• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 371
  • Last Modified:

GnuPG PHP website - encryption will not work from PHP

I am able to encrypt using PuTTY from the command line, but not from my web-page.

Here is my line of PHP code: system("/usr/bin/gpg --homedir /gnupg-files/.gnupg --encrypt -ao encryptedfile.txt -r 'Rhiannon <rhiannon@viva.org.uk>' 789.txt");

When I use PuTTY I type this in:
[timetogoveggie.com@shell1c40 /]$ gpg --homedir /gnupg-files/.gnupg --encrypt -a                      o encryptedfile.txt -r rhiannon@viva.org.uk 789.txt

Initially I thought it was a permissions problem but I seem to be logged in to PuTTY as the same user as I am on the website:

Website user:
<?php
echo system("id");
?>

gives me
uid=186655(timetogoveggie.com) gid=100(users) groups=65533(nobody),65534(nogroup) uid=186655(timetogoveggie.com) gid=100(users) groups=65533(nobody),65534(nogroup)

PuTTY user:
[timetogoveggie.com@shell1c40 /]$ id -u
186655

[timetogoveggie.com@shell1c40 /]$ whoami
timetogoveggie.com

--------------------------------------------------------------------------------------------

We had GnuPG working nicely on the old server, then our hosting company got bought out by Aplus.net and we got moved to their servers... and now it will not work!

It simply will not create an encrypted file using GnuPG.

I am on Bash shell in Linux with fairly restricted permissions (eg. I am not allowed to use the chown command).

Do you think this could be a problem with my PHP in the line above?
0
Daizzy-Mae
Asked:
Daizzy-Mae
  • 6
  • 5
1 Solution
 
MrVandemarCommented:
are you in a chrooted environment on the server when you ssh in? Im guessing you are and that when your script runs in the webservice that it in turn isnt in a chrooted invironment which would change the location of  /gnupg-files/.gnupg to a location that you dont have write access to.

Also, have you checked to see if the server has the gnupg pecl extension? might make coding a little easier

0
 
Daizzy-MaeAuthor Commented:
Thank you MrVandemar.

How do I tell whether I have permission in both PuTTY and the PHP page?

It appears that I am logged into both as the same user with the same UID.

Here is the result of the permissions on the web page to the folder where GPG is installed, but I'm not bright enough to work out whether this means the user timetogoveggie.com (186655) has permission to use GPG or not! Do you think this is the problem?

<?php

echo system("id");
echo "\n\n";
echo fileperms("/usr/bin/gpg");
echo "\n\n";
print_r(stat("/usr/bin/gpg"));

?>

uid=186655(timetogoveggie.com) gid=100(users) groups=65533(nobody),65534(nogroup) uid=186655(timetogoveggie.com) gid=100(users) groups=65533(nobody),65534(nogroup)

33261

Array ( [0] => 26627 [1] => 448 [2] => 33261 [3] => 1 [4] => 0 [5] => 0 [6] => 0 [7] => 681933 [8] => 1269531949 [9] => 1031680334 [10] => 1252894483 [11] => 4096 [12] => 1337 [dev] => 26627 [ino] => 448 [mode] => 33261 [nlink] => 1 [uid] => 0 [gid] => 0 [rdev] => 0 [size] => 681933 [atime] => 1269531949 [mtime] => 1031680334 [ctime] => 1252894483 [blksize] => 4096 [blocks] => 1337 ):
0
 
Daizzy-MaeAuthor Commented:
Our host has confirmed that we do have the GNUPG PHP Pecl extension, but I don't trust them an inch, and I don't know how to tell whether they are telling the truth!
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
MrVandemarCommented:
Quick and dirty full environment check, if you hosting provider hasn't blocked it.

create a php file in your websites root directory, call it test.php

put one line in it:

<?php phpinfo(); ?>

Now browse to that page. If the function hasnt been disabled it will tell you all the modules that you have available in php, their default settings and the current environment. In the last section you should see a line

_SERVER["DOCUMENT_ROOT"]

That will give you an idea of the path where gnupg is looking for the files, you will also see a section "gnupg" with version info if the pecl extension is installed
0
 
Daizzy-MaeAuthor Commented:
Hi! :-)

Here is the phpinfo() page (here's one I made earlier!): https://secure40.securewebsession.com/timetogoveggie.com/vvfshop/richinfo.php

Interestingly the root seems to be:       
/services/webpages/t/i/timetogoveggie.com/secure

I had been using just:
/services/webpages/t/i/timetogoveggie.com/

Also there is no section for GnuPG I think?
0
 
MrVandemarCommented:
When you ssh in do you get put straight into the directory where your web files are located?
0
 
Daizzy-MaeAuthor Commented:
yes, it goes straight to the root of my website :-)
If is do "ls" it lists out the files at the very root, the website itself is in a folder called 'public' so it's up 1 folder in the directory structure.
0
 
MrVandemarCommented:
Hmm, this one is a fun one. Try   ls -al to see if anything is a symlink. Though you should be able to put your keyfile in the directory where you login at. And while they may have installed the gnupg pecl via "pecl install gnupg" they didnt add extension=gnupg.so to the php.ini to actually load the extension.

From the shell, what is the output of pwd?
0
 
Daizzy-MaeAuthor Commented:
Hi

I think these are the only 3 symlinks on my area:

html -> public
secure -> public
secure-cgi-bin -> cgi-bi

From the shell pwd is just "/"

Thank you! :-)
0
 
MrVandemarCommented:
Ok, you are in a chrooted  environment, tell your hosting provider that you need to know what the absolute path is to your homedir so that you can use it in your scripts. There appears to be a lot of rewriting going on in the webserver so this is really the only way to get the exact location of where you keyring needs to be.
0
 
Daizzy-MaeAuthor Commented:
Thank you, I am going to tag your post as the answer. The hosting company seem rather slow. It seems:
a) they have been looking at the wrong page for weeks
b) they don't understand GnuPG
c) they got me mixed up with another client

Bless them and their frustrating lack of support!

My solution is to rewrite the whole shop with PayPal. Not ideal but at least we are able to take payments now!!!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now