Send encrypted file (zip or txt) - via PHP - openable on Windows PC

Question

I have a need to send some minimal data via email to users (but it must be encrypted).

They would need to DL the attachment and decrypt it with some kind of easy to use software (PC / MAC)... any ideas here?

My first thought is to make an encrypted zip file that they can open with 7zip or winzip... but I have found that it can't happen with a typical PHP/Linux app.

Answer 1

You can use mcrypt and Blowfish to encrypt message. You can find many encrypt/decrypt programs for Blowfish eg... http://www.di-mgt.com.au/mysecret.html

<?php

    $key = 'too many secrets?';
    $text = 'If you are paranoid, we know who you are and what you want. Stay online so we can trace you.';

    $crypt_text = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $text, MCRYPT_MODE_ECB);

    var_dump($crypt_text);

    $plain_text = mcrypt_decrypt(MCRYPT_BLOWFISH, $key, $crypt_text, MCRYPT_MODE_ECB);

    var_dump($plain_text);

?>

Test:

string(96) "dà¨gþJ\V$3Äö,'  [y€&”¼‚\•òÏ=$ÅdG|ÀœÀbáÌɽûÝÉ·'þØ?I½}8óTé5<-‹ôÞ¶Ÿ°ÅMcCê®JxØ@RIú£Ç‹™xÞ"
string(96) "If you are paranoid, we know who you are and what you want. Stay online so we can trace you.����"

The program I've linked needs input file like this (you can easily make it like that in email).

-----BEGIN MYSECRET----- TVn8APjdMOdLPUBQ2OWsEh7wWnihhKKOKf11Vj0oo4pM20BPwrRXJyL+nBOL dpxdc+PQQoQlr0Vz1n1Fv932HQ16DG712ui69T3O0jI3NfX8jRjtZkal/sFy Vu9JJEWPfZ2Ri1fkfOCqe9ZvFEmJ78BcUVmf37SYbgKi8UcAv4i1heHfJ05e nde6nFeiyDptYflT7SiIGHcO1cVya22b1OLHakAE2paS1OJqQrHYc+5wEAdo DU/0BmNvNNYOekmHZT19C1+cIwZFo3ACLRN44gZffx+KIng570UcoNYa7NWn hzt6gvQHXEp2jnE= -----END MYSECRET-----

Answer 2

Isn't a solution for you to store the archives on the server, and send by email link to php page that can fetch specific zip and send it to the user after the user login with basic authentication. So only the users that know the password can execute that script and download the file. What do you think?

Answer 3

What can't happen with a typical PHP app? You can certainly zip files: http://php.net/manual/en/book.zip.php

Answer 4

I use GNUPG: http://www.gnupg.org/

You will need access to your webserver to either install it, or if it is installed, to add your keyring.

Then you can either use it with an exec call, or the GNUPG PECL extension.

The problem with this, is that the user has to create a key using the same email address ($gpgrecipient) that you use to encrypt it, and they have to do it BEFORE you encrypt it, and upload it to a public key server(which the software will do). However the software is pretty easy, and it is cross platform.

For my php encryption script, I use:

<?php
//error_reporting(E_ALL);
echo 'GNUPG Test<br /><br />';

putenv("GNUPGHOME=/home/me/.gnupg");

$gpg = '/usr/bin/gpg';
$gpgrecipient = 'ben@mydomain.com';
$plaintext = 'This should be encrypted!!!!';



$descriptorspec = array(
   0 => array("pipe", "r"),  // stdin 
   1 => array("pipe", "w"),  // stdout 
   2 => array("file", "/usr/home/me/error-output.txt", "a") // stderr is a file to write to
);

$cwd = '/usr/bin/';
$env = array('GNUPGHOME' => '/usr/home/me/.gnupg');


$process = proc_open("gpg --no-auto-check-trustdb -q --auto-key-locate keyserver --no-secmem-warning --lock-never -e -a -r {$gpgrecipient}", 
                        $descriptorspec, $pipes, $cwd, $env);

if (is_resource($process)) {
    // $pipes now looks like this:
    // 0 => writeable handle connected to child stdin
    // 1 => readable handle connected to child stdout

    fwrite($pipes[0], $plaintext);
    fclose($pipes[0]);

    $encrypted = stream_get_contents($pipes[1]);
    fclose($pipes[1]);

    // It is important that you close any pipes before calling
    // proc_close in order to avoid a deadlock
    $return_value = proc_close($process);

 //   echo "\n\n command returned $return_value\n";

    $message = "

This is what we should have ideally (Encrypted Emails). 
Unencrypted text - name, date of arrival, etc. 
This part only Is encrypted and requires a password to view:

{$encrypted} 

More Unencrypted text at the end";


mail($mailrecp, 'Encrypted Emails Example', $message);

}


?>

This only encrypts a section of an email, which I retrieve with thunderbird and enigmail.

You could change it to input a file, and attach it to an email.

You could even probably find a barebones gnupg app that creates a key and uploads it to a public server, decrypts a file, etc.. etc..

If the data is really sensitive, I think GnuPG is a good option.

It is a lot better for say handling online reservations that only need to go to one email that you control, than for what you are needing, but I thought I would throw this out there.