Skip to main content

PHP, GnuPG, and gpg-agnet when decryption

I am now trying to write a small web application in PHP for my personal use.
It reads a file encrypted with my GnuPG public key, decrypts it, and shows the content in pretty HTML format.
Because PHP natively supports many GnuPG wrapper functions, I only wrote codes to call those wrapper functions. By the GnuPG's nature, you have to provide the pass phrase before decrypting the file to retrieve the secret key .

I configured up my application running with my user ID under user-dir directory, i.e. ~/public_html, within apache 2.4 prefork process. This setting requires Apache 2 PHP module as well as mod_ruid2, which enables apache handlers to run under the user-dir.

When I ran my PHP application  supplying my key ID and its pass phrase as the form input elements on my desktop browser, an unusual pop-up window came up. It is not the browser's one, but the keyring manager's window on my desktop environment.  It surprised me because normal web applications don't do such thing and no such behavior is written in the PHP document.  But I understand shortly that the GnuPG's key agent (gpg-agent) must have launched the pop-up window asking for the pass phrase.

This is against my expectation, but is not critical. But I still want to know  how to disable the intervention of the gpg-agent by control from within the PHP code.

Comments

Post a Comment

Popular posts from this blog

Some adjustment to run some daemon services within LXC container

 I built and am running a mail server, using dovecot for IMAP4 server and Power DNS (pdns) for DNS authoritative server, and memcached for back-end service for some mail filter. I also use LXC for staging environment to test my mail server, but running those services is not straight forward. My understanding is that it is because some security features of systemd using Linux kernel namespace function conflict with the use of namespace in LXC container. So, if you want to run memcached, dovecot, and pdns via systemd within LXC container, you have to disable some security features of systemd by configuration. My additional configuration to systemd is as follows: root@myhost:/# cat /etc/systemd/system/memcached.service.d/99-ns.conf [Service] ProtectSystem = no ProtectHome = no PrivateDevices = no PrivateTmp = no cat /etc/systemd/system/dovecot.service.d/99-ns.conf [Service] ProtectSystem = no PrivateDevices = no PrivateTmp = no root@myhost:/# grep -v '#' /etc/systemd/system/pdns.s...
Post a Comment
Read more

Xen on Squeeze failed to start up the X server with an Intel graphics controller

I recently tried to set up Xen on my Squeeze box, with intel 945GM graphics controller. I followed the instruction on Xen - Debian Wiki . I installed the Xen hypervisor, kernel, xen-tools and other stuff, then created a domU image of Ubuntu natty. After that, I rebooted the system. But when X server was about to be launched, the screen became black out,  both keyboard and mouse don't work anymore. I reread the article on the wiki, and figured out the Xorg driver for Intel graphics controller  is suspicious. So, I changed the Xorg driver 'intel' to 'fbdev' wrting /etc/X11/xorg.conf , and rebooted.  This workaround works out! The drawback of the workaround is, 'intel' driver specific features, including DRI and XvMC, are disabled.
1 comment
Read more

Configuring Network Manager for PPPoE connection

When I'm home, I use fiber-optic line with a dedicated old small router (YAMAHA RT107e) for access to the Internet. But I recently became anxious about the router. If it fails, how can I survive until I get another one? So, I tried to connect my Debian desktop PC to the fiber-optic line without the router. The PC have to talk to the other side of the line with PPPoE but I did not know how. In my PC, the Network Manager manages network configuration. So, I had to configure the Network Manager to utilize the pppoe like : nmcli connection add ifname eth0 connection.type pppoe username USERNAME password PASSWORD
Post a Comment
Read more