I have a .sh code where I sign encrypt a .gz file with gpg command with user_ID. How can I get same output file from php library gnupg?
.sh code:
gpg -se -r ${GPG_USER} file.csv.gz
output:
file.csv.gz.gpg
Current attempt code PHP:
use gnupg;
$gpg = new gnupg();
$gpg->addencryptkey("FINGERPRINT"); //How to find FINGERPRINT?
$gpg->addsignkey("FINGERPRINT","USER_ID"); //How to find FINGERPRINT?
$enc = $gpg->encryptsign(file_get_contents("file.csv.gz"));
$file = fopen("file.csv.gz.gpg","w");
fputs($file, $enc); //is it correct way to export encrypted output file?
Related
Because of some platform limitation I'm forced to generate openssl signature in command line. I'm executing openssl sign command and with openssl verify command it validates. But when I tired to sign by command and validate by php, it fails.
$filesize = filesize('test.txt');
$fp = fopen('test.txt', 'rb');
$data = fread($fp, $filesize);
$prvKey = 'qa_sig_ec.key';
$command = 'echo -n "'.$data.'" | openssl dgst -sha256 -sign '. $prvKey;
$sig = exec($command);
$filesize2 = filesize(__DIR__."\qa_sig_ec.pub");
$fp2 = fopen(__DIR__."\qa_sig_ec.pub", 'rb');
$publicKey = fread($fp2, $filesize2);
var_dump(openssl_verify($data, $sig, $publicKey, OPENSSL_ALGO_SHA256));
I believe that is something wrong with signature passing, because openssl command generates binary content, and perhpas when i pass it to script, it just break.
Any ideas, please?
you can base64 encode openssl signatures for textwise comparison and transmission.
You can probably:
$command = 'echo -n "'.$data.'" | openssl dgst -sha256 -sign '. $prvKey. ' | base64';
in php. I've also had trouble using php's openssl commands with key resources. It seems to be more reliable to:
file_get_contents($keypath);
And feed openssl functions the string containing the key. I haven't tried this with a passphrase protected key. Try this if using key resources doesn't work. base64 decode the signature to feed it to openssl functions in binary if it doesn't digest the encoded string version.
My answer is based on experience using php's openssl functions to verify openssl generated signatures. I haven't tried to do exactly what you're doing but I have a hunch your issues can be solved with strategic base64 encoding/decoding. It should take literally a minute to try for you.
Im using Gnupg to decrypt a file:
gpg --decrypt -o file.xml file.gpg
You need a passphrase to unlock the secret key for
user: "TEST-COMPANY (DAM Key) <test#test.de>"
4096-bit RSA key, ID 257C2D21, created 2018-04-23
Enter passphrase:
Then I write this passphrase and then works.
And now I want to make it automatic using this command on PHP:
$command = 'gpg --decrypt -o file.xml file.gpg'
exec($command);
The problem came when system ask for phassphrase.
I tried this:
$command = 'gpg --decrypt -o file.xml file.gpg | [Passphrase]'
but doesn't work.
Any idea about this?
Thank you
Just adding the answer that the OP and #CD001 figured out in the comments, because it helped me immensely (thanks!), and seems like a common issue (secret key was generated with passphrase, and generating new keys isn't an option). I was pulling my hair out trying to decrypt with the GnuPG functions, before learning that as of GnuPG 2.1, it can't decrypt a file with passphrase-generated key (as noted in comment here). Configuring gpg-agent with a preset passphrase may work fine, but I much prefer what the OP here did.
$encrypted_file = "file.csv.pgp";
$path_to_file = $_SERVER["DOCUMENT_ROOT"]."/dir1/dir2";
$passphrase = "passphrase";
$command = "echo {$passphrase} | gpg --passphrase-fd 0 --batch --yes {$path_to_file}/{$encrypted_file}";
exec($command);
If successful, the decrypted file will be in the same directory, without the .pgp extension. So make sure it was successful...
$decrypted_file = str_replace(".pgp", "", $encrypted_file );
if (file_exists("{$path_to_file}/{$decrypted_file}")) {
echo "Successfully decrypted $encrypted_file to $decrypted_file";
}
I'm trying to decrypt a GPG file in a PHP script. I'm trying to decrypt it with GPG tool and I am using the following PHP code:
shell_exec('gpg --batch -r '.$passphrase.' '.$outputFile)
... where $passphrase is password and $outputFile is the file path.
But it's not working. Any suggestions?
I would like to create a php script that creates keys for ssh-authentication.
I've started with a
exec("ssh-keygen -b 1024 -t dsa -N *pwd* -f *path-to-file* -q");
to create the private and public-key-pair. No problem till here ;)
Now I've to convert the OpenSSL-Key to the ppk-format of PuTTY (in the cmd, not in the GUI). If anyone have an Idea on how to manage that, please let me know.
Thanks
If you were working with RSA keys you could do this (requires phpseclib):
<?php
include('Crypt/RSA.php');
$rsa = new Crypt_RSA();
$rsa->setPassword('password');
$rsa->loadKey('...');
//$rsa->setPassword(); // clear the password if there was one
echo $rsa->getPrivateKey(CRYPT_RSA_PRIVATE_FORMAT_PUTTY);
?>
You have not specified, what OS you run at. On *nix, you can use PuTTYgen (from PuTTY):
puttygen openssl-key -o mykey.ppk
For details see: https://linux.die.net/man/1/puttygen
On Windows, PuTTYgen is a GUI application only. Though, you can use WinSCP, it has PuTTYgen-compatible command-line interface:
winscp.com /keygen openssl-key -o mykey.ppk
I have to encrypt files that will be decrypted on demand with PHP :
$fh = fopen('encrypted_file', 'rb');
$content = fread($fh, $size);
print mcrypt_decrypt(MCRYPT_TRIPLEDES, 'myPassword', $content, MCRYPT_MODE_ECB);
fclose($fh);
I cannot change the PHP code as it is used many times in the site.
Otherwise, I have to seriously prove that the change is mandatory.
Now, my problem is to find the Linux OpenSSL command to encrypt files that will be decrypted with the given code.
I tried things like :
openssl enc -e -des3 -k myPassword -nosalt -in text_file -out encrypted_file
But I cannot find the decrypted file through PHP.
May you help me to correct the openssl command?
There are so many options (I tried many, I sware) and I don't find how to make them corresponding to the PHP one.
Regards,
Olivier