PHP gnupg enrypt works but decrypt not

Question

i'm about to use gnupg to encrypt and decrypt files. The strange thing is, encrypt works fine, but decrypt always returns false.

Here a simple php script encrypting and decrypting content:

$content = 'test text';
putenv("GNUPGHOME=/PATH_TO_GPG_PATH");
$gpg = new gnupg();
$gpg->addencryptkey("FINGERPRINT");
$enc = $gpg->encrypt($content);

var_dump($enc);

$gpgD = new gnupg();
$gpgD->adddecryptkey("FINGERPRINT","PASSPHRASE");
$plain = $gpgD->decrypt($enc);
var_dump($plain);

Versions

Debian packages

gpgv 1.4.18-7

libgpgme11:amd64 1.5.1-6

pecl

Package Version State gnupg 1.4.0 stable

PHP version: PHP 7.1.11-1+0~20171027135825.10+jessie~1.gbp2e638d

Anyone experienced this problem already? I'm out of ideas. Thank you in advance.

Answer 1

For me the issue was the PHP application didn't have the right permissions to the key files. If you generate the keys with the 'gpg' cli (like I did) it makes the files owned by 'root'. So I just needed to change them to be owned by the php application user.

The folders I needed to update permissions on were {GNUPGHOME}/openpgp-revocs.d and {GNUPGHOME}/private-keys-v1.d

My guess for you its the /private-keys-v1.d folder since you can't decrypt it.

Answer 2

Have you tried invoking gnupg_geterror() after gnupg_adddecryptkey()? I suspect your private key is not actually getting accepted. I assume it needs to be in PHP user's GPG keyring? Also in a couple of brief tests I ran, I kept getting prompted for the passphrase on the terminal, but that could be because of my paranoid gpg config (I disable passphrase caching completely).

Another way to trap errors would be to set gnupg_seterrormode() to ERROR_EXCEPTION or similar to see what's actually happening...