Re: GnuPG tie to gpg binary gives broken pipe error in CGI output

SUCCESS. Thank you all very much.

I got both GnuPG::Interface and the code with Open3 working. GnuPG::Interface built okay on perl 5.005_03/FreeBSD 4.3 after also building Class::MethodMaker and editting my way around some tests. This no longer needed me to set $ENV{GNUPGHOME} as this is done in an init hash with the Interface module. A final hurdle was to get gpg's stderr and debug it, as explained below.

Since I gave the server no key pair of its own, gpg was unable to trust an imported public key even though I told it to do so using the --edit-key function. It was necessary to edit the options file in the .gnupg directory to designate an ultimately trusted key to stop gpg from trying to validate it and failing. Also the key had to be designated as a "long key id", which is found (as the options file comment says) embedded in the output of gpg --list-key --with-colons (which is not the fingerprint).

I was able to download the ascii-armored encrypted file and easily decrypt it with WinPT, which also worked well on a clipboard copied off a browser window.

I will use GnuPG::Interface, and see if I can post something here after cleaning it up. Many thanks!

Comment on Re: GnuPG tie to gpg binary gives broken pipe error in CGI output

Replies are listed 'Best First'.
Re: Re: GnuPG tie to gpg binary gives broken pipe error in CGI output by mattr (Curate) on Mar 09, 2003 at 14:02 UTC
Hi again, I cleaned up what I now have to share with others. #!/usr/local/bin/perl -w # gpgtest.cgi -- Encrypt to a Public Key from CGI # Runs on perl 5.005_03 / FreeBSD 4.3 $\|=1; print "Content-type: text/html\n\nSTARTED<BR>"; use lib qw(/home/www/myusername/data/sitelib); use CGI::Carp qw(fatalsToBrowser warningsToBrowser); use IO::Handle; use GnuPG::Interface; # Note you should have imported a public key into gpg already. # It must be trusted, which can be done without any secret keys # being installed by editting .gnupg/options (read the comments). # The encrypted text is ascii armored and can be copied or # downloaded for decryption with a GPG client like WinPT / GPG # See www.gnupg.org for documentation and links to client software. # Perl libs including Class::MethodMaker built with local prefix # using perl Makefile.PL LIB=~/data/sitelib my @plaintext = ("just another perl hacker"); # plaintext lines $m = 'secretkeyowner@secretdomain.com'; # email address my $gpghomedir = '/home/www/myusername/.gnupg'; # path to .gnupg my $gnupg = GnuPG::Interface->new(); # instantiate $gnupg->options->hash_init( armor => 1, homedir => $gpghomedir, verbose => 1, meta_interactive => 0 ); # init $gnupg->options->push_recipients($m); # email addresses # Set up some handles to communicate with gpg my ( $input, $output, $error ) = ( IO::Handle->new(), IO::Handle->new() , IO::Handle->new() ); my $handles = GnuPG::Handles->new( stdin => $input, stdout => $output, stderr => $error ); my $pid = $gnupg->encrypt( handles => $handles );# open write connxn foreach (@plaintext) { print $input $_; } # send msg to gpg close $input; # close write. my @ciphertext =(); # now read encrypted while (<$output>) { push(@ciphertext,$_); } # msg from gpg. waitpid $pid, 0; # clean up the done # GnuPG process. open (OUT,">testoutput"); # Save to disk. foreach (@ciphertext) { print OUT $_ ; }; close(OUT); print "<PRE>OK:\n" . join("",@ciphertext); # View in browser. print "\nWARNINGS:<BR>\n"; # View gpg stderr print $_ while (<$error>); # reading in buffer. close $error; # close buf handle. exit 0; Output: STARTED -----BEGIN PGP MESSAGE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org hQGOA6gWzASXj2Y7EAX+OYWAWeuP52WbB1/zc90H9VBgHBI/DUTROLzjxguyiFa8 HfRx1zgbeeALaJqmaSnM2uALdjFyIK0wfMwj7HtdUyOGFKZmW4g8fSolbLSMq++H SWoggl+grK2OfsL06ScKKu7ycq6TKRKg+/tkHSkf5pHDg1wBY+yPCSssTINtnL+W 0c1vb9+WOXUSbS6x7O7sZjY+b+YzTAL78gWqcYExm+yLXaURHGF2MbhKAS8+L9VH MfsdSinLGW3m1ddgP1bGBf0WLWYTrhTjb2eASHOLoAYCkedI6meCQklOOjcnGd6P jYSgJusmdiztuXOFOetL8q53H2X9Vvc9zOuqGdgmSV6VqLFvocb6gMzXzR/kdowZ hzq7iAWHWs6yNXn7NprCgujetHMLpMwpFeKAN45rkEvQjSyiObuwxhYRkNQclYoT I39QlRG7TRiXbeaKrrpY+RhsP96vPOT9wBb93fXkKlOVVXGm7farR2ces+/6RZFG c3RRcAWXJwUpLxi6TurdRgrSSAGa1oCjFkzEW4zudhKvAp5TzS7x/fXK+Nd5TTSJ uMiYWzOxpuBUY2gACoJwoHdlfjE/TFd4kyJ+FA+u+3ZHlJ7a0SESCNo82Q== =A/7j -----END PGP MESSAGE----- WARNINGS: gpg: Warning: using insecure memory! gpg: using secondary key XXXXXXXX instead of primary key XXXXXXXX gpg: This key belongs to us gpg: reading from `[stdin]' gpg: writing to stdout gpg: ELG-E/RIJNDAEL encrypted for: XXXXXXXX XXXX (XXXXXXXXX) [download] Thank you again for your much appreciated help.	[reply] [d/l]

Replies are listed 'Best First'.

Re: Re: GnuPG tie to gpg binary gives broken pipe error in CGI output
by mattr (Curate) on Mar 09, 2003 at 14:02 UTC

#!/usr/local/bin/perl -w

# gpgtest.cgi -- Encrypt to a Public Key from CGI
# Runs on perl 5.005_03 / FreeBSD 4.3

$|=1;
print "Content-type: text/html\n\nSTARTED<BR>";

use lib qw(/home/www/myusername/data/sitelib);
use CGI::Carp qw(fatalsToBrowser warningsToBrowser);
use IO::Handle;
use GnuPG::Interface;

# Note you should have imported a public key into gpg already.
# It must be trusted, which can be done without any secret keys
# being installed by editting .gnupg/options (read the comments).
# The encrypted text is ascii armored and can be copied or 
# downloaded for decryption with a GPG client like WinPT / GPG
# See www.gnupg.org for documentation and links to client software.
# Perl libs including Class::MethodMaker built with local prefix
# using perl Makefile.PL LIB=~/data/sitelib

my @plaintext = ("just another perl hacker");    # plaintext lines
$m = 'secretkeyowner@secretdomain.com';          # email address
my $gpghomedir = '/home/www/myusername/.gnupg';  # path to .gnupg
my $gnupg = GnuPG::Interface->new();             # instantiate
$gnupg->options->hash_init( armor   => 1,
                            homedir => $gpghomedir,
                            verbose => 1,
                            meta_interactive => 0
                            );                   # init
$gnupg->options->push_recipients($m);            # email addresses

# Set up some handles to communicate with gpg
my ( $input, $output, $error ) 
 = ( IO::Handle->new(), IO::Handle->new() , IO::Handle->new() );
my $handles = GnuPG::Handles->new( 
     stdin => $input, stdout => $output, stderr => $error );

my $pid = $gnupg->encrypt( handles => $handles );# open write connxn
foreach (@plaintext) { print $input $_; }        # send msg to gpg
close $input;                                    # close write.

my @ciphertext =();                              # now read encrypted
while (<$output>) { push(@ciphertext,$_); }      # msg from gpg.
waitpid $pid, 0;                                 # clean up the done
                                                 # GnuPG process.

open (OUT,">testoutput");                        # Save to disk.
foreach (@ciphertext) { print OUT $_ ; };
close(OUT);

print "<PRE>OK:\n" . join("",@ciphertext);       # View in browser.
print "\nWARNINGS:<BR>\n";                       # View gpg stderr
print $_ while (<$error>);                       # reading in buffer.
close $error;                                    # close buf handle.

exit 0;

Output:

STARTED

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
hQGOA6gWzASXj2Y7EAX+OYWAWeuP52WbB1/zc90H9VBgHBI/DUTROLzjxguyiFa8
HfRx1zgbeeALaJqmaSnM2uALdjFyIK0wfMwj7HtdUyOGFKZmW4g8fSolbLSMq++H
SWoggl+grK2OfsL06ScKKu7ycq6TKRKg+/tkHSkf5pHDg1wBY+yPCSssTINtnL+W
0c1vb9+WOXUSbS6x7O7sZjY+b+YzTAL78gWqcYExm+yLXaURHGF2MbhKAS8+L9VH
MfsdSinLGW3m1ddgP1bGBf0WLWYTrhTjb2eASHOLoAYCkedI6meCQklOOjcnGd6P
jYSgJusmdiztuXOFOetL8q53H2X9Vvc9zOuqGdgmSV6VqLFvocb6gMzXzR/kdowZ
hzq7iAWHWs6yNXn7NprCgujetHMLpMwpFeKAN45rkEvQjSyiObuwxhYRkNQclYoT
I39QlRG7TRiXbeaKrrpY+RhsP96vPOT9wBb93fXkKlOVVXGm7farR2ces+/6RZFG
c3RRcAWXJwUpLxi6TurdRgrSSAGa1oCjFkzEW4zudhKvAp5TzS7x/fXK+Nd5TTSJ
uMiYWzOxpuBUY2gACoJwoHdlfjE/TFd4kyJ+FA+u+3ZHlJ7a0SESCNo82Q==
=A/7j
-----END PGP MESSAGE-----

WARNINGS:
gpg: Warning: using insecure memory!
gpg: using secondary key XXXXXXXX instead of primary key XXXXXXXX
gpg: This key belongs to us
gpg: reading from `[stdin]'
gpg: writing to stdout
gpg: ELG-E/RIJNDAEL encrypted for: XXXXXXXX XXXX (XXXXXXXXX)
[download]

[reply]
[d/l]