Introduction of GnuPG
GnuPG is a complete implementation of the STANDARD PGP of RFC4880 OpenPGP, free software. GnuPG can encrypt and sign data and information transfer, and includes a general key management system containing access modules that can access various public key directories. GnuPG, or GPG for short, is a command line tool, which is easy to integrate with other programs and has many front-end programs and function libraries. GnuPG V2 also supports S/MIME and Secure Shell (SSH). For more details click here
Install the PHP GnuPG extension
This extension is not currently available for Windows and was installed and tested on Linux centos7
- Downloading the Extension Package
Wget HTTP: / / https://pecl.php.net/get/gnupg-1.4.0.tgzCopy the code
- Decompressing an extension package
The tar XVF gnupg - 1.4.0. TGZCopy the code
- Go to the extension directory for installation
cdGnupg - 1.4.0Copy the code
/ WWW/server/PHP / 72 / bin/phpize / / phpize path of their ownCopy the code
. / configure -- with - PHP - config = / WWW/server/PHP / 72 / bin/PHP config / / with his own PHP - config pathCopy the code
make && make install
Copy the code
echo "extension = gnupg.so"> > / WWW/server / / 72 / etc/PHP. PHP ini / / with his own PHP ini pathCopy the code
Please reinstall gpGME distribution and checkConfig may wish to install this application
If this error occurs we need to install gpGMe and run the command directlyyum install gpgme-devel
Install!
Verify that the extension is installed successfully: print phpInfo and search for gnupg. If it is found, the installation is successful!
Create a GPG key
There are a lot of tutorials on the Internet you can refer to here. Here are the main problems encountered:
- Do not set a protection password in the last step of generating the key, because a higher version of the GPG password cannot be transmitted through ordinary programs, resulting in decryption failure.
- If the key generation process is stuck, it indicates that the machine does not generate enough random numbers. You need to install the RNGD service — entropy value
yum -y install rng-tools
rngd -r /dev/urandom
Copy the code
The access permission is granted to the Web server
cd /root/.gnupg
chown: www pubring.gpg trustdb.gpg secring.gpg
chmod 660 pubring.gpg trustdb.gpg secring.gpg
Copy the code
PHP is encrypted and decrypted by GPG
/** * Public key encryption * @param$text
* @param $publicKey
* @return mixed
*/
public function encrypt($text.$publicKey)
{
try{
$gpg = gnupg_init();
gnupg_seterrormode($gpg, GNUPG_ERROR_EXCEPTION);
$keyInfo = gnupg_import($gpg, file_get_contents($publicKey)); Gnupg_addencryptkey ($gpg.$keyInfo['fingerprint']);
$encryptText = gnupg_encrypt($gpg.$text);
if ($encryptText! = =false) {
$ret['code'] = 1;
$ret['msg'] = 'Encryption successful! ';
$ret['encryptText'] = $encryptText;
} else {
$ret['code'] = 10001;$ret['msg'] = 'Encryption failed! ';
}
} catch (\Exception $e) {
$ret['code'] = 10002;$ret['msg'] = 'ERROR: ' . $e->getMessage();
}
return $ret;
}
Copy the code
/** * private key decryption * @param$text
* @param $privateKey
* @return mixed
*/
public function decrypt($text.$privateKey)
{
try {
$gpg = gnupg_init();
gnupg_seterrormode($gpg, GNUPG_ERROR_EXCEPTION);
$keyInfo = gnupg_import($gpg, file_get_contents($privateKey)); // Import private key gnupg_adddecryptKey ($gpg.$keyInfo['fingerprint']);
$decryptText = gnupg_decrypt($gpg.$text);
if ($decryptText! = =false) {
$ret['code'] = 1;
$ret['msg'] = 'Decryption succeeded! ';
$ret['decryptText'] = $decryptText;
} else {
$ret['code'] = 10001;$ret['msg'] = 'Decryption failed! ';
}
} catch (\Exception $e) {
$ret['code'] = 10002;$ret['msg'] = 'ERROR: ' . $e->getMessage();
}
return $ret;
}
Copy the code
/** * signature encryption * @param$text
* @param $signKey
* @param $EncryptKey
* @return mixed
*/
public function signEncrypt($text.$signKey.$EncryptKey)
{
try {
$gpg = gnupg_init();
gnupg_seterrormode($gpg, GNUPG_ERROR_EXCEPTION);
$signKeyInfo = gnupg_import($gpg, file_get_contents($signKey)); // Import the key$EncryptKeyInfo = gnupg_import($gpg, file_get_contents($EncryptKey)); Gnupg_addsignkey ($gpg.$signKeyInfo['fingerprint']);
gnupg_addencryptkey($gpg.$EncryptKeyInfo['fingerprint']);
$signEncryptText = gnupg_encryptsign($gpg.$text);
if ($signEncryptText! = =false) {
$ret['code'] = 1;
$ret['msg'] = 'Signature encryption successful! ';
$ret['signEncryptText'] = $signEncryptText;
} else {
$ret['code'] = 10001;$ret['msg'] = 'Signature encryption failed! ';
}
} catch (\Exception $e) {
$ret['code'] = 10002;$ret['msg'] = 'ERROR: ' . $e->getMessage();
}
return $ret;
}
Copy the code
/** * Private key signature * @param$text
* @param $privateKey
* @return mixed
*/
public function sign($text.$privateKey)
{
try {
$gpg = gnupg_init();
gnupg_seterrormode($gpg, GNUPG_ERROR_EXCEPTION);
$keyInfo = gnupg_import($gpg, file_get_contents($privateKey)); Gnupg_addsignkey ($gpg.$keyInfo['fingerprint']);
$signText = gnupg_sign($gpg.$text);
if ($signText! = =false) {
$ret['code'] = 1;
$ret['msg'] = 'Signature successful! ';
$ret['signText'] = $signText;
} else {
$ret['code'] = 10001;$ret['msg'] = 'Signature failed! ';
}
} catch (\Exception $e) {
$ret['code'] = 10002;$ret['msg'] = 'ERROR: ' . $e->getMessage();
}
return $ret;
}
Copy the code
/** ** check * @param$signText
* @return mixed
*/
public function verify($signText)
{
try {
$gpg = gnupg_init();
gnupg_seterrormode($gpg, GNUPG_ERROR_EXCEPTION);
$text = ' ';
$verifyInfo = gnupg_verify($gpg.$signText.false.$text);
$res = gnupg_keyinfo($gpg.$verifyInfo['fingerprint']);
if ($res! = =false) {
$ret['code'] = 1;
$ret['msg'] = 'Check successful! ';
$ret['verifyText'] = $text;
} else {
$ret['code'] = 10001;$ret['msg'] = 'Inspection failed! ';
}
} catch (\Exception $e) {
$ret['code'] = 10002;$ret['msg'] = 'ERROR: ' . $e->getMessage();
}
return $ret;
}
Copy the code