GnuPG无法在Nginx的PHP中工作

Question

I think that probably I'm missing something, but I don't see it right now. I want create a simple form where users can encrypt automatically messages between them (form message to user2 -> encrypt(message) -> user2 receive it and decrypt). I'm using nginx, I installed gnupg following their instructions and add it to my php.ini (now it shows that GnuPG is enabled with GPGME Version 1.4.3 and Extension Version 1.3.6) I want use a specific keyring located at /usr/share/nginx/.gnupg I tried the following code:

$iterator = new gnupg_keylistiterator("developer");
foreach($iterator as $fingerprint => $userid) {
    echo $fingerprint." -> " . $userid . "\n";
}
var_dump($iterator);

And I just obtain the following response from var_dump:

object(gnupg_keylistiterator)#1 (0) { }

Maybe my question is an idiot question, but I never used gnupg in php and I want learning, but I'm stunk since yesterday and I don't understand why it doesn't work... Thanks for your time

Answer 1

The most common issue is that you imported the keys to another keyring than later is searched for keys. GnuPG uses a per-(system)-user "GnuPG home directory", each containing individual keyrings. If you import a key as the administrator or a developer you import the key to your own keyring, while usually the web server running the PHP application is executed in another user context and will not find this key, resulting in an empty result when listing the keys from within PHP.

You can set this by setting up an environment variable before initializing the GnuPG binding.

putenv("GNUPGHOME=/tmp");  // Set GnuPG home directory to the temp folder
$res = gnupg_init();       // Initialize GnuPG

Obviously /tmp does not actually qualify as a reasonable directory, choose something where your application stores application data anyway. It should not be a directory accessible through HTTP.

As an alternative, gnupg_import($res, $pubkey) the key before using it (but this will result in some performance penalty for importing the key).