Reputation: 1084
php gnupg decrypt exists with "decrypt failed"
I try to encrypt and decrypt a string with php gnupg. The encryption work well. It could be decrypted via shell.
When I try to decrypt the string with gnupg_decrypt it terminates with a simple "decrypt failed".
I tried to regenerate the keys with different methods but the result is the same.
The code seems to import only the public key but the private key isn't imported.
- PHP-Version: 7.2.5
- GPGme Version: 1.10.0
- Extension Version: 1.4.0
- gpg (GnuPG) 2.2.4 --libgcrypt 1.8.1
How could I decrypt the text?
The folowing code is used to decrypt the message:
// initialize PGP
putenv("GNUPGHOME=".__DIR__."/.gnupg");
$oPgp = new gnupg();
var_dump($oPgp->keyinfo(''));
// get encrypted Message
$sEncryptedText = file_get_contents(__DIR__.'/msg.txt');
// import Key
$mInfo = $oPgp->import($sPrivateKey);
// show infos
echo "<br><br> Private-Key: <br> ";
var_dump($mInfo);
echo "<br><br>was Key added?<br>";
var_dump($oPgp->adddecryptkey($mInfo['fingerprint'], 'here is the correct password'));
echo 'Decrypted:<br>';
var_dump( $oPgp->decrypt($sEncryptedText));
echo 'Errors:<br>';
var_dump($oPgp->geterror());
$oPgp->cleardecryptkeys();
var_dump($oPgp->keyinfo(''));
The output is the flollowing:
/var/www/html/encrypt_test/encrypt.php:73: array (size=0)
empty
Private-Key:
/var/www/html/encrypt_test/encrypt.php:83:
array (size=9)
'imported' => int 1
'unchanged' => int 0
'newuserids' => int 0
'newsubkeys' => int 0
'secretimported' => int 1
'secretunchanged' => int 0
'newsignatures' => int 0
'skippedkeys' => int 0
'fingerprint' => string 'fingerprint1' (length=40)
was Key added?
/var/www/html/encrypt_test/encrypt.php:86:boolean true
Decrypted:
/var/www/html/encrypt_test/encrypt.php:89:boolean false
Errors:
/var/www/html/encrypt_test/encrypt.php:92:string 'decrypt failed' (length=14)
/var/www/html/encrypt_test/encrypt.php:96:
array (size=1)
0 =>
array (size=8)
'disabled' => boolean false
'expired' => boolean false
'revoked' => boolean false
'is_secret' => boolean false
'can_sign' => boolean true
'can_encrypt' => boolean true
'uids' =>
array (size=1)
0 =>
array (size=6)
'name' => string 'name' (length=x)
'comment' => string 'comment' (length=x)
'email' => string 'email' (length=x)
'uid' => string 'uid' (length=x)
'revoked' => boolean false
'invalid' => boolean false
'subkeys' =>
array (size=2)
0 =>
array (size=11)
'fingerprint' => string 'fingerprint1' (length=X)
'keyid' => string 'id1' (length=X)
'timestamp' => int 1234
'expires' => int 0
'is_secret' => boolean false
'invalid' => boolean false
'can_encrypt' => boolean false
'can_sign' => boolean true
'disabled' => boolean false
'expired' => boolean false
'revoked' => boolean false
1 =>
array (size=11)
'fingerprint' => string 'fingerprint2' (length=x)
'keyid' => string 'keyid2' (length=x)
'timestamp' => int 1234
'expires' => int 0
'is_secret' => boolean false
'invalid' => boolean false
'can_encrypt' => boolean true
'can_sign' => boolean false
'disabled' => boolean false
'expired' => boolean false
'revoked' => boolean false
Upvotes: 1
Views: 2002
Answers (1)
Reputation: 1084
I've got the Solution: In GPG version > 2.0.0 you can't pass a Password to the private key. This is restricted, cause of security reasons. The password shouldn't pass readable to the program.
It could be fixed in two ways:
One way is to use a Key without a Password. Then you can use the Method without a Password.
The other way is to allow unattended processing. You can see here how to do that.
Upvotes: 0
Related Questions
- gpg decryption fails with no secret key error
- PHP gnupg enrypt works but decrypt not
- Unable to encrypt in PHP using GnuPG
- gnupg decrypt command with php with passphrase
- Trouble with PHP GnuPG encryption
- Can't decrypt file encrypted with openpgp-php in gnupg
- php GnuPG decrypt times out
- PHP GnuPG - Signing message fails
- GPG Error Code 2
- gpg encryption failed: file open error