tags:

views:

637

answers:

3
+1  Q: 

PHP exec pgp command

I am want to use PHP to 'exec' a pgp encryption command. Regardless of the command line I get either a err 64 (parser error) or 162 (complete failure during an encode). So I have reduced the command line within the PHP program to this simple fingerprint display which stills errs out:

exec("/opt/pgp/bin/pgp --fingerprint", $results);

If I run "/opt/pgp/bin/pgp --fingerprint" on a command line I get "2 keys found" and the expected display. But the same exec under PHP gives me the parser error 64. I have tried "\n" to the string command and that does not make a difference. The user runs as 'nobody' in the browser which does have execute permission on pgp. (If pgp was not at least starting up I would not even see the 'parser error' from it.)

Is there something special I need to do in order to run pgp under PHP?

A: 

What execution context is this PHP script running in? Interactive command line, cron job, Web server (I do hope not)?

Depending on the answer to that, I might start looking at environment variables that PGP depends on which aren't set when it runs from this script.

chaos  2009-06-29 18:30:07
Yes, the actual command to encrypt a file is running in the Web Server context, namely, 'nobody' which has significant restrictions as you might expect. The Web Server is encrypting submitted user information so that it does not lay around in plain text. (The private key does not exist on this server).Any idea about which environment variables pgp might want to see?
Jim Thomas  2009-06-29 20:14:19
P.S. I see two environment variables: PGP_HOME_DIR, which I am setting explicitly in the command line (although not in my --fingerprint example) and the other is LD_LIBRARY_PATH which equals /opt/pgp/lib. Not sure if this latter one is the problem....
Jim Thomas  2009-06-29 20:20:54
and one more called PHOME which equals /opt/pgp
Jim Thomas  2009-06-29 20:26:03
They all sound like likely candidates. Try echoing them before the exec, to see if they're there (doubtful) and/or setting them inside the Web server process. (Both using $_ENV.)
chaos  2009-06-29 20:41:30
OK, I set the two environment variables (and did a getenv() to verify they were set). It did not resolve the issue.
Jim Thomas  2009-06-30 12:57:46
A: 

I have gone back to trying to actually encrypt a data file. Here is the 'status-file' output that pgp creates. It clearly shows an error on the last line of 'permission denied' on the file I am trying to encrypt 'test.txt'. That is bogus. I have granted all the world r/w to that file and it clearly accesses it becuase the status says it has encrypted the contents. So, really the question is what is permission being denied to?

Some other info: if I run PHP from the command line against this PHP script which calls pgp it works fine - the file gets encrypted. ALso, PERL runs the same commands (using SYSTEM()) when called from the browser. BUT, when the browser is used to call this PHP script it fails. Clearly, there is some permission problem running as 'nobody'.

/export/home/pgphome/.pgp/pubring.pkr:open keyrings (1006:public keyring) /export/home/pgphome/.pgp/secring.skr:open keyrings (1007:private keyring) 0x221DC947:encrypt (1030:key added to recipient list) /export/home/eckankar/dev/www/info/test.txt:encrypt (3048:data encrypted with cipher AES-128) /export/home/eckankar/dev/www/info/test.txt:encrypt (3124:permission denied)

As background here is the argument of the PHP exec() command: /opt/pgp/bin/pgp --encrypt /export/home/eckankar/dev/inc/test.txt --output /export/home/eckankar/dev/www/info/test.xxx -r membership --overwrite remove --home-dir /export/home/pgphome/.pgp -v --status-file /export/home/eckankar/dev/inc/test.txt.err

ALl the folder/directories in this command have granted 'rwx' to the world.

Here is what the status output file looks like when the encrypt succeeds as it does if run from a command line (/opt/csw/php5/bin/php test.php) rather than through the browser:

pgp:encrypt (3157:current local time 2009-06-30T11:51:17-05:00) /export/home/pgphome/.pgp/pubring.pkr:open keyrings (1006:public keyring) /export/home/pgphome/.pgp/secring.skr:open keyrings (1007:private keyring) 0x221DC947:encrypt (1030:key added to recipient list) /export/home/eckankar/dev/inc/test.txt:encrypt (3048:data encrypted with cipher AES-128) /export/home/eckankar/dev/inc/test.txt:encrypt (0:output file /export/home/eckankar/dev/inc/test.txt.pgp)

Jim Thomas  2009-06-30 13:05:35
+1  A: 

Answer is: need to specify a --temp-dir in the command line.

Jim Thomas  2009-06-30 23:17:26

related questions

Obscuring network proxy password in plain text files on Linux/UNIX-likes
Why doesn't **find** find anything?
Getting stack traces on Unix systems, automatically
Differences between unix and windows files
How do you do a case insensitive search using a pattern modifier using less ?
Using Visual Studio to develop for C++ for Unix
How do I generate ASCII codes 2 and 3 in a Bash command line?
What's in your .procmailrc
Allow user to set up an SSH tunnel, but nothing else
What is PHP Safe Mode GID?
How to avoid redefining VERSION, PACKAGE, etc.
How can I encode xml files to xfdl (base64-gzip)?
Faster way to find duplicates conditioned by time
Date arithmetic in Unix shell scripts
Using Xming X Window Server over a VPN
Windows Equivalent of 'nice'
How do I configure and communicate with a serial port?
Choosing a static code analysis tool
What should a longtime Windows user know when starting to use Linux?
How do I use (n)curses in Ruby?
Process size on UNIX
Getting root permissions on a file inside of vi?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
Fastest way to get value of pi