Posted by Alan Little on 05/07/06 17:48

Carved in mystic runes upon the very living rock, the last words of Toby
Inkster of comp.lang.php make plain:

> Alan Little wrote:
>
>> I'm trying to operate gpg through proc_open. I can encrypt this way,
>> just fine, but when I try to decrypt I get:
>>
>> gpg: cannot open `/dev/tty': Device not configured
>
> GPG doesn't read the pass phrase from STDIN -- it reads it from the
> terminal. It might seem like a minor difference, but the effect is
> that you can't pass the passphrase in via STDIN.
>
> You could try including the options "--no-tty --passphrase-fd 0".

Thanks; I wasn't aware of those options.

Now my script just hangs. I'm not sure where; I put limiters on the read
loops, and it still hangs. I noticed in the docs for proc_open, it says:

The file descriptor numbers are not limited to 0, 1 and 2 - you
may specify any valid file descriptor number and it will be
passed to the child process. This allows your script to interoperate
with other scripts that run as "co-processes". In particular, this
is useful for passing passphrases to programs like PGP, GPG and
openssl in a more secure manner.

It specifically mentions passing passphrases to GPG. I tried the
following changes in my script, but it still hangs:

$cmd =
'/usr/bin/gpg '.
'--decrypt '.
'--homedir /usr/home/userid/.gnupg '.
'--no-tty '.
'--passphrase-fd 3';

$descriptors = array(
0 => array('pipe', 'r'),
1 => array('pipe', 'w'),
2 => array('file', '/usr/home/thebest/error.gpg', 'a'),
3 => array('pipe', 'r')
);

list($stdin, $stdout, $stderr, $passpipe) = $pipes;

fputs($passpipe, $pass);

--
Alan Little
Phorm PHP Form Processor
http://www.phorm.com/

[Back to original message]