=$oldhome");
$message = implode("\n", $encrypted);
if(ereg("-----BEGIN PGP MESSAGE-----.*-----END PGP MESSAGE-----",$message))
{
echo "It Worked";
}else
{
echo "It failed";
}
$subject="Test message";
$header="From: $user";
echo "Message<br>";
echo nl2br($message);
mail($recp,$subject,$message,$header);
?>
Based on original by Kelvin Phillips.
| | |
