gnupg with php throws "could not init keylist"
Trying to encrypt mails with gnupg, the method call
gnupg::keyinfo() throws the error
could not init keylist.
This is how I initialize the extension:
putenv('GPGME_DEBUG=9:./gnupg/debug.log'); putenv('GNUPGHOME=./gnupg/'); $this->gpg = new gnupg(); $this->gpg->seterrormode(gnupg::ERROR_EXCEPTION);
Where gnupg really does exist (calling
true - I've also tried the absolute path without success).
Some additional information:
- the exactly same code DOES work using
PHP-CLI. (However, I need it using HTTP)
- I'm using an ubuntu webserver:
Linux name 3.2.0-23-generic #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012 x86_64 GNU/Linux
- gnupg version:
gpg (GnuPG) 1.4.10
- for testing, I've set the file permissions (recursively):
drwxrwxrwx 4 www-data web1 4096 29. Nov 12:30 .
The debug.log shows the following error:
_gpgme_io_set_close_notify (fd=0x282): enter: close_handler=0x7f6d2a409780/0x7f6d38edb730 _gpgme_io_set_close_notify (fd=0x282): error: Invalid argument
The full debug log is uploded here: http://nopaste.penguinfriends.org/view/84317/
Thanks in advance!
When you run from the command line, the
GNUPGHOME path you specified is relative to your working directory where you are when you run the script. From a web environment you can't rely on a particular working directory so you may need to specify the full absolute path to your gnupg directory. You could, however, specify the path relative to the current script:
Also, you shouldn't ever use
777 permissions, especially with programs related to security like
gnupg that may check and refuse, but
775 might have worked.
gnupg_keyinfo - Manual, gnupg_keyinfo — Returns an array with information about all keys that Example #2 OO gnupg_keyinfo() example. <?php $gpg -> keyinfo(); // throws an error below is an example of this and a simple function I was working on at the time to encrypt a piece of data for storage in a database. <?php // set the environment so gnupg can find the keyring
The problem stems from the php5 version of gnupg supports only version 1 of gnupg. However, the debian/ubuntu version of libgpgme11-dev was compiled using gpg version 2.
I wasn't able to find a clean solution using gpg.conf to specify which version of the gpg engine to use. So, I ended up removing (apt-get remove) gpg2 (and libgpgme11-dev) from my system and compiling GPGME from source. Then I reinstalled the php5 gnupg extension and everything was fine.
gnupg_seterrormode - Manual, Example #2 OO gnupg_seterrormode() example. <?php $gpg = new gnupg(); $gpg -> seterrormode(gnupg::ERROR_EXCEPTION); // throw an exception in gnupg_keyinfo — Returns an array with information about all keys that matches the given pattern gnupg_setarmor — Toggle armored output gnupg_seterrormode — Sets the mode for error_reporting
gnupg with php throws "could not init keylist", When you run from the command line, the GNUPGHOME path you specified is relative to your working directory where you are when you run The PECL feature checks whether the return value of gnupg_decrypt() is not FALSE and additionally checks that the return value of gnupg_geterror() is FALSE before returning the result of the decryption.
GnuPG Encryption with PHP – Brandon Checketts, First off, you have to install the GnuPG PHP libraries through pecl. It requires the GnuPG Made Easy (gpgme) packages to get working. seterrormode(gnupg::ERROR_EXCEPTION); // throw an exception in case of an error. This extension makes use of the keyring of the current user. This keyring is normally located in ~./.gnupg/. To specify a custom location, store the path to the keyring in the environment variable GNUPGHOME. See putenv for more information how to do this. Some functions require the specification of
Gpg throws 'could not init keylist' on login page, but healthcheck has , [PASS] The server gpg key is not the default one [PASS] The public key file is defined in config/passbolt.php and readable. [PASS] The private After spending some time trying to get this extension to work, I've found that you have to have the GNUPGHOME environment variable set so that the keychain can be found, and have it set equal to the .gnupg directory itself, not the apache/httpd user's home directory (which is what is shown in dan's example code).
Crypt_GPG/GPG.php at master · pear/Crypt_GPG · GitHub, @link http://pear.php.net/manual/en/package.encryption.crypt-gpg.php @throws Crypt_GPG_BadPassphraseException if a required passphrase is. * incorrect gnupg_keyinfo (PECL gnupg >= 0.1) gnupg_keyinfo — Returns an array with information about all keys that matches the given pattern