Decrypting files using GnuPG (GPG) via PHP

By: Darrell Brogdon Viewed: 153339 times  Printer Friendly Format    


Decrypting an encrypted file with PHP and GnuPG can be a bit more complex than encrypting, since you are required to provide a GnuPG passphrase. The solution to having to type the passphrase every time the script is run lies in a handy little gpg switch called --passphrase-fd. This switch tells GnuPG to accept the passphrase from a file descriptor, which means that you can echo the passphrase and pipe the output to gpg, as seen in the following example.

<?php 
$gpg = '/usr/bin/gpg'; 
$passphrase = 'My secret pass phrase.'; 
$encrypted_file = 'foo.gpg'; 
$unencrypted_file = 'foo.txt'; 

echo shell_exec("echo $passphrase | $gpg --passphrase-fd 0 -o $unencrypted_file -d $encrypted_file"); 
?>

This script tells gpg to accept the passphrase from STDIN (indicated by the 0 following the switch) and decrypt the information into a file named "foo.txt".

As with encrypting information, you can leave off the -oswitch to gpg and let the decrypted data be captured inside a variable. 

It should be noted that the -o switch should always come before the -d switch.



Most Viewed Articles (in PHP )

Latest Articles (in PHP)

Comment on this tutorial