CentOs Crypt_GPG Decryption Failure – SOLVED!
Recently we were working on a software integration project, whereby we were migrating a php based application onto a CentOS system from an Ubuntu system. The platform requires the ability to call out to GPG and decrypt certain text elements as part of its “data at rest” encryption policy.
Prior to the move, the system used the “PECL” based GNUPG module and it worked farily efficiently Moving to the CentOS platform presented a few challenges, one of which being that the underlying GPG software was upgraded to the latest version (2). This version does NOT work with the existing PECL module, as it does not know how to send the passphrases to the new GPG pinentry interface.
Thankfully, there is another PEAR based module that was purported to work with GPG2, called Crypt GPG. The install and setup was extremely simple and we used the latest beta version (1.4.0b4) because it had the necessary pass-phrase hand-off that we needed to get working again.
pear install Crypt_GPG-1.4.0b4
All of our existing code from PECL integrated really well with just a few minor adjustments to the function names. When it finally came time to do the decryption, we kept receiving “MISSING KEY” errors and “no pinetry application” errors in our debug log. We had set the code up exactly as the documentation stated, but we had no luck in getting our decryption working with our existing private keys and pass-phrases After having dug deep into the module’s code, we noticed that it actually installs a program called “/usr/bin/crypt-gpg-pinentry”. That is then passed to the systems underlying GPG binary in order to pass the pass-phrases to it from the PHP application.
Just to see what it does, we executed the command in a terminal session and were shocked with a very telling PHP error.
PHP Fatal error: Class DOMDocument not found in.
What they heck? Why was that erroring out? A quick search for CENTOS and that error lead us to our final solution.
yum install php-xml
This entire time, the Crypt_GPG was failing to decrypt our data, because the underlying PHP code in the crypt-gpg-pinentry was silently failing. Once the PHP XML library was installed, everything was working perfectly again, and we had full decryption, using pass-phrases and GPG 2.
Tip
We noticed that strings that are returned from the CRYP_GPG decryption routines, sometimes contain an extra space at the end. If decrypted strings are to be used to decrypt other files, make sure you php chop, the resulting text from the Crypt_GPG file.
//example $de_text=chop($gpg->decrypt($enctext)); |
Need help with your data integration project? Don’t hesitate to give us a shout for any of your data integration or software development needs.