Decryption through CGI/Perl script

Mark Malkasian mark@web-crafter.net
Tue, 2 May 2000 16:37:39 -0400 

Hi All,

I'm working on a CGI script in Perl that would allow users to decrypt 
GnuPG-encrypted files on the web. (I'm trying to avoid the hassle of 
guiding them through the process of setting up and using PGP on their 
Windows machines and also to accommodate Mac users.) Users are 
presented with a web form asking them to submit their passphrase. 
(Transmission would take place under SSL.) The script then inserts 
the passphrase into a GnuPG command and executes the command by 
opening a pipe (or using backticks, or a system call, etc.) to the 
gpg executable.

I should note that my web site is being hosted remotely and our 
sysadm isn't particularly flexible. To get GnuPG working at all, I 
picked up a copy of the compiled gpg executable from another 
subscriber to this list, Greg McKean, and uploaded pubring.gpg, 
secring.gpg, and trustdb.gpg to the server after creating them on my 
local Windows machine.

 From browsing the mailing list archive, I cobbled together a 
bare-bones test script (see below). I have no problem creating an 
encrypted file. Moreover, I'm able to download the file to my local 
machine and decrypt it there. However, as you may have guessed, 
providing the passphrase to gpg has tripped me up. When I run the 
script below for decryption, I get the following error message:

gpg: encrypted with 1024-bit ELG-E key, ID E91E3613, created 2000-05-02
       "test1 (Test) <mark@web-crafter.net>"
gpg: public key decryption failed: bad passphrase
gpg: decryption failed: secret key not available

Is there a way around this, or does it make more sense to retreat and 
declare victory? (BTW, if I were managing my own server I'd take a 
look at the GnuPG-Interface module Frank Tobin has put together. See 
http://GnuPG-Interface.sourceforge.net/ . Very impressive.)

Best,
Mark Malkasian


#!/usr/local/bin/perl

$| = 1;

print "Content-type: text/html\n\n";

$gpg_path = "$ENV{DOCUMENT_ROOT}/cgi-local/gnupg/gpg";
$gpg_config_files = "$ENV{DOCUMENT_ROOT}/cgi-local/gnupg";
$ENV{"GNUPGHOME"} = $gpg_config_files;

# To encrypt a test file, uncomment the line below.
# $gpg_command = "$gpg_path -r test1 --output 
/u/web/myuserid/test.gpg --encrypt /u/web/myuserid/test.txt";

$gpg_command = "$gpg_path --batch --passphrase-fd 0 --output 
/u/web/myuserid/decrypt.txt --decrypt /u/web/myuserid/test.gpg < 
test";

# Execute command. Capture STDOUT and STDERR and print it to screen.
open(READ, "$gpg_command 2>&1 |") or die "Failure on open $!\n";
while (<READ>)
{
$output .= $_;
}
close (READ) or die "Failure on close $!\n";
print $output;
-------------------------
Mark Malkasian
mark@web-crafter.net
http://www.web-crafter.net