How can we do PGP encryption/decryption using RSA in Php?

Question

I have installed GnuPG library and used below code for encryption and decryption:

$public_key = '/path/0xC6235F66-pub.asc';
$private_key = '/path/0xC6235F66-sec.asc';


function encryptText($public_key, $text)
{
    // Set GnuPG homedir to /tmp
    putenv("GNUPGHOME=/tmp");

    $public_key = file_get_contents($public_key); 

    // Create new GnuPG instance
    $gpg = new gnupg();
    // Import given public key
    $key = $gpg->import($public_key);
    // Add imported key for encryption
    $gpg->addencryptkey($key['fingerprint']);
    // Encrypt the secret to a PGP message
    $enc = $gpg->encrypt($text);
    // Clear the encryption key
    $gpg->clearencryptkeys();
    // Return  the PGP message

    return $enc;
}


function decryptText($private_key, $encryptedText)
{
    // Set GnuPG homedir to /tmp
    putenv("GNUPGHOME=/tmp");

    $private_key = file_get_contents($private_key); 

    // Create new GnuPG instance
    $gpg = new gnupg();
    // Import given public key
    $key = $gpg->import($private_key);
    // Add imported key for encryption
    $gpg->addencryptkey($key['fingerprint']);
    // Encrypt the secret to a PGP message
    $decText = $gpg->decrypt($encryptedText);
    // Clear the encryption key
    $gpg->clearencryptkeys();
    // Return  the PGP message

    return $decText;
}


$encrypted = encryptText($public_key, $input = 'just an example');
echo 'Encrypted text: '.$encrypted;

$decrypted = decryptText($private_key, $encrypted);
echo 'Decrypted text: '.$decrypted;

echo 'Match: ';
var_dump($input === $decrypted);

Using the above encryptText() function I got the encrypted text but unable to decrypt the same with function decryptText(). As i know, PGP encryption using rsa works with private & public key. I have both the keys in place and using public key for encryption which is giving some encrypted string output but unable to decrypt the encrypted string.

Please help here.

Answer 1

This question was posted some time ago, so a new answer may not be useful any longer, but the biggest issue with the current version of your code (as posted in the question on the day I write this answer) is that you're adding your decryption key (private) as an encryption key (public) by accident. In decryptText(), you'll need to change addencryptkey() to adddecryptkey(), and clearencryptkeys() to cleardecryptkeys().

You may also need a passphrase for the decryption key (private). That depends on whether the key is set up to require one, though.

Answer 2

This follow code working for me:

    putenv("GNUPGHOME=/tmp");
    $gpg = new gnupg();
    $gpg->seterrormode(gnupg::ERROR_EXCEPTION);
    $publicData = file_get_contents('/var/www/html/web/resources/keys/public.asc');
    $privateData = file_get_contents('/var/www/html/web/resources/keys/SECRET.asc');
    $publicKey = $gpg->import($publicData);
    $privateKey = $gpg->import($privateData);
    $gpg->addencryptkey($publicKey['fingerprint']);
    $gpg->adddecryptkey($privateKey['fingerprint'],"YOUR_PASSPHASE");
    $encrypt = ($gpg->encrypt('Data to encrypt'));
    echo $encrypt;
    echo '<pre>';
    print_r($gpg->decrypt($encrypt));
    echo '</pre>';die;

Answer 3

You should not hard-code the fingerprint. You should also use the private key to decrypt.

function encryptText($public_key, $data)
{
    $gpg = gnupg_init();
    ['fingerprint' => $fingerprint] = gnupg_import($gpg, $public_key);
    gnupg_addencryptkey($gpg, $fingerprint);

    return base64_encode(gnupg_encrypt($gpg, $data));
}

function decryptText($private_key, $data)
{
    $gpg = gnupg_init();
    ['fingerprint' => $fingerprint] = gnupg_import($gpg, $private_key);
    gnupg_addencryptkey($gpg, $fingerprint);

    return gnupg_decrypt($gpg, base64_decode($data));
}

print $encrypted = encryptText($public_key, $input = 'just an example');
print $decrypted = decryptText($private_key, $encrypted);
var_dump($input === $decrypted);