Decrypting an encrypted file with PHP and GnuPG can be a bit more complex than encrypting, since you are required to provide a GnuPG passphrase. The solution to having to type the passphrase every time the script is run lies in a handy little gpg switch called --passphrase-fd. This switch tells GnuPG to accept the passphrase from a file descriptor, which means that you can echo the passphrase and pipe the output to gpg, as seen in the following example.
$gpg = '/usr/bin/gpg';
$passphrase = 'My secret pass phrase.';
$encrypted_file = 'foo.gpg';
$unencrypted_file = 'foo.txt';
echo shell_exec("echo $passphrase | $gpg --passphrase-fd 0 -o $unencrypted_file -d $encrypted_file");
This script tells gpg to accept the passphrase from STDIN (indicated by the 0 following the switch) and decrypt the information into a file named "foo.txt".
As with encrypting information, you can leave off the -oswitch to gpg and let the decrypted data be captured inside a variable.
It should be noted that the -o switch should always come before the -d switch.
Be the first one to add a comment