Daizzy-Mae
asked on
GnuPG PHP website - credit card encryption
Hello
After moving servers I was having trouble with GnuPG so I generated a new set of keys in my own name. They work in the command line:
gpg --encrypt -ao encrypteddata -r rhiannon@viva.org.uk data
But not in my PHP code.
This is the bit that doesn’t work at all (errors listed below).
--------------------------
//invoke PGP to encrypt file contents
system("/usr/bin/gpg --encrypt -ao $crypted -r 'Rhiannon <rhiannon@viva.org.uk>' $plainTxt");
//open file and read encrypted contents into var
$fd = fopen($crypted, "r");
$encrypted_stuff = fread($fd, filesize($crypted));
fclose($fd);
--------------------------
If I make the fopen “w+” it does create the file, but it is empty at 0 bytes.
As I said, it works beautifully from the command line – my new user is able to encrypt and decrypt.
After moving servers I was having trouble with GnuPG so I generated a new set of keys in my own name. They work in the command line:
gpg --encrypt -ao encrypteddata -r rhiannon@viva.org.uk data
But not in my PHP code.
This is the bit that doesn’t work at all (errors listed below).
--------------------------
//invoke PGP to encrypt file contents
system("/usr/bin/gpg --encrypt -ao $crypted -r 'Rhiannon <rhiannon@viva.org.uk>' $plainTxt");
//open file and read encrypted contents into var
$fd = fopen($crypted, "r");
$encrypted_stuff = fread($fd, filesize($crypted));
fclose($fd);
--------------------------
If I make the fopen “w+” it does create the file, but it is empty at 0 bytes.
As I said, it works beautifully from the command line – my new user is able to encrypt and decrypt.
andrewbleakley
It could be web server permission related, if you run the PHP script form the command line does it work ?
ASKER
Hi, yes, it does work from the command line. It creates the encrypted file perfectly :-)
Does that mean it's permissions?
Does that mean it's permissions?
Yes, check the permissions that your web server runs as and the file system permissions.
ASKER
In my command line on my website folder I get these results:
whoami timetogoveggie.com
id -u 186655
I am connecting to my website using the FTP login the hosting company gave me, which has a different username: vivacaa.
Do you think that could be the problem?
The code creates the files in the root of the website which looks to have permissions 'XXX' as I am on shared hosting so don't have access to change the permissions on this folder.
Do you think this is causing the trouble?
Do you know why this would have happened when I changed hosts?
Many Thanks
whoami timetogoveggie.com
id -u 186655
I am connecting to my website using the FTP login the hosting company gave me, which has a different username: vivacaa.
Do you think that could be the problem?
The code creates the files in the root of the website which looks to have permissions 'XXX' as I am on shared hosting so don't have access to change the permissions on this folder.
Do you think this is causing the trouble?
Do you know why this would have happened when I changed hosts?
Many Thanks
ASKER
Also, my GnuPG keys I generated are for a user called 'rhiannon <rhiannon@vive.org.uk>'
change the permissions to 777 to test it - change them to something d=safer once you have tested though. If it works after you set the permissions to 777 you have found your issue - then you just need to set the correct permissions so that the data is safe and still runs
ASKER
Unfortunately I am not able to change the permissions on the root folder of my website because I am on shared hosting and don't have access to this folder. Is that the folder you mean?
not the whole folder - just the files
ASKER
Thank you Andrew. I just tried to encrypt a test text file with permissions 777, but got the same error messages as it failed to create the encrypted version of the file:
Warning: fopen(/services/webpages/t
Warning: filesize() [function.filesize]: stat failed for /services/webpages/t/i/tim
Warning: fread(): supplied argument is not a valid stream resource in /services4/webpages/util/v
Warning: fclose(): supplied argument is not a valid stream resource in /services4/webpages/util/v
Warning: fopen(/services/webpages/t
Warning: filesize() [function.filesize]: stat failed for /services/webpages/t/i/tim
Warning: fread(): supplied argument is not a valid stream resource in /services4/webpages/util/v
Warning: fclose(): supplied argument is not a valid stream resource in /services4/webpages/util/v
ASKER
I think you are right - it probably is a permission problem: I will probably need to create a keyring for whichever user owns the php process.
Do you know how to find out which user owns the php process?
Many Thanks
Do you know how to find out which user owns the php process?
Many Thanks
It will run as the same user as apache does. Check your apache.conf for the User and Group directives
ASKER
Hi Andrew
There don't seem to be any files ending in .conf in my website - do you think I might not have access to it because I am on shared hosting?
There don't seem to be any files ending in .conf in my website - do you think I might not have access to it because I am on shared hosting?
Does this file exist /services/webpages/t/i/tim
ASKER
Hi :-)
No, it has not made the file.
If I change the line in the code above to "w+" like this:
$fd = fopen($crypted, "w+");
Then it makes the file, but it is empty (0 bytes).
I just ran the command fine from the command line again as a test:
gpg --encrypt -ao testdatapgpdata.txt -r rhiannon@viva.org.uk testdata.txt
And it did create the file fine.
No, it has not made the file.
If I change the line in the code above to "w+" like this:
$fd = fopen($crypted, "w+");
Then it makes the file, but it is empty (0 bytes).
I just ran the command fine from the command line again as a test:
gpg --encrypt -ao testdatapgpdata.txt -r rhiannon@viva.org.uk testdata.txt
And it did create the file fine.
to find out what PHP is running as create a PHP script with
<?php
echo 'Current script owner: ' . get_current_user();
?>
and run it
<?php
echo 'Current script owner: ' . get_current_user();
?>
and run it
ASKER
Thank you Andrew
I did try that but the . get_current_user(); is empty - as though there is no user!
I did try that but the . get_current_user(); is empty - as though there is no user!
If you create the file /services/webpages/t/i/tim
ASKER
I created the file and gave it permissions 777 and refreshed the php page: It doesn't give as many errors, but it doesn't put the encrypted data into the file still (0 Bytes).
Warning: fread() [function.fread]: Length parameter must be greater than 0 in /services4/webpages/util/v
Warning: fread() [function.fread]: Length parameter must be greater than 0 in /services4/webpages/util/v
ok, remove the file, and run it see if it errors again
ASKER
If I add some random text to the file it works very well, so I guess the PHP is generally ok, it really is just the following step which is the problem:
1. Encrypting the plain text version of the credit card details and dumping the encrypted data into a file:
system("/usr/bin/gpg --encrypt -ao $crypted -r 'Rhiannon <rhiannon@viva.org.uk>' $plainTxt");
If I make that file for it then it will happily do the other steps in the code above (open the file, read the encrypted contents and send it via email).
1. Encrypting the plain text version of the credit card details and dumping the encrypted data into a file:
system("/usr/bin/gpg --encrypt -ao $crypted -r 'Rhiannon <rhiannon@viva.org.uk>' $plainTxt");
If I make that file for it then it will happily do the other steps in the code above (open the file, read the encrypted contents and send it via email).
ASKER
Hi
Yes, it does indeed error again. Thank you for the suggestion.
So it really is the encryption which is the problem, rather then the code after it.
Now I just need to work out why it won't encrypt from the PHP page, when it will from the command line!
Yes, it does indeed error again. Thank you for the suggestion.
So it really is the encryption which is the problem, rather then the code after it.
Now I just need to work out why it won't encrypt from the PHP page, when it will from the command line!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you Andrew
I'm looking into how to output the GnuPG results onto the screen.
I'm looking into how to output the GnuPG results onto the screen.
ASKER
Hi Andrew
I don't think there is an option to print the encrypted information onto a browser screen - I think GnuPG will only output an encryted text file.
I don't think there is an option to print the encrypted information onto a browser screen - I think GnuPG will only output an encryted text file.