I have an OpenPGP message which looks something like this given to me in a file:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.9 (MingW32)
jA0EAgMCtCzaGHIQXY9g0sBnAeDOQ9GuVA/uICuP+7Z2dnjNCLgRN0J/TzJs1qcW
aJYBTkH5KQCClCxjwTYbHZCox1sENfIS+KxpCKJQqAX3SNEFm0ORNE6RNwEgb1Zj
uOdIw8auxUsjmQKFLAcZIPKjBjyJqSQVfmEoteVn1n+pwm8RdIZevCHwLF2URStB
nBVuycaxcaxcaxcxccxcxacqweqweqwe123fsMqQPaTusOBGpEQrWC9jArtvYEUpY
aNF6BfQ0y2CYrZrmzRoQnmtnVu10PagEuWmVxCucyhVwlthVgN0iBog9jhjliQkc
rrDTupqB4IimMEjElGUHtkuvrCQ0jQnOHEAJmmefMDH0NkYKGd5Ngt21I5ge5tob
/uBjHKMxjNgg1nWfg6Lz4jqoKe/EweuEeg==
=+N9N
-----END PGP MESSAGE-----
and was given a 15 character passphrase to decrypt it, I suppose. But I really don't have any idea to decrypt the file using PHP. I take a look at PHP's GnuPG manual page and under the gnugpg_decrypt()
example it gives this code:
$res = gnupg_init();
gnupg_adddecryptkey($res,"8660281B6051D071D94B5B230549F9DC851566DC","test");
$plain = gnupg_decrypt($res,$encrypted_text);
echo $plain;
So taking a look at this function gnupg_adddecryptkey
, it mentioned I need a fingerprint. What is that actually? And where can I get it?
--symmetric is not an option for either --encrypt or --decrypt, but a command for symmetric encryption. The message contains information that it is encrypted symmetrically in its meta data, so a simple --decrypt is sufficient. This answer is compatible with not just PHP, but GnuGPG in general.
OpenPGP supports two encryption modes. The most famous, and useful, is public key crypto where each user has his or her own private key that is kept confidential and the public key that is shared with anyone who needs to send encrypted messages. The Wikipedia article on public-key cryptography is a good place to start to read up on the foundation.
Though GPG can support symmetric-key cryptography, this class is intended only to facilitate public-key cryptography. You will have to perform decryption manually by calling gpg. An example command line would be (alternatively, you can also provide the input through STDIN).
How to Encrypt and Decrypt a PHP String ? In PHP, Encryption and Decryption of a string is possible using one of the Cryptography Extensions called OpenSSL function for encrypt and decrypt. openssl_encrypt () Function: The openssl_encrypt () function is used to encrypt the data. $data: It holds the string or data which need to be encrypted.
The fingerprint is a hash sum calculated on the public key and some meta data like key creation time. It is also returned after importing a key through gnupg_import
as fingerprint
attribute.
This is for public/private key cryptography, which you're seemingly not using: when encrypting with a passphrase, you're omitting the public/private key cryptography part and directly use symmetric encryption for the message, with a session key (sometimes also called cipher block or symmetric key) derived from your passphrase.
Symmetric encryption is not supported by PHP's GnuPG module. There are no functions to perform symmetric decryption, and this limitation is also described in the module's source documentation:
This class provides an object oriented interface to GNU Privacy Guard (GPG).
Though GPG can support symmetric-key cryptography, this class is intended only to facilitate public-key cryptography.
You will have to perform decryption manually by calling gpg
. An example command line would be
gpg --symmetric --decrypt [file]
(alternatively, you can also provide the input through STDIN). For handing over the passphrase, have a look at GnuPG's --passphrase...
options:
--passphrase-fd n
Read the passphrase from file descriptor n. Only the first line will be read from file descriptor n. If you use 0 for n, the passphrase will be read from STDIN. This can only be used if only one passphrase is supplied.
--passphrase-file file
Read the passphrase from file file. Only the first line will be read from file file. This can only be used if only one passphrase is supplied. Obviously, a passphrase stored in a file is of questionable security if other users can read this file. Don't use this option if you can avoid it.
--passphrase string
Use string as the passphrase. This can only be used if only one passphrase is supplied. Obviously, this is of very questionable security on a multi-user system. Don't use this option if you can avoid it.
Be aware that all other users of a computer can read all other user's command line arguments, so especially for shared hosting platforms, --passphrase
is a definite no-go.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With