You are Here: FAQ ->Scripting and Programming Languages->PHP->Article #12


WebHosting 5.0 This article is for 1&1 Linux WebHosting only.


How to send encrypted messages using PGP and PHP scripts



PGP Pretty Good Privacy
PGP is an electronic privacy program which lets you encrypt files and e-mails. PGP
is based on Public/Private Key Encryption. It uses two keys for -- one is a public
key that you send to anyone from whom you want to receive a message. The other is a
private key that you use to decrypt messages that you receive.

Before you encrypt data with PGP, you will need to generate a key pair. This
consists of a public and private key. The public key is uploaded to the server and
the private key should be kept on your local machine.

1. First connect to your web space via SSH. Follow FAQ: for more information.

2. Once in type gpg --gen-key
u35962080:~ > gpg --gen-key
The following questions are asked
==================================================
Please select what kind of key you want:
(1) DSA and ElGamal (default)
(2) DSA (sign only)
Your selection? 1

DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair.
minimum keysize is 768 bits
default keysize is 1024 bits
highest suggested keysize is 2048 bits
What keysize do you want? (1024) 1024
Requested keysize is 1024 bits

Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct (y/n)? y

You need a User-ID to identify your key; the software constructs the user id
from Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de >"

Real name: oneandone
Email address: info@justonedomain.com
Comment:
You selected this USER-ID:
"oneandone <info@justonedomain.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

You need a Passphrase to protect your secret key. Enter the passphrase twice.
The key pair is now generated. These keys are located in .gnupg under root.


3. Set the correct permissions for the .gnupg folder and the files in it so the
webserver can access them. Type the following commands:

uxxxxxxxx:~ > chmod 777 .gnupg/
uxxxxxxxx:~ > cd .gnupg/
uxxxxxxxx:~/.gnupg > chmod 604 random_seed
uxxxxxxxx:~/.gnupg > chmod 644 pubring.gpg
Never leave your private key secring.gpg on the server. Copy it on to your
local system.

trustdb.gpg is not created by default. Just type the following command and it will
be created.
uxxxxxxxx:~/.gnupg > gpg -e -r "e-mail address used while creating the user-id"
For example: uxxxxxxxx:~/.gnupg > gpg -e -r info@justonedomain.com

uxxxxxxxx:~/.gnupg > chmod 666 trustdb.gpg

4. To encrypt a file named "text.txt" type the following command
uxxxxxxxx:~ > gpg -e -r "username e-mail address" test.txt
For eg: uxxxxxxxx:~ > gpg -e -r info@justonedomain.com test.txt
What this command does is, it encrypts the content in test.txt file and pipes it to
test.txt.gpg file.

5. To decrypt a file, you will first need the passphrase you created.
uxxxxxxxx:~ > gpg -d test.txt.gpg

You need a passphrase to unlock the secret key for
user: "test <info@justonedomain.com>"
1024-bit ELG-E key, ID 691280AA, created 2005-05-26 (main key ID AFE9C30F)

Enter passphrase:

The decrypted message will be displayed.

6. Now you can write a PHP script that encrypts the messages and sends it to you.
Note: The PHP script should be in a subfolder under root. It cannot be in the
root of your web space as you cannot change the permissions on root.
a. So for example, create a folder named "pgp"
uxxxxxxxx:~ > mkdir pgp

b. Change the permissions on this folder to 777
uxxxxxxxx:~ > chmod 777 pgp

c. Now change to that directory
uxxxxxxxx:~ > cd pgp

7. Here you can create a PHP script that encrypts messages.
The following are 2 sample scripts:
send_email.html 
<HTML>
<HEAD>
<TITLE>PGP Encryption</TITLE>
</HEAD>
<BODY>
<h1>Form to Send Encrypted Message</h1>

<FORM method="POST" action="sendpgp.php">

<p>Your Name:<br>
<INPUT type="text" name="T1" size=25></p>

<p>Your E-Mail Address:<br>
<INPUT type="text" name="email" size=25></p>

<p>Your Message:<br>
<TEXTAREA name="message" cols=35 rows=5></TEXTAREA></p>
<input type=hidden name="recipient" value="30">
<p><INPUT type="submit" value="Send Message" name="B1"></p>
</FORM>
</BODY>
</HTML>


sendpgp.php 
<?

//replace this with your PGP user name or e-mail address that you used to generate the PGP keypair
$pgpuser = "info@justonedomain.com" ;

$testemail = "hello@justonedomain.com";
$emailsubject = "Encrypted Information";

//this is the email submit from form
$emailfrom = "From:". $HTTP_POST_VARS[email];

//form message
$body = $HTTP_POST_VARS[message];

//Tell gnupg where the key ring is. Home dir of user web server is running as.
// change this to the correct path of your web space /kunden/homepages/41/dxxxxxx/htdocs/.gnupg
putenv("GNUPGHOME=/kunden/homepages/xx/dxxxxxxxx/htdocs/.gnupg");

//create a unique file name
$infile = tempnam("/tmp", "PGP.asc");
$outfile = $infile.".asc";

//write form variables to email
$fp = fopen($infile, "w");
fwrite($fp, $body);
fclose($fp);

//set up the gnupg command. Note: Remember to put e-mail address on the gpg keyring.
$command = "/usr/bin/gpg  -a --always-trust --batch --no-secmem-warning -e -r $pgpuser  -o $outfile $infile";

//execute the gnupg command
system($command, $result);

//delete the unencrypted temp file
unlink($infile);

if ($result==0) {
   $fp = fopen($outfile, "r");
   if(!$fp||filesize ($outfile)==0) {
     $result = -1;
   }
   else {
     //read the encrypted file
     $contents = fread ($fp, filesize ($outfile));
     //delete the encrypted file
     unlink($outfile);
     //send the email
     mail ($testemail, $emailsubject, $contents, $emailfrom);

     print "<html>Thank you!! Your encrypted e-mail has been sent. </html> ";
   }
}
if($result!=0) {
   print "<html>Their was a problem processing the information.";
}
?>

8. Now the message is sent encrypted. You have to copy the entire message and then
paste it into a file, and run the command gpg -d message.txt.gpg
You will asked for the passphrase. If entered correctly, the message is decrypted.



Disclaimer: 1&1 provides the scripts and related information on this page as a courtesy, subject to 1&1's General Terms and Conditions of Service (the "GT&C"). As set forth in more detail in the GT&C, the scripts and information are provided "as-is", without any warranty, and 1&1 is not liable for any damages resulting from your use of the scripts or information.


Print Article
How useful was this article?
(From 5 = Very Useful to 1 = Not useful at all):
1 2 3 4 5


 © 2008 1&1 Internet Inc - About 1&1 Internet