是否可以将消息和公钥从stdin传递到gpg / gpg2？

Question

If I have both a message (M) and a public key (P) in a process memory, what would be the way to encrypt M using P without writing either to a temporary intermediate file?

Any chance I can pass both into stdin and use some tricky protocol gpg(2) supports to accept both from pipe?

If no - what would be other the alternatives for php (keeping in mind there is no native binding and using the 3rd party extensions is not possible (it's not in the standard ubuntu repository and supporting a custom build and a custom repository is too costy))?

Answer 1

I don't believe such mechanism exists. GnuPG expects to have the keyring as a file in order to perform a pubkey operation -- I don't believe it is able to accept actual public keys for a one-time encryption operation without them being in the keyring.

You would first have to import that public key into a keyring, and then pass that keyring location to GnuPG -- in other words, you must be able to write it out somewhere. If you don't want to put them on disk, you can use /dev/shm , which is a ramdisk present on most Linux systems.

Answer 2

To large parts, this is my answer from a similar question posted on Server Fault . Replicated as cross-site duplicates are not possible.

GnuPG requires all keys you want to use to be imported into a keyring.

If you don't want to import it to your normal keyring, either use another (temporary) keyring, or even a temporary GnuPG home directory (which will also bypass any configuration). If you do not want to store the key on your hard disk, consider using a memdisk.

Temporary Keyring

Set --primary-keyring temporary.gpg to use (and create if necessary) a temporary keyring as default. It will be created in your GnuPG home directory ( ~/.gnupg/temporary.gpg by default). Your normal keyring will still be available, but imports will go to the temporary one. Delete it as you want to.

For example:

gpg --primary-keyring temporary.gpg --import key.asc
gpg --primary-keyring temporary.gpg --recipient 0xDEADBEEF --encrypt
rm ~/.gnupg/temporary.gpg # can be omitted, not loaded by default

Temporary GnuPG Home Directory

This will also reset all configuration, and might be helpful for testing some stuff. Set --homedir [folder] or the environment variable $GNUPGHOME , import the key, perform any operations and then delete the folder as you wish to.

For example:

export GNUPGHOME=/tmp/gnupg # Or apply --homedir on each invocation
gpg --import key.asc
gpg --recipient 0xDEADBEEF --encrypt
rm -r $GNUPGHOME # Can be omitted
unset $GNUPGHOME

GnuPG is very picky regarding permissions, you might need to apply stricter permissions to the $GNUPGHOME folder before being able to perform all operations. Might very well be an option to keep some playground- $GNUPGHOME around.

GnuPG for PHP in Ubuntu

There is an official PHP PEAR module for GnuPG, which is also packaged for Ubuntu in the official repositories , and I would strongly recommend for using this module instead of manually building an interface to GnuPG.