我怎么能强制GPG从STDIN接受，而不是试图打开一个文件输入？ [英] How can I force GPG to accept input from STDIN instead of trying to open a file?

问题描述

我试图将文本GPG明确的签名，在一个PHP脚本的字符串。我可能会导致GPG在这样的加密字符串文本：

I am trying to incorporate GPG clear-signing of text in a string in a PHP script. I can cause GPG to encrypt text in a string like this:

$encrypted = shell_exec("echo '$text' | gpg -e -a -r foo@bar.com --trust-model always");

和该作品完美，与加密的文本被发送到$加密变量。这证明GNUPGHOME和GNUPG的设置是否正确。

and that works perfectly, with the encrypted text being sent to the $encrypted variable. This proves GNUPGHOME and GNUPG are set up correctly.

然而，当我尝试生产同样的方式明文签名的消息，这样的：

However, when I try to produce a clear-signed message in the same way with this:

$text = "googar";

$signature = exec("echo $passphrase | gpg -v --clearsign --no-tty --passphrase-fd 0 '$text' 2>&1 1> /dev/null", $output);

我回到这个错误：

I am returned this error:

... string(51) "gpg: can't open `googar': No such file or directory"
[3]=>
string(46) "gpg: googar: clearsign failed: file open error"
}

返回带或不带周围$文本变量的单引号此错误。

This error is returned with or without the single quotes around the $text variable.

我怎么可以强制GPG或了shell_exec对待$文本作为一个管道，而不是它寻找一个文件？

How can I force GPG or shell_exec to treat $text as a pipe instead of it looking for a file?

我要呼应密码以这种方式（我知道，其可怕不安全，因为GPG没有办法在一个密码通过在命令行上的变量。

I need to echo the passphrase in this way (I know, its 'horribly insecure' because GPG has no way to pass in a passphrase as a variable on the command line.

推荐答案

您可以使用的 proc_open ，并为您的密码，一个单独的文件描述：

You could use proc_open and create a separate file descriptor for your password:

$descriptorspec = array(
    0 => array("pipe", "r"),
    1 => array("pipe", "w"),
    2 => array("pipe", "w"),
    3 => array("pipe", "r"),
);

$pipes = false;
$process = proc_open("gpg -v --clearsign --no-tty --passphrase-fd 3", $descriptorspec, $pipes);

if(is_resource($process)) {
    fwrite($pipes[3], $passphrase);
    fclose($pipes[3]);

    fwrite($pipes[0], $text);
    fclose($pipes[0]);

    $output = stream_get_contents($pipes[1]);
    $stderr = stream_get_contents($pipes[2]);

    fclose($pipes[1]);
    fclose($pipes[2]);

    $retval = proc_close($process);

    echo "retval = $retval\n";
    echo "output= $output\n";
    echo "err= $stderr\n";
}

这篇关于我怎么能强制GPG从STDIN接受，而不是试图打开一个文件输入？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！