Version: 1
Type: Full Script
Category: Other
License: GNU General Public License
Description: Does not disclose private key passphrase or secret data. Works with PGP v.6.5.x. Assumes existence of generated key for given <userid>. pgp_encrypt() encrypts data using the public key of <userid>. pgp_decrypt() decrypts data using the private key of <userid> with a user supplied passphrase. One use: can be used in place of symmetric key encryption for storage of sensitive data (e.g. in mysql) w/o having symmetric key lying around somewhere.
<?
// location of the pgp binary
define(PGPBIN, "/usr/local/bin/pgp");
// location of option file, key ring, etc.
define(PGPPATH, "/wwws/.pgp");
function pgp_encrypt ($data, $keyName) {
// generate a temporary file. we will store the encrypted data
// in this file.
$tempFile = tempnam("/tmp","pgp_");
$lockFile = tempnam("/tmp","lock_");
// place PGPPATH within the process environment so that pgp
// uses the correct keyring.
putenv("PGPPATH=" . PGPPATH);
// create command string to be executed:
// encrypt that which is sent via stdin using event265's
// public key and store in $tempFile
// remove lock file upon completion of encryption
$commandString =
PGPBIN . " -a -f -e " . $keyName . " -o " . $tempFile . " >/dev/null 2>&1;" .
" rm " . $lockFile . " >/dev/null 2>&1";
// echo($commandString . "nn");
// php has no ability for us to wait until the popen'd process
// terminates. thus, we must create a lock file that we'll watch.
// when the command string removes the lock file, we'll continue
$fd = fopen($lockFile,"w");
fwrite($fd, "i am a lockfile");
fclose($fd);
// open a pipe to this command string, write the $data to
// be encrypted to this pipe.
$fd = popen($commandString,"w");
$result = fwrite($fd, $data);
pclose($fd);
// add a ".asc" extension to the tempfile when using ascii armor (-a)
$tempFile = $tempFile . ".asc";
// test for the existence of the lock file. while it exists,
// we have to wait. the above encryption has not been completed.
$count = 0;
while ((file_exists($lockFile)) && (! file_exists($tempFile))) {
$count++;
if ($count > 120) return(null);
usleep(500);
clearstatcache(); // file_exists() result is cached
}
// retrieve encrypted information w/in our tempfile.
if (! ($fd = @fopen ($tempFile, "r"))) return(null);
$encryptedData = fread ($fd, filesize ($tempFile));
fclose ($fd);
// remove the temp file containing our encrypted data
unlink($tempFile);
return($encryptedData);
}
function pgp_decrypt ($data, $passPhrase) {
// place PGPPATH within the process environment so that pgp
// uses the correct keyring.
putenv("PGPPATH=" . PGPPATH);
// place PGPPASS within process environment -- the passphrase
// for the private key
putenv("PGPPASS=" . $passPhrase);
$commandString = "echo "" . $data . "" | " . PGPBIN . " -f -d 2>/dev/null";
// echo($commandString);
// open a pipe to this command string, read the decrypted
// data from stdout
$fd = popen($commandString,"r");
$secretData = fread($fd, 8096);
pclose($fd);
// clear the passphrase from the environment
putenv("PGPPASS=0");
return($secretData);
}
// sample usage code
$data = "1234-5678-8765-4321";
echo("Original Data:nn" . $data . "nn");
$data = pgp_encrypt($data, "<userid>");
echo("Encrypted Data:nn" . $data . "nn");
$data = pgp_decrypt($data, "<privateKeyPassphrase for userid>");
echo("Decrypted Data:nn" . $data . "nn");
?>
