Send email to dave
davidhbrown.usJust some brief notes so I remember what to do next time; not a complete walkthrough or anything like that. No guarantees! I'm supporting some legacy code that uses popen/exec calls to work with the gpg command to create encrypted email for off-line processing of ecommerce transactions. Specifically this is not using the GnuPG functions available with PHP 4.3/5.x from PECL. If you can get that working for you and it does everything you need, so much the better. (If I ever have to write brand-new code, I'll definitely look into using the extension.)
Install/update gnupg itself, naturally.
The main thing I've found is that gpg2 (gpg) really expects to be running as a user. I've tried copying over the ~/.gpg/ folder created as a different user (not www) but it doesn't work reliably. What did work was to use the vipw command to edit the password database, setting the www's home directory to /usr/local/apache2 and giving it a (temporarily) a login shell. I was then able to (as root) `su www` (setting a password for www is *not* necessary).
As www, do `gpg --gen-key` to create your own key, then `gpg --import` to bring in the public key of the recipient. Then `gpg --lsign-key` to tell it you trust the key.
To avoid warnings on stderr, create a file `.gnupg/options` containing the line `no-secmem-warning`; make sure the ~/.gnupg directory has permissions 0700 and its contents are 0600 and www is the owner-group.
Copyright (C) 2008,
David H. Brown. Don't steal my stuff; I won't steal yours. But I'd probably
be really happy to share.
Send email to davedavidhbrown.us