I am trying to figure out how to create a revocation certificate for a keypair generated with this library but did not find any information about doing this in the examples. I notice that the API docs do contain classes such as OpenPGP_SignaturePacket_ReasonforRevocationPacket but I'm unclear on whether these classes simply parse OpenPGP packets or actually create revocation certificates themselves.

In lieu of code, I tried importing a file containing both the private and public key parts into my GnuPG keyring and then running gpg2 --output ~/tmp/testrevoke.asc --gen-revoke MY_KEY_ID, but I received the following error output:

NOTE: This key is not protected!
ASCII armored output forced.
gpg: checking created signature failed: Bad signature
gpg: signing failed: Bad signature
gpg: make_keysig_packet failed: Bad signature

Am I doing something wrong? Is it possible to generate revocation certificates for keys that OpenPGP-PHP generates?

In my current use case, I would like to use openpgp-php for key generation and decryption. The public key will be published and documents encrypted (somewhere else) using gpg should be read and decrypted. I generated a key pair using the keygen.php script from the examples folder and exported the public key, which I then imported into my gpg keyring using

gpg --import gpg_pubkey

When trying to use the key for encryption, gpg will skip it as an "unusable public key". I suppose this is because it is flagged for usage "C", only:

pub  1024R/DDF1E2FB  created: 2016-10-10  expires: never       usage: C
                     trust: full          validity: unknown

Is there a way to generate and export a public key for encryption? Or would I need a subkey for this? Any hints on this or maybe an additional/extended example script would be very much appreciated.

I get object(OpenPGP_SecretKeyPacket)#15 (15) { ...output when I sign something using OpenPGP_Crypt_RSA->sign(), but why?

I am trying to use this library for a trivial encryption using a public key and then a future decryption using the corresponding private key, but I am not sure how to do so with this library's API. I could not find an example for this (only for "symmetric" ciphers).

I also looked through these Doxygen docs but they are not clear to me.

Can you add an example for this case?

Thanks.

/cc @DanielRuf fabacab/wp-pgp-encrypted-emails#3

Hi,
I'm trying to use this lib for backend and openpgp.js for frontend but I can't make those two libs to work together. I think js lib needs to have subkey for encryption coz when I try to encrypt message in js using key generated by Your lib I get exception 'Could not find valid key packet for encryption in key'.
Can You help me and tell how to generate key with subkeys?

I am not a crypto or PGP / GnuPG expert and would really appreciate some help with this:
jasonhinkle/php-gpg#18

I know that we have to add this and I think this has to be in GPG.php in the encrypt fucntion after the initialization of $key_id.

Calculating the block size is not the problem but the whole packet as the RFC is quite complicated.

Did not see any helpful description for the structure when we have a MDC packet like here: http://senderek.ie/research/security/key-experiments.html

Any ideas?

Hi,
When I decrypt PGP message, I receive error :

[1024] Decryption error (File: /src/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php Line: [2539])

I don't know the reason.

Hi Stephen, thanks for making openpgp-php available.
I have had a few issues with decrypting a PGP message using my PGP key. I followed the example encryptDecrypt.php, but it did not work for me. I had to write following code, which seems to work:

` $msg = OpenPGP_Message::parse(OpenPGP::unarmor($pgp_message, 'PGP MESSAGE')); // Parse PGP message
$keyEncrypted = OpenPGP_Message::parse(OpenPGP::unarmor($pgp_priv_key, 'PGP PRIVATE KEY BLOCK')); // Parse private key
$plain_text = '';

	// Try each secret key packet to find secret key packet
	foreach($keyEncrypted->packets as $p) 
	{
		if(get_class($p) != 'OpenPGP_SecretSubkeyPacket') continue;    	// If Not right packet type
		
		$nkey = new OpenPGP_SecretKeyPacket($p->key); // Load PGP private key to decrypt PGP message 
		$decryptor = new OpenPGP_Crypt_RSA($nkey);  // Initialise decryptor with PGP private key
		$decrypted = $decryptor->decrypt($msg); //  OpenPGP_Message Object	    	
    	
    	// Search for OpenPGP_LiteralDataPacket object which contains decrypted plaintext
		foreach($decrypted->packets[0]->data->packets  as $obj)
		{	
			if($obj instanceof OpenPGP_LiteralDataPacket)
			{
				$plain_text = $obj->data;
				break;
			}
		}
		break;
	}
	
	
	return $plain_text;

`

Hey, I'm successfully encrypting a message like this:

$encrypted = OpenPGP_Crypt_Symmetric::encrypt(
                $key,
                new OpenPGP_Message(array($data))
            );

And I'm left with an instance of OpenPGP_Message . How can I display this message to someone now in order to have it decrypted by user?

I doubt that this test will work. There is just no vendor dir nor a autoload.php file in this repo somewhere.

Anyway maybe I'm mistaken - I haven't tested this.

Hi Stephen, thanks for making openpgp-php available.
I know openpgp-php do not support DSA and Elgamal. But I have to encrypt data with a Elgamal key.

Is there any simple way to make openpgp-php support Elgamal? Or could you please give me any suggestions to enhance openpgp-php by myself?

Hi again,
Is it possible to clear sign with this library?
I've tried a few variations (can share code) but I can't get a signature which verifies.
Thanks
Pat

Can I use openpgp-php to encrypt files ("attachments") as part of a message?

(This is a requested feature users want me to add to a tool that uses this library, but I'm unsure how to go about using the library to do this.)

Is it possible?

Also, can I programmatically pass the public key on to the encrypt function so it doesn't have to store it in the keychain or something (and private key for signing)?

Hello! I'm quite new to this pgp stuff and I want to verify a user's public key.
For example he could enter:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG C# v1.6.1.0

mQENBFe2fVoBCACDfYZyaLMbT9RdOGBeVdukrOEp7zAMZbSEJUThNmNIqePrkcTs
XCNDo2VsgEim3Y4vwTcWuFu3cLJUZTUD3zLTol7j/JgwiOofQ0cWNMZwUX5L+Ma3
oSHCvHuIkdJ3NrNzOXcz8NFszR+imfA/Pgx1QbXECGH0CJrOe0h1s7la25FM8Z3K
H66jlrRTxOmwnUVaOOtBvqrSEMSa6pT/nt3phqL4AaSj+nB2O0M/Hi7UJ3kpsQ5O
njoad268T1s31aIxxrAce0HyqKuq2MBHCQxsXdHunoekbT2VyV9ty5fAVjFQ9orS
k9gZjp7IlhHIt0K6Cgp3yUk+fXv05mFOR14fABEBAAG0CHRlc3RAdHN0iQEcBBAB
AgAGBQJXtn1aAAoJEHYjgb+PDHndt7YH/1DXG+kRpfMw8nJhn5fhLLBEgLyRWiYg
J90YZxOv8OtgUv2hdEUO8oWFzT5R6+tdrklLEAtsbJ7/y1TuTPegCr2HLnas+rlq
JrBhUVhaGD03zTLdakUCmX/5KeYRu58YGvz9+UW10zrMhzA4juy8Ua06eADAUsFx
mUeJeHB1IPTwxH21F6zxxJSx95Id9HZvaKknvhYP/vMYC0V/kLuzyhtkwBZ/Oinx
iTqh7TbegA/cb++vxOxjAmO5uZKG54E/vsoXWQcz8dM4aQ4WPKCWPEH4qL/Rqs/M
9dQdxgqrSNL1QyD+/1cUD06+5Ld6w0ObwtVJaS2tle69FOG4+sCV1MY=
=751J
-----END PGP PUBLIC KEY BLOCK-----

Or: jaskdhasjdhasdas

Of course the second input wouldn't be a valid public key.
How can I verify this?

Thanks in advance!

per the IRC discussion, the library wasn't working with the error

PHP Fatal error:  Uncaught Error: Call to a member function equals() on string in /home/exio4/public_html/openpgp-php/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php:2091
Stack trace:
#0 /home/exio4/public_html/openpgp-php/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php(2264): phpseclib\Crypt\RSA->_exponentiate(Object(phpseclib\Math\BigInteger))
#1 /home/exio4/public_html/openpgp-php/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php(2779): phpseclib\Crypt\RSA->_rsasp1(Object(phpseclib\Math\BigInteger))
#2 /home/exio4/public_html/openpgp-php/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php(2987): phpseclib\Crypt\RSA->_rsassa_pkcs1_v1_5_sign(Object(phpseclib\Math\BigInteger))
#3 /home/exio4/public_html/openpgp-php/lib/openpgp_crypt_rsa.php(162): phpseclib\Crypt\RSA->sign('\x99\x00M\x04X~D\x8E\x01\x02\x00\xAB\xEF\xAC\x99...')
#4 /home/exio4/public_html/openpgp-php/lib/openpgp.php(679): OpenPGP_Crypt_RSA->{closure}('\x99\x00M\x04X~D\x8E\x01\x02\x00\xAB\xEF\xAC\x99...')
#5 /home/exio4/public_html/openpgp-php/lib/openpgp_cr in /home/exio4/public_html/openpgp-php/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php on line 2091

the issue was fixed replacing

[ jlroberts@iMac ] $ php keygen.php
PHP Fatal error: Call to a member function sign_data() on a non-object in /jeffreylroberts/roctoapps/vendor/openpgp-php/lib/openpgp_crypt_rsa.php on line 159

The phpseclib dependency should be set to "^2.0" instead of "2.0.0", or is there any reason for the strict requirement?

Currently I have this code.

Did I miss some step there?

require 'vendor/autoload.php';
require_once dirname(__FILE__).'/lib/openpgp.php';
require_once dirname(__FILE__).'/lib/openpgp_crypt_rsa.php';
$rsa = new \phpseclib\Crypt\RSA();
$k = $rsa->createKey(2048);
$rsa->loadKey($k['privatekey']);
$nkey = new OpenPGP_SecretKeyPacket(array(
   'n' => $rsa->modulus->toBytes(),
   'e' => $rsa->publicExponent->toBytes(),
   'd' => $rsa->exponent->toBytes(),
   'p' => $rsa->primes[1]->toBytes(),
   'q' => $rsa->primes[2]->toBytes(),
   'u' => $rsa->coefficients[2]->toBytes()
));
$uid = new OpenPGP_UserIDPacket('Test <[email protected]>');
$wkey = new OpenPGP_Crypt_RSA($nkey);
$m = $wkey->sign_key_userid(array($nkey, $uid));
// Serialize private key
//print $m->to_bytes();
// Serialize public key message
$pubm = clone($m);
$pubm[0] = new OpenPGP_PublicKeyPacket($pubm[0]);
$public_bytes = $pubm->to_bytes();
var_dump(OpenPGP::enarmor($m->to_bytes(), "PGP PRIVATE KEY BLOCK"));
var_dump(OpenPGP::enarmor($public_bytes, "PGP PUBLIC KEY BLOCK"));

Hi Stephen. Thank you for developing and making the fantastic openpgp library available.
I have encountered an issue with verifying a signature. I am getting an empty array from the verify method:

// $pgp_data contains armored PGP message
$msg = OpenPGP_Message::parse(OpenPGP::unarmor($pgp_data, 'PGP MESSAGE')); 
// $public_key_data contains sender's PGP public key 
$partner_public_key = OpenPGP_Message::parse(OpenPGP::unarmor($public_key_data, 'PGP PUBLIC KEY BLOCK'));
$verify = new OpenPGP_Crypt_RSA($partner_public_key);  // Load PGP public key
$ret = $verify->verify($msg); // $ret contains empty array

Hi,
there is no information about the miniumum PHP version for this library. I think it should be added in the composer.json.
Best

This class has support for encryption with multiple public keys?

It would be great when the library can be integrated with Composer. Any plans for this?

This repo is registered in packagist and gets a good amount of traffic.

https://packagist.org/packages/singpolyma/openpgp-php/stats

We should release the update that fixes the compatibility with phpseclib 2.0.3 so
composer require singpolyma/openpgp-php will install the updated version.

The owner of the package is "vstm" however.

Can you please post a full example using public key, private key, PASSPHRASE and message... both for encryption end decryption.
Thank you

log.txt

Could you try to make the library a bit stable and release another version?

Or do you want to wait until your PR's in the upstream repo are merged, so that the new version will be released there?

I am keen on a pure PHP solution - fewest moving parts/dependencies!

I installed the software, tried to run the keygen.php example prog, but it refers to phpseclib - which it doesn't include, so downloading and adding some 'require_once' lines I find it openpgp-php refers to phpseclib namespaces that phpseclib doesn't use/define...

From a baseline install what is the minimum required to get the samples running?

It seems we have to use the full qualified name or redeclare the namespace in the test file / parent file as the generated classmap of the composer autoloader does not have a Crypt_RSA namespace declared.

See fabacab/wp-pgp-encrypted-emails#1 (comment)

http://stackoverflow.com/a/33378909/753676

It seems this was the case in the 1.0 branch of phpseclib but this library uses the 2.0 branch of phpseclib and this has changed since then as 2.0 is namespaced and so the API has changed.

PHP 7.2 is coming with sodium baked in. Maybe this could be used as a replacement for mcrypt that was removed in PHP 7.1.

Since this project relies on mcrypt is sodium a possible replacement in this project or do they accomplish different things?

PHP Fatal error:  Class 'phpseclib\Crypt\RSA' not found in openpgp-php/lib/openpgp_crypt_rsa.php on line 13

Are there dependencies I'm missing?

The latest commit is on Jul 26, 2016 and the latest release is on Aug 14, 2015.

There are several tests that are failing due to the decrypt method on the lastest commit.

Does the encrypt method work or does it not work and decrypt is failing as a result?

The last release does not support php 7.1 It would be important to create another stable release for this package to last. This package is the only autoloaded open pgp library out there.

Thanks,
Jason Gallavin

Used Composer to install openpgp-php, however I'm getting this error when running the encryptDecrypt example.

phpseclib was installed correctly and is a dependency of openpgp-php. Could this be a namespace issue?

Hello
https://github.com/singpolyma/openpgp-php/blob/master/examples/sign.php
I am using this, but when I try to sign, I get a notice that the D index doesn't exist?
I suspect my key is still password protected - can you suggest a way around that?
Thanks so much for the code
Pat

I am getting the below error when I tried to run the openpgp-php/examples/encryptDecrypt.php.

Fatal error: Call to a member function equals() on a non-object in openpgp-php/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php on line 2091

How can I solve this issue?

Ability to parse and encode clearsigned messages.

Might be some useful code at https://github.com/vstm/openpgp-php/tree/cleartext-signature-framework

`<?php

public function pgp_decrypt_payment_data($pgp_message, $pgp_priv_key)
{
$msg = OpenPGP_Message::parse(OpenPGP::unarmor($pgp_message, 'PGP MESSAGE')); // Parse PGP message
$keyEncrypted = OpenPGP_Message::parse(OpenPGP::unarmor($pgp_priv_key, 'PGP PRIVATE KEY BLOCK')); // Parse private key
$plain_text = '';

	// Try each secret key packet to find secret key packet
	foreach($keyEncrypted->packets as $p) 
	{
		if(get_class($p) != 'OpenPGP_SecretSubkeyPacket') continue;    	// If Not right packet type
		
		$nkey = new OpenPGP_SecretKeyPacket($p->key); // Load PGP private key to decrypt PGP message 
		$decryptor = new OpenPGP_Crypt_RSA($nkey);  // Initialise decryptor with PGP private key
		$decrypted = $decryptor->decrypt($msg); //  OpenPGP_Message Object	    	
    	
    	// Search for OpenPGP_LiteralDataPacket object which contains decrypted plaintext
		foreach($decrypted->packets[0]->data->packets  as $obj)
		{	
			if($obj instanceof OpenPGP_LiteralDataPacket)
			{
				$plain_text = $obj->data;
				break;
			}
		}
		break;
	}
	
	
	return $plain_text;

}

?>`

Just make it possible to get the actual version number of the library. E.g. like this:

$core = new OpenPGP_Core();
$version =$core->$version;

Hi Guys,

Am not able to decrypt a message using the following code.
I replaced the following variables .
$keyASCII = I put my PGP key.
$msgASCII =I put my encrypted message.
and I replaced $argv[2] with my pass.

// USAGE: php examples/deASCIIdeCrypt.php secretkey.asc password message.asc
// This will fail if the algo on key or message is not 3DES or AES
require_once dirname(FILE).'/../lib/openpgp.php';
require_once dirname(FILE).'/../lib/openpgp_crypt_rsa.php';
require_once dirname(FILE).'/../lib/openpgp_crypt_symmetric.php';
$keyASCII = file_get_contents($argv[1]);
$msgASCII = file_get_contents($argv[3]);
$keyEncrypted = OpenPGP_Message::parse(OpenPGP::unarmor($keyASCII, 'PGP PRIVATE KEY BLOCK'));
// Try each secret key packet
foreach($keyEncrypted as $p) {
if(!($p instanceof OpenPGP_SecretKeyPacket)) continue;
$key = OpenPGP_Crypt_Symmetric::decryptSecretKey($argv[2], $p);
$msg = OpenPGP_Message::parse(OpenPGP::unarmor($msgASCII, 'PGP MESSAGE'));
$decryptor = new OpenPGP_Crypt_RSA($key);
$decrypted = $decryptor->decrypt($msg);
var_dump($decrypted);
}

I tried to open the message in desktop tool its open only in php it will not open it will load and fail after that timeout page will appear..

Did I forget some step here?

@include_once dirname(__FILE__) . '/../vendor/autoload.php';
require_once dirname(__FILE__).'/../lib/openpgp.php';
require_once dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php';
require_once dirname(__FILE__).'/../lib/openpgp_crypt_symmetric.php';

$key = OpenPGP_Message::parse(OpenPGP::unarmor("
-----BEGIN PGP PUBLIC KEY BLOCK-----
...
-----END PGP PUBLIC KEY BLOCK-----

", "PGP PUBLIC KEY BLOCK"));
$data = new OpenPGP_LiteralDataPacket('This is text.', array('format' => 'u', 'filename' => 'stuff.txt'));
$encrypted = OpenPGP_Crypt_Symmetric::encrypt($key, new OpenPGP_Message(array($data)));
$enc = OpenPGP::enarmor($encrypted->to_bytes(), "PGP MESSAGE");
$enc =  wordwrap($enc, 64, "\n", 1);
var_dump($enc);

Is there some example? How do we use OpenPGP_Crypt_Symmetric::encrypt with OpenPGP::enarmor?

When trying to run the keygen.php example I am getting
[Error] Cannot use object of type OpenPGP_SecretKeyPacket as array

I haven't had time to look into this in every detail, but could it be that line 29 should actually be changed like this?

- $pubm[0] = new OpenPGP_PublicKeyPacket($pubm[0]);
+ $pubm[0] = new OpenPGP_PublicKeyPacket($pubm[0]->key);

Like @meitar already mentioned, there is something with the keypair after importing it.

fabacab/wp-pgp-encrypted-emails#1 (comment)

After doing a little more diging my guess is that the generated keypair only contains the c (certify) capability, but not the s (sign) capability. I checked this by importing the keys into a GUI and inspecting the key there. (Screenshot attached.)

After importing the generated keypair, GPA just shows the private key and this has just the cert capability, but why?

Manually generated keypairs using gpg and GPA have a private and a public key with the right capabilities.

http://unix.stackexchange.com/questions/31996/how-are-the-gpg-usage-flags-defined-in-the-key-details-listing

Using;

$data = new OpenPGP_LiteralDataPacket('fubar', array('format' => 'u', 'filename' => 'msg.txt')); $encrypted = OpenPGP_Crypt_Symmetric::encrypt($key, new OpenPGP_Message(array($data))); $validate=OpenPGP_Message::parse_string($encrypted->to_bytes())

$validate & $encrypted are different, validate cannot be decrypted.

If you var_dump both you will notice that $encrypted has a 10 char salt, whereas $validate has an 8 char salt and $validate cannot be decrypted

changing Line 43 in openpgp_crypt_symmetric.php from 10 to 8 makes it work.

Looking at OpenPGP_S2K::parse salts are always parsed like they are 8 chars long

openpgp.js also uses 8 chars,
Going by the standard if 1 octet = 1 char ( 8bits ) then id say that the problem lies with the too long salt rather than parse/to_bytes.

Last version phpseclib 2.0.7 - 2017-10-22
https://github.com/phpseclib/phpseclib/blob/master/CHANGELOG.md

Time to upgrade.
Thanks

Hi,

Not a real issue, just a question: the home page referred to in the README (http://singpolyma.github.io/openpgp-php/) points to @bendiken's repo as the official repo for this project (i.e., https://github.com/bendiken/openpgp-php). But at a glance it seems like this one is actually current & should probably be used?

Thanks,

ECC keys were recently added to GnuPG, and various RFCs are open or accepted for it:

https://www.gnupg.org/faq/whats-new-in-2.1.html
https://www.ietf.org/id/draft-koch-eddsa-for-openpgp-03.txt
https://www.gnupg.org/documentation/manuals/gcrypt/ECC-key-parameters.html#ECC-key-parameters
https://tools.ietf.org/html/rfc6637
https://www.ietf.org/mail-archive/web/openpgp/current/msg07321.html

However, openpgp-php doesn't support ECC keys. I've been trying to add it myself, but it's quite difficult. I'm not sure what key fields I should use, for example.

Anyone have any ideas or want to take a crack at it? ECC keys are awesome and super useful.

The library works as expected and returns correct results, but it takes long time to sign a small amount of (encrypted) data. PHP is version 7.0.22 running on my dev-pc-localhost.

openpgp-php was installed today by composer

php composer.phar info
phpseclib/phpseclib    2.0.4 
singpolyma/openpgp-php 0.3.0 

MWE:

<?php
$start = microtime(true);

require __DIR__ . '/vendor/autoload.php';

$pubkey_fn = 'keys/public_key.asc';
$privkey_fn = 'keys/private_key.asc';

$public_key = OpenPGP_Message::parse(OpenPGP::unarmor(file_get_contents($pubkey_fn), 'PGP PUBLIC KEY BLOCK'));

$message = "openpgp-php is great!";

$data = new OpenPGP_LiteralDataPacket($message);
$encrypted = OpenPGP_Crypt_Symmetric::encrypt($public_key,new OpenPGP_Message(array($data)));

$time_elapsed_secs = microtime(true) - $start;
echo 'Encrypted at '. $time_elapsed_secs . ' Secs<br>';


$private_key = OpenPGP_Message::parse(OpenPGP::unarmor(file_get_contents($privkey_fn), 'PGP PRIVATE KEY BLOCK'));
$sign = new OpenPGP_Crypt_RSA($private_key);

$time_elapsed_secs = microtime(true) - $start;
echo 'Ready to sign at ' . $time_elapsed_secs . ' Secs<br>';

$m = $sign->sign($encrypted->to_bytes());

$time_elapsed_secs = microtime(true) - $start;
echo 'Signed at ' . $time_elapsed_secs . ' Secs<br>';

file_put_contents('gpg_encrypted_and_signed', $m->to_bytes());
?>

This outputs

Encrypted at 0.076852083206177 Secs
Ready to sign at 0.077071905136108 Secs
Signed at 17.637367963791 Secs

Any idea why this takes so long?

That has been replaced by the new signatures call, but is still being used in one place.