Gnupg returns false in PHP

Asked

Viewed 48 times

1

I’m using the module Gnupg in PHP and tested exactly with this code:

$keydata = '-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: BCPG C# v1.6.1.0

lQOsBFh5ZewBCACBqYoooH9AFQ2WMhhaJKD0+6eQnYQKroA5zH8xNFp+PTg7WXSR
HJaISLto48Zrl4HQtSM6eOpxiL3M5qc+gchueWxhc2ds4XYrDosrN2gejZfjfsII
bAqHjz8RIAORaIAlPalToKcnU/75x8e0Rh05n5rjp43zl1gsAFhCs+YhnJE1sQBk
rpuN3cxMeIiJVOS03O6iJKXVxZwsLSraGslC1MVOY5emAfsBpS4KBf281ZcLVdq5
/DkUS5RWXLFOl73M3Wq0PQb85/VFlRdwiBTckzepF7EecY36MV+ExfVIl3ItcLSo
JZxY8uvYhgDjLnlv1YkcqK/sE30vzOKVMM+tABEBAAH/AwMC4YF5S+ay4apgajcm
C4RRYUj4ZEpa2maY/fJVS3S25jBJJlx2w873nqVvQR+4Zjp9PyDuA6XH/MFQBYLu
f3OVu5dLFa/VTwm7fA9dHskFE8GYPPvXKbJxsF33ABEFLaVJ2UGX+qluZ9Ux9Cc6
JZ4X1F/dzeq5abK24+cPIta5CTE1ZnZ3gSVthKMrEZ/S11l+czgIrgYcBcl7XRL4
r93bi+KJGKPgpq/eQ7UPhuGTMgKV62JITOxbkGCHBej6XOiz6q+fu9Y6VdyAW5Yt
7Bk2VP7bsOVRBLnZ+WKkAcxA3xno5zv88x0nCiFUFnnboo/WM2PY7S8oMVhL+EhG
xLztXE8mVVutcV/NVVpUWOJH1j0RsrzCYiilIiZW86q4WyKfImg2o6OZiSILqaHT
sDU8XX9jyEu0GD5U8ZVK/bkI59pnZrNToZJqqaUMnRTHIDnUqiXMbSd6SJEgEPMG
sJYXBykvPoPIN0A0PaxhbK+jQ6sSZoWIITL3HQQcvabDzl0TqPm3dclgrqBg8g6x
h31R+iNVF+Itf/QBBBWSklAVCKWb3BQrfKEdddxi0FaqF26A11FOzIwO6cFKJK+/
tZY8dwmzh/FlsmtGztmPbbaYKQ/KafJJXpS1B3NkjdrnWMlcmPlrzX5dk6M0PfQU
VKiNi994C2npPvQJtXzNYWqlTBG85Iy9jbTFTjAatP0ira1zib+5QAAJNMbXSGBN
lCP1KCOR8bhJjEGe5ANP8jI1iPNsTsYh8EbmCHmjfNgMtCiGvNgGmmbnI/KwoeM9
AwCXMwhcvTuLL2CX6g1Q9MtE09u30u1eFKaCwXpsyMP4uITmaye320Y+jvhfYYE5
XVSQTSZQIaVhp/P/Y7s1mIZ+dAEuCR+riaXXzumWbLQNdGVzdEB0ZXN0LmNvbYkB
HAQQAQIABgUCWHll7AAKCRDjfnMbSIMMA3GFB/4oBCm4n+NRGJ5vlkNZdNE1SSDl
uxMFKx7MSGoitupuCa1hTGTb6RVaHLkmrT/P6KLOjnKdp/lSDo0xd1C00hYhUP2C
NjecvhgzStHPRlw85+2fVDQEni9+pe6zZp1MDztGeHwZm4kBFx6ZittnBIWdET56
RlBzeu04lRffCdoPRiyBqG/nT7v8uNswsWUDNb7O9QiS+30FXOq19KVhAtl1zyp4
i3CHAsPzAcYYWP+wCyd5FGohdzfjug5zB2xUzD6xzyklhACFljgyepUjhEXI/2at
qBNP7buMVimrscjuB5jUzSfYI1V1E4VN/5Ib5QurzbQ35KoRY9ISgVXFHVIF
=p4Wt
-----END PGP PRIVATE KEY BLOCK-----';

$res = gnupg_init();
$info = gnupg_import($res,$keydata);
var_dump($info);

This private key was generated for testing!

Upshot:

bool(false)

I tested with this key above and also with the "original" key, both present the $info as false, what is not expected. According to the documentation (and the comment of 9 years ago) in http://php.net/manual/en/function.gnupg-import.php was to be displayed information about the key that was imported.

No error is reported in the logs and the module is installed correctly and with all necessary dependencies, apparently.

This extension doesn’t work anymore or is there something wrong?

  • 2

    I added the tag, because it’s not native, so it helps to avoid confusion of who comes to answer ;)

1 answer

0


I got a solution. D

Cause of the problem:

PHP/NGINX was unable to access the folder where the file is imported and so was presented false.

Try running the same script as root using the PHP-CLI and will probably not present the problem.

Solution:

Log in to a folder outside of web access:

cd /usr

Create a folder for example:

mkdir .nomelegal

Give permission to NGINX:

chown -R nginx .nomelegal
chgrp -R nginx .nomelegal

If you are using Apache change the nginx for www-data, I believe that’s it.

After that determine the location in PHP by adding this:

<?php

putenv("GNUPGHOME=/usr/.nomelegal");

$keydata = '...';

$res = gnupg_init();
$info = gnupg_import($res,$keydata);
var_dump($info);

If all is right now PHP is able to read and write inside the folder and so can import public and private keys!

Note:

I don’t know if it’s necessary, but Centos doesn’t run gpg-agent automatically, so it should run:

gpg-agent --daemon --use-standard-socket

This was used to make it possible to generate keys, I don’t know if it is necessary for Gnupg in PHP.

  • I understood, the problem was group permission, which prevented reading and writing if coming from Nginx. An idea, I’m almost sure it’s possible to register the command gpg-agent --daemon --use-standard-socket on startup https://support.suso.com/supki/CentOS_Init_startup_scripts

  • I had thought to do this, but I could not do :< I will try more calmly after.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.