PHP Security and Encryption Encrypting Email with GPG

PHP Security and Encryption 

Encrypting Email with GPG

Problem

You want to send encrypted email messages. For example, you take orders on your website and need to send an email to your factory with order details for processing. By encrypting the email message, you prevent sensitive data such as credit card numbers from passing over the network in the clear.

Solution

Use the functions provided by the gnupg extension to encrypt the body of the email message with GNU Privacy Guard (GPG) before sending it:

     $plaintext_body = 'Some sensitive order data';

     $recipient = 'ordertaker@example.com';

     $g = gnupg_init();

     gnupg_seterrormode($g, GNUPG_ERROR_WARNING);

     // Fingerprint of the recipient's key

     $a = gnupg_addencryptkey($g, "5495F0CA9C8F30A9274C2259D7EBE8584CEF302B");

     // Fingerprint of the sender's key

     $b = gnupg_addsignkey($g, "520D5FC5C85EF4F4F9D94E1C1AF1F7C5916FC221",

                                      "passphrase");

     $encrypted_body = gnupg_encryptsign($g, $plaintext_body);

     mail($recipient, 'Web Site Order', $encrypted_body);

The email message can be decrypted by GPG, Pretty Good Privacy (PGP), or an email client plug-in that supports either program.

Discussion

The code in the Solution uses PHP’s gnupg extension, which, in turn, relies on the GPGME library, in order to perform OpenPGP-standard operations to encrypt and sign a message.

The resource returned by gnupg_init() is used in the rest of the function calls as a container for the specific settings related to the encryption we’re doing. Next, gnupg_se terrormode($g, GNUPG_ERROR_WARNING) ensures that we’ll get some PHP warnings generated if there are problems with any GnuPG operations.

This example encrypts and signs a message. The encryption ensures that only the desired recipient can decrypt and read the message. The signature lets the recipient be sure that this sender sent the message.

The key fingerprint passed to gnupg_addencryptkey() specifies which key should be used to encrypt the message. Only someone with access to the private key associated with this fingerprint will be able to decrypt the message.

The key fingerprint passed to gnupg_addsignkey() specifies which key should be used to sign the message. The third argument to gnupg_addsignkey() is the passphrase associated with this private key.

The functions in the gnupg extension look for keys in the same place that the command-line gpg executable does: a directory named .gnupg under your home directory (or under the home directory of the user that PHP is running as). To tell PHP to look in a different place for keys, set the GNUPGHOME environment variable to the desired directory.

After the keys have been set on the gnupg resource, the call to gnupg_encryptsign() produces the encrypted, signed message. By default, this value is “armored” as plain ASCII.

If you need to identify the correct fingerprint to pass to gnupg_addencryptkey() or gnupg_addsignkey(), use gnupg_keyinfo(), as shown here:

      $email = 'friend@example.com';

      $g = gnupg_init();

      $keys = gnupg_keyinfo($g, $email);

      if (count($keys) == 1) {

            $fingerprint = $keys[0]['subkeys'][0]['fingerprint'];

            print "Fingerprint for $email is $fingerprint";

      }

      else {

            print "Expected 1, found " . count($keys) .

      " keys for $email";

      }

Given a gnupg resource and a search string, gnupg_keyinfo() returns an array containing information about each key in the keyring whose UID (or part of a UID) matches the search string. Each element in that returned array is itself an array composed of many elements and subarrays describing lots of per-key information. The finger print key of the first element of the subkeys array gives us the appropriate value to pass to other gnupg functions.