(PECL gnupg >= 0.1)
gnupg_decrypt — Decrypts a given text
$identifier
, string $text
)Decrypts the given text with the keys, which were set with gnupg_adddecryptkey before.
On success, this function returns the decrypted text.
On failure, this function returns FALSE.
Example #1 Procedural gnupg_decrypt() example
<?php
$res = gnupg_init();
gnupg_adddecryptkey($res,"8660281B6051D071D94B5B230549F9DC851566DC","test");
$plain = gnupg_decrypt($res,$encrypted_text);
echo $plain;
?>
Example #2 OO gnupg_encrypt() example
<?php
$gpg = new gnupg();
$gpg -> adddecryptkey("8660281B6051D071D94B5B230549F9DC851566DC","test");
$plain = $gpg -> decrypt($encrypted_text);
echo $plain;
?>
In regards to Mike's comments around passphrases not working correctly in v2, that's not entirely correct. If you want a PHP file to run without having to manually enter in your PGP passphrase you have to follow the steps outlined @ https://wiki.archlinux.org/index.php/GnuPG#Unattended_passphrase
Hope it helps.
If empty text is encrypted, the gnupg_decrypt() function will return a boolean FALSE so if you do a strict comparison (===, !==) to track a failure it will trigger you a failure.
For failures use Exceptions:
<?php
$gpg = new gnupg();
$gpg->seterrormode(gnupg::ERROR_EXCEPTION);
/*
.......further code.......
*/
try {
$string = $gpg->decrypt($stringToDecrypt);
} catch (Exception $e) {
// do the Error processing
}
?>
As of gnupg version 2, it is not possible to pass a plain password any more. The parameter is simply ignored. Instead, a pinentry application will be launched in case of php running in cli mode. In cgi or apache mode, opening the key will fail.
The simplest solution is to use keys without passwords.