There is actually a gpg PHP module available that makes gpg easy functions available to PHP so you do not need to execute command line programs on plain text files.
Remember if you write your data to a plain text file it will temporarily be vunerable to interception by anyone with read access to the file on your web server. With PHP that means at least: the administrators of the machine and any other user on the web server or PHP script being run. There module is available at http://sourceforge.net/projects/gpgext/, here is the description: GPGext is a extension (module) for PHP, written in C, to support GPG manipulation. It use the GPG Made Easy library, and ports all of its functions to PHP, including generating, listing, exporting, and importing of keys, and encrypting and decrypting data. An GUI created with PHP-Gtk is also included to show how this extension works. PHP examples and documentation are also included. Of course a plain text command line solution may be easier to implement however I would avoid implementing that one myself unless you have a high trust level of the server and know the time between writing the file out, encrypting it and wiping it will be small. Jason On Mon, 2002-12-16 at 03:57, David T-G wrote: > Jonathan -- > > ...and then Jonathan said... > % > % I have necessary PGP client software on my machine and have tested the > % functionality of PGP from my site, however, I want to know how to use > % PHP to send a PGP email. > > 1) Do you know how to use pgp to encrypt and decrypt a file? > > 2) Do you know how pgp is used by a mail user agent to encrypt a mail > message? > > > % > % This is the scenario, > % > % I have a shopping cart which directs to SSL, then while in SSL, the > % customer will input their information, including credit card info. > > OK. > > In general, you send a mail message to someone with the mail() function, > and many people choose to predefine their headers, recipient, and content. > To wit: > > [From the manual:] > mail > (PHP 3, PHP 4 ) > mail -- send mail > Description > bool mail ( string to, string subject, string message [, string > additional_headers [, string additional_parameters]]) > > and > > <?php > $to = "[EMAIL PROTECTED]" ; > $subject = "this is a message" ; > $headers = "From: [EMAIL PROTECTED]\nX-Stuff: another header\n" ; > $body = "This is my message body.\n\nThere; that was fun.\n" ; > mail($to,$subject,$message,$headers) ; > ?> > > All you have to do is encrypt your message body and then paste that into > this example as $body. You could do it either by capturing $body or just > doing an inline replacement. To wit: > > bash-2.05a$ echo "this is text" \ > | gpg --encrypt --armor --recipient 7B9F4700 \ > | gpg --armor --decrypt > > You need a passphrase to unlock the secret key for > user: "David T-G <[EMAIL PROTECTED]>" > 2048-bit ELG-E key, ID 1AEFE05A, created 2001-12-16 (main key ID > 7B9F4700) > > gpg: encrypted with 2048-bit ELG-E key, ID 1AEFE05A, created 2001-12-16 > "David T-G <[EMAIL PROTECTED]>" > this is text > > Of course, leaving off the decrypt side will spit out a lovely encrypted > text block -- but that takes up more lines to demo :-) > > > % > % I want to show a receipt, (no cc #'s of course) and send the order to an > % administrator of the site using PGP after all the information has been > % gathered and send it from SSL. The site's admin will be able decrypt the > % information using the client software. > > So the site's admin will get a encrypted mail message, right? What's > this about no cc number -- you won't print one on the receipt, or you > won't give one to the admin, or the receipt without the number is what > the admin gets? > > > % > % > % Thanks in advance. > > HTH & HAND > > > :-D > -- > David T-G * There is too much animal courage in > (play) [EMAIL PROTECTED] * society and not sufficient moral courage. > (work) [EMAIL PROTECTED] -- Mary Baker Eddy, "Science and Health" > http://www.justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg! > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
