installing GPG contrib

[suba]

I have exactly the same problem. I've ripped the code that does the gpg encryption, ie:

<?php
$tmpToken = "ccb8c00c0d2d7b29aa7d8b1df0b8e406";
$plainTxt = "/home/username/www/catalog/temp/" . "$tmpToken" . "anca";
$crypted = "/home/username/www/catalog/temp/" . "$tmpToken" . "anca.asc";
$gpghome="/home/username"; ///temp /.gnupg where is your pubring? That dir has to have write access.
$gpgpath="/usr/bin/gpg"; //where is the executable
$gpgrecipient="user@email.com"; //the key used for encryption
$fp = fopen($plainTxt, "a+");
fputs($fp, $message);
fclose($fp);
system("export HOME=".$gpghome.";".$gpgpath." --verbose --verbose --always-trust --yes -r '".$gpgrecipient."' --encrypt -a -z 0 ".$plainTxt." ");
$fd = fopen($crypted, "r");
$message = fread($fd, filesize($crypted));
fclose($fd);

?>

the permission on the temp dir is 777
I've checked the gpg command string by replacing system with echo:
export HOME=/home/username;/usr/bin/gpg --verbose --verbose --always-trust --yes -r 'user@email.com' --encrypt -a -z 0 /home/username/www/catalog/temp/ccb8c00c0d2d7b29aa7d8b1df0b8e406anca

I've checked that command string works from a SSH shell.

but the command doesn't work when I use system() as no asc ($crypted) file gets created when run via php - the unencrypted text file is there tho.

I've also tried this via http and https, same result. It's like the gpg command fails, but I can't find a log file anywhere or how to turn on error logging for gpg.

[suba]

Ah, it's a safe mode issue;

safe_mode_exec_dir string

If PHP is used in safe mode, system() and the other functions executing system programs refuse to start programs that are not in this directory.

checking via phpinfo() shows that my server is indeed in safe mode and that no safe_mode_exec_dir is set, so I cant use system() to exec gpg.

[kerrydax]

Thanks for that info. My hosting company fixed up the safe mode issue but it still did not work (bad shell command) so they changed the command line to:
system($gpgpath." --homedir ".$gpghome." -r '".$gpgrecipient."' --encrypt -a -z 0 ".$plainTxt);

and everything works!!! Thanks everybody for your help!! Cheers, Kerry

[suba]

Good stuff on the homepath, that's probably a more platform independent method. One thing tho, on my host's system I have to have the following;
$gpghome="/home/username/.gnupg";

I know this flies in the face of what the author of ccgpg says about setting it one level higher, but could be worth trying if you have trouble. If I don't have it set thus I get problems with gpg not finding the pubring correctly in that it thinks there are no valid keys in it - even tho it warned me that I had insecure permission on the pubring.

FWIW, my commandline now reads;
system($gpgpath." --homedir ".$gpghome." --logger-fd 1 --verbose --verbose -r ".$gpgrecipient." --encrypt -a -z 0 ".$plainTxt .">gpgerror.log",$retval);

That way I get a log created for the gpg command which I could use to scan for errors - at least that is my intention.

I would like to be able to just test the $retval but I cannot find a list of the gpg error codes.

[pichardotech]

I'm also having some issues with GPG Credit Card Encryption (http://www.oscommerce.com/community/contributions,611) contribution. The last post on that contribution doesn't have the ccgpg.php that goes into the includes/languages/english/modules/payment. I found the file in v.93.

I deleted the cc.php module, thus I only have the gpg.php module to deal with it. I installed the gpg.php files in their respective locations includes/modules/payment and includes/languages/english/modules/payment. Changed the paths so they point to the location of my temp file, encryption key, and pgp. I created the public and private keys on the Cpanel and imported them into my WinPT. My .gnupg folder and files inside of it have full persmissions while testing. But when I run transactions only receive blank emails with a subject line of "Extra Order Info encrypt a". I followed the sugestions in the GPG_CPanel_setup and commented the lines unlink($plainTxt); and unlink($crypted); therefore I can see the credit cards being written to my temp file. I just can't figure out how to make them come across encrypted. I appreciate any advise on this issue. Here's the code where I set the paths to the gpg.php script.

function after_process() {
global $HTTP_POST_VARS, $insert_id;
if ( (defined('MODULE_PAYMENT_CCGPG_ENCRYPT')) && (MODULE_PAYMENT_CCGPG_ENCRYPT == 'GPG') ) {
$message = 'Order #' . $insert_id . "\n\n" . 'Number: ' . $this->cc_complete . "\n\n";
$tmpToken = md5(uniqid(rand()));
$plainTxt = "/home/username/temp/" . "$tmpToken" . "anca";
$crypted = "/home/username/temp/" . "$tmpToken" . "anca.asc";
$gpghome="/home/username"; ///temp /.gnupg where is your pubring? That dir has to have write access.
$gpgpath="/usr/bin/gpg"; //where is the executable
$gpgrecipient="info (info) <info@domainame.com>"; //the key used for encryption
$fp = fopen($plainTxt, "a+");
fputs($fp, $message);
fclose($fp);
system("export HOME=".$gpghome.";".$gpgpath." --verbose --verbose -r '".$gpgrecipient."' --encrypt -a -z 0 ".$plainTxt." ");
$fd = fopen($crypted, "r");
$message = fread($fd, filesize($crypted));
fclose($fd);
unlink($plainTxt);
tep_mail('', SEND_EXTRA_ORDER_EMAILS_TO, 'Extra Order Info encrypt a' , $message, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, '');
unlink($crypted);

[suba]

Need more info before I can help you pichardotech.

As said above, try;
- checking whether safe mode is on, use phpinfo()
- using the same gpg command string I did so you get a log
- change the $gpghome to include the .gnupg

also, I never did get the format for recipient 100% correct using all 3 identifiers, so I just used email address;
$gpgrecipient="user@email.com";

[pichardotech]

Thanks for your response Suba.

I'm having a tough time working with this contribution. Here is the report:
-I found out that PHP is not running on safe mode.
-I tried to use the gpg command to get the error log but it didn't work. I couldn't found it.
-I included the .gnupg in the path of $gpghome. When I ran a transaction another directory got created underneath the current .gnupg. This last directory that was created by Cpanel when I generated the keys.
-I only have the email for the recipient, thus it looks like this $gpgrecipient="info@promehteustsln.com";

There's also something weird that happens when I change this

$plainTxt = "/home/bakerspl/temp/" . "$tmpToken" . "anca";

to

$plainTxt = "/home/bakerspl/temp/" . "$tmpToken" . "anca.asc";

The Extra Info email comes across with the whole credit card. I'm not an expert at troubleshooting PHP, thus I might me missing somethig in my script. I appreciate your help.

[suba]

Do you have access to a shell account, eg. SSH or telnet?

[pichardotech]

Yes I have access through SSH. But I've never had a chance to use it. Thanks for the prompt reply.

[pichardotech]

I was able to generate an error log. A community member at the OsCommerce forum suggested I should try the following system command:

system("export HOME=".$gpghome.";".$gpgpath." --armor --output " .$crypted." -r " .$gpgrecipient. " --encrypt " .$plainTxt. " 2>/home/xxxxx/temp/CryptError.txt");

The result was this:

gpg: Warning: unsafe ownership on file "/home/bakerspl/.gnupg/options"
gpg: Warning: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: Warning: unsafe ownership on file "/home/username/.gnupg/random_seed"
gpg: Warning: unsafe ownership on file "/home/usermname/.gnupg/secring.gpg"
gpg: Warning: unsafe ownership on file "/home/username/.gnupg/pubring.gpg"
gpg: info@prometheustsln.com: skipped: public key not found
gpg: /home/username/temp/bf51792078c245cbea2e8c253e0a619aanca: encryption failed: public key not found

I'm assuming the problem is either with the permissons or the paths. I gave full access to the .gnupg folder and the files it contains. I also tried to use different paths but didn't work.