PHP GNUPG: Cannot import key

Question

I am completely new to using GNUPG. I've installed it successfully on the server using YUM and WHM's built-in module installer.

I am attempting to import a key, and then use that to encrypt a file that will be SFTP'ed to someone else's server nightly. I have followed tutorials on setting the code up but cannot get past this point. I'm not really finding any helpful explanations as to why things would not work as described. I have followed info found in this question: Encrypt files using PGP in PHP? . Unfortunately, the people who wrote the info assumed it would work correctly the first time. I've also found other helpful pages such as http://devzone.zend.com/1278/using-gnupg-with-php/ which unfortunately also did not give error information.

First, let me say that the GNUPGHOME path is not right. I actually am unsure where to point that to with the install I just did and just copied over files from another account directory to this one. I could not find info on how to set that up correctly and was hoping I'd just be able to import the new key into these files and use them without an issue. The code I am currently using is:

putenv("GNUPGHOME=/home/smlivere/public_html/tmp/.gnupg");

echo "GetEnv: ".getenv("GNUPGHOME")."<br/><br/>";
echo "Is Dir: ".is_dir(getenv("GNUPGHOME"))."<br/><br/>";

$pubkey = "-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (MingW32)

[public key data]
-----END PGP PUBLIC KEY BLOCK-----";

$enc = (null);


// create new GnuPG object
$gpg = new gnupg();

// throw exception if error occurs
$gpg->seterrormode(gnupg::ERROR_EXCEPTION);

try {
    $info = $gpg->import($pubkey);
    echo "gnupg_import RTV = <br/><pre>\n";
    var_dump($rtv);
    echo gnupg_geterror($res);
    echo "</pre>\n";
} catch (Exception $e) {
    echo 'ERROR: ' . $e->getMessage()."<br/>";
    echo "The exception code is: " . $e->getCode()."<br/>";
    echo "The exception was created on line: " . $e->getLine()."<br/>";

    echo "Stack Trace:<br/><pre>\n";
    print_r($e->getTrace());
    echo "</pre>\n";
}

I am getting back:

GetEnv: /home/smlivere/public_html/tmp/.gnupg

Is Dir: 1

ERROR: import failed
The exception code is: 0
The exception was created on line: 147
Stack Trace:

Array
(
    [0] => Array
        (
            [file] => /home/smlivere/public_html/crons/export_dvm.php
            [line] => 147
            [function] => import
            [class] => gnupg
            [type] => ->
            [args] => Array
                (
                    [0] => -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (MingW32)

[public key data]
-----END PGP PUBLIC KEY BLOCK-----
                )

        )

    [1] => Array
        (
            [file] => /home/smlivere/public_html/crons/export_dvm.php
            [line] => 5
            [function] => encrypt_file
            [args] => Array
                (
                )
        )
)

I'm assuming that my biggest issue is just the GNUPGHOME but cannot honestly say. I wish there was more info on this out there. If anyone can help I would greatly appreciate it.

Thanks, James

Answer 1

I finally got this to work using this class: http://www.phpclasses.org/package/378-PHP-Manipulate-messages-and-encryption-keys-with-PGP.html

The message encryption did not work by default, though. I had to change it to get it to work using:

'gpg --no-tty --no-secmem-warning --homedir '.$_SERVER['DOCUMENT_ROOT'].'/tmp/.gnupg -e -a --yes --always-trust --batch --output [output path] -r [key id] [source path]'

Where $message is the message to encrypt, $gpg is the path to the GPG binary, and $recp is the username used to store the key.

The above command works all by itself too when executed using shell_exec(), but I used the class to import my key and figured I may as well keep it.

Answer 2

if you're using php-fpm on your local machine, check the config file (/usr/local/etc/php/7.3/php-fpm.conf) and see if 'daemonize' is set to no, if it's set to no, change it to yes, and then restart php, that's what fixed it for me after spending the whole day trying to figure it out

Answer 3

My class written as a small wrapper to gnupg may help you get going in the right direction.

Fyi - make sure server folders have proper permissions and owners for gnupg to write to the pubkey ring file in /.gnupg

Https://www.github.com/misterG13