gpg encryption failed: file open error

Question

I have been going nuts with this..

I have gnupg installed on my CentOS server and I try to encrypt uploaded files (uploaded via a PHP page). On the server via the command line, it works perfectly. But via the php script, it fails with this error:

gpg: /path-to-my-file/my-file: encryption failed: file open error

The user apache (which I think is used to run the exec command) has read/write in the directory of the file.

The file is uploaded fine (I can see it afterward as I removed the deletion of the unencrypted file from my code) and can be deleted correctly via the php site.

the command I run is the following

/path-to-gpg/gpg --homedir=/path-to-my-home-gnupg/.gnupg -e -r therecipient@email the-unencrypted-file

Any idea how I could tackle this? thanks

Answer 1

Try running the command with actual apache user privileges in verbose mode:

su apache -c /path-to-gpg/gpg -vv ...

Answer 2

A few things to check:

• Run system("ls " . escapeshellarg($file)) and check the result — is it file not found? Permission denied? That will help you debug.
• Run system("whoami") to make sure PHP is running as who you think it is.
• Run echo "<pre>ls " . escapeshellarg($file) . "</pre>" then copy+paste the command and run it from the shell to make sure that the path to the file is what you expected it to be.

Also, I believe CentOS runs SELinux by default… If you've got it installed, check the logs (in /var/log/) to see if SELinux is preventing Apache from executing GPG.