#native_company# #native_desc#

PGP Encryption/Decryption Functions

By John Grogan
on March 13, 2001

Version: 1

Type: Full Script

Category: Other

License: GNU General Public License

Description: Does not disclose private key passphrase or secret data. Works with PGP v.6.5.x. Assumes existence of generated key for given <userid>. pgp_encrypt() encrypts data using the public key of <userid>. pgp_decrypt() decrypts data using the private key of <userid> with a user supplied passphrase. One use: can be used in place of symmetric key encryption for storage of sensitive data (e.g. in mysql) w/o having symmetric key lying around somewhere.


// location of the pgp binary
define(PGPBIN, "/usr/local/bin/pgp");

// location of option file, key ring, etc.
define(PGPPATH, "/wwws/.pgp");

function pgp_encrypt ($data, $keyName) { 

  // generate a temporary file. we will store the encrypted data
  // in this file.

  $tempFile = tempnam("/tmp","pgp_");
  $lockFile = tempnam("/tmp","lock_");

  // place PGPPATH within the process environment so that pgp
  // uses the correct keyring.

  putenv("PGPPATH=" . PGPPATH);

  // create command string to be executed:
  // encrypt that which is sent via stdin using event265's 
  // public key and store in $tempFile
  // remove lock file upon completion of encryption

  $commandString = 
	PGPBIN . " -a -f -e " . $keyName . " -o " . $tempFile . " >/dev/null 2>&1;" .
	" rm " . $lockFile . " >/dev/null 2>&1";
  // echo($commandString . "nn");

  // php has no ability for us to wait until the popen'd process 
  // terminates. thus, we must create a lock file that we'll watch.
  // when the command string removes the lock file, we'll continue

  $fd = fopen($lockFile,"w");
  fwrite($fd, "i am a lockfile");

  // open a pipe to this command string, write the $data to
  // be encrypted to this pipe.

  $fd = popen($commandString,"w");
  $result = fwrite($fd, $data);

  // add a ".asc" extension to the tempfile when using ascii armor (-a)

  $tempFile = $tempFile . ".asc";

  // test for the existence of the lock file. while it exists,
  // we have to wait. the above encryption has not been completed.

  $count = 0;
  while ((file_exists($lockFile)) && (! file_exists($tempFile))) {
    if ($count > 120) return(null);
    clearstatcache(); // file_exists() result is cached

  // retrieve encrypted information w/in our tempfile.

  if (! ($fd = @fopen ($tempFile, "r"))) return(null);
  $encryptedData = fread ($fd, filesize ($tempFile));
  fclose ($fd);

  // remove the temp file containing our encrypted data




function pgp_decrypt ($data, $passPhrase) { 

  // place PGPPATH within the process environment so that pgp
  // uses the correct keyring.

  putenv("PGPPATH=" . PGPPATH);

  // place PGPPASS within process environment -- the passphrase
  // for the private key

  putenv("PGPPASS=" . $passPhrase);

  $commandString = "echo "" . $data . "" | " . PGPBIN . " -f -d 2>/dev/null";
  // echo($commandString);

  // open a pipe to this command string, read the decrypted
  // data from stdout

  $fd = popen($commandString,"r");
  $secretData = fread($fd, 8096);

  // clear the passphrase from the environment




// sample usage code

$data = "1234-5678-8765-4321";

echo("Original Data:nn" . $data . "nn");

$data = pgp_encrypt($data, "<userid>");

echo("Encrypted Data:nn" . $data . "nn");

$data = pgp_decrypt($data, "<privateKeyPassphrase for userid>");

echo("Decrypted Data:nn" . $data . "nn");