PHPでGnuPGで暗号化したファイルを作成する
GnuPG側の作業
・公開鍵をインポートする
・公開鍵の信頼性を「ultimate」にする
(暗号化時に、信頼性確認のユーザ入力を回避するため)
%gpg --import key1.asc
gpg: key 86DD2CCE: public key "user_1 <user_1@dummy.net>" imported
gpg: Total number processed: 1
gpg: imported: 1
%gpg --list-keys
/home/HOME_DIR/.gnupg/pubring.gpg
--------------------------------------
pub 1024D/752F3F28 2008-08-15
uid user_1 <user_1@dummy.net>
sub 1792g/49AC0A45 2008-08-15
pub 1024D/28D40E5F 2008-08-16
uid user_2 <user_2@hogehoge.net>
sub 2048g/6F005BC9 2008-08-16
%gpg --edit-key user_1@dummy.net
gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
pub 1024D/752F3F28 created: 2008-08-15 expires: never usage: SC
trust: unknown validity: unknown
sub 1792g/49AC0A45 created: 2008-08-15 expires: never usage: E
[ unknown] (1). user_1 <user_1@dummy.net>
Command> trust
pub 1024D/752F3F28 created: 2008-08-15 expires: never usage: SC
trust: unknown validity: unknown
sub 1792g/49AC0A45 created: 2008-08-15 expires: never usage: E
[ unknown] (1). user_1 <user_1@dummy.net>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
pub 1024D/752F3F28 created: 2008-08-15 expires: never usage: SC
trust: ultimate validity: unknown
sub 1792g/49AC0A45 created: 2008-08-15 expires: never usage: E
[ unknown] (1). user_1 <user_1@dummy.net>
Please note that the shown key validity is not necessarily correct
unless you restart the program.
Command> trust q
PHP側でのプログラム
(2つの公開鍵を使って暗号化する場合)
<?php
unlink("data.txt.asc"); // 出力ファイルを消去しておく
system("gpg -e -a -r user_1@dummy.net -r user_2@hogehoge.net data.txt");
unlink("data.txt"); // 元ファイルを消去する(必要なら)
?>
※ GnuPGの鍵管理で、公開鍵の信頼性を ultimate にしておかないと、次のようなユーザ入力街になり、PHPスクリプトが途中で止まってしまう
%gpg -e -r user_1@dummy.net data.txt
gpg: 49AC0A45: There is no assurance this key belongs to the named user
pub 1792g/49AC0A45 2008-08-16 user_1 <user_1@dummy.net>
Primary key fingerprint: A9D3 45E3 55B5 D4A0 3487 E759 00FB 2A02 9FD4 8848
Subkey fingerprint: A9D3 45E3 55B5 D4A0 3487 E759 00FB 2A02 9FD4 8848
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N)