Hello guys,

I would appreciate it big time if you can help me :).

I promise a big round of beer.......cyber beer that is.

Thanks

Are you saying that the information you would like to get out of the variable is wrapped in something else? Can you use a regular expression to get the value out?

I'm not sure what the issue is actually. I'm basically returning the data that GPG returns into a variable.

The problem is that when you take that data and try to decrypt it, GPG doesn't recognize it.

Basically I guess I want to know how you can encrypt data and then decrypt it without ever putting it into a file. Sounds funny, but I'm having issues when not using it with files.

I think the reason is that with files it has the header and footer and I think that is the only way GPG knows what to do with it.

Does that explain it better?

Ok, I promise it will be the best cyber beer or whatever it is your hearts desire if anyone can help solve this issue :)

I really don't follow. Let's say I'm running a script ...

<?php 
$variable = 'my_unencrypted_string'; 
$md5 = md5($variable); 
// $md5 = d22f2d54ad677550eafbce24d547c030 
print "My unencrypted string is $variable"; 
?>

Wouldn't you already know what the unecrypted string is?

Hi coopster,

Well this is different and even if that was using gpg it wouldn't help. Of course I know what the unencrypted string is.

The issue is that once encrypted into a variable I cannot decrypt it. GPG says it doesn't see any valid data....I don't know why or how to make it work.

If I encrypt a file then I can decrypt it, but when not using files I just can't figure out how to make it work :(

Anyone here experienced with PHP and GPG?

The issue is that once encrypted into a variable I cannot decrypt it.

That's exactly my point, stidj. Why do you even have a need to *decrypt* it in your script? You just encrypted the variable, so you still have the original value in memory somewhere, why do you need to decrypt it?

I'm not trying to frustrate you, by the way, I'm just trying to help clarify your thoughts here so myself and others can understand what you are trying to do. It is still very unclear. Thanks for your patience.

Hi coopster,

Sorry if my last comment appeared to be in frustration, it really wasn't. I was trying to clarify more too.

I don't want to decrypt the variable in that script. I want to decrypt it on another machine.

The idea is that later I should be able to decrypt it somewhere else, of course if GPG won't recognize the data as being valid I can't decrypt it anywhere.

Is that clear? Anyone feel free to ask away if I am not being clear......whoever can help solve this first will get the best cyber beer :)

shell_exec("echo $argv[1] ¦ $gpg -e -r $recipient")

Is this "like" what you're using or are you using that line exactly?

PHP will not recognize array references inside double quotes. So you may be encrypting a blank variable, that's why it doesn't recognize it.

try:

shell_exec("echo " . $argv[1] . " ¦ $gpg -e -r $recipient")

I could be completely off base here, but it's worth a shot.

When I get home I will try that. I don't think that is the issue because encrypted looking data is being returned.

Thanks

If that doesn't work I think I'll go the route of encrypting to a file because I know that always works fine with decryption and then reading the contents of the file into the variable.

I think the issue is that by not sending it to a file all you get back is encrypted data but the header and footer part you normally see in an encrypted file is not there.

I could be wrong and if I am someone tell me exactly why and how to make this work :)

I promise a round of beer for all!

Hi mattx

Just to update you, all that code does is result in the variable being assigned the literally echo command ......basically it is what should be executed but instead it just becomes a literal string.

Thanks for the effort though.

Ok guys, mission accomplished.

The way to fix it is to use all of these switches when executing gpg ( in addition to the obvious -e for encryption and -r for recipient)

--always-trust --no-secmem-warning -e -a --batch -t

Just for putting up with me here is big round of cyber beer and hopefully this thread ends up helping someone who will inevitably have the same issue one day.

Cheers

Also to add.......the difference between using the above swithes and not using them (although I'm not sure which switch does it) is that the header/footer info is created like so:
-----BEGIN PGP MESSAGE----- Version: GnuPG v1.0.7 (GNU/Linux)

So I was right, you will likely have issues if you do not use the mentioned switches :)

Yes, what you needed was the "-a" for "ascii armour", which will give you the header and footer that you were looking for.
--batch indicated that there's no interaction with the shell/terminal, and -t means the lines are terminated with CRLF.

I've implemented this before, with varying degrees of success.

BTW, I'm just adding to this thread so that others reading this will understand what the differences are between the original command and the one that worked. :)

It is a wise choice because I didn't explain it too well.

So there is basically no way for it to work without -a for ASCII armor I guess?

Too bad no tutorials mention this important thing :)