. * *************************************************************/ // check that data has arrived here via HTTPS if ($_SERVER['HTTPS'] != "on") { die ("Use a secure HTTPS connection to the server. Aborting ..."); } if (! is_file("gpgconfig.php")){ die ("Config file does not exist."); } require_once('gpgconfig.php'); if (! isset($DATADIR)){ $DATADIR = "/none"; $FILESDIR = "/none"; } // use GET only when filename is given if (strtoupper($_SERVER['REQUEST_METHOD']) != "POST") { //check if there is a query string, then abort except if files are to be handled. if (count($_GET) != 0){ if ($INPUT != 'file') { die ("Always use POST to prevent recording of query strings. Aborting ..."); } else { if (isset($_REQUEST['file'])) { // touch legitimate files only ! if (isset($USERID)) { $FILESDIR = $DATADIR ."/". $USERID; } else { $FILESDIR = $GPGDIR."/data"; } $RELATIVEFILE = checkinput($_REQUEST['file'],"noscript"); $FILE = $FILESDIR ."/". $RELATIVEFILE; $FILE = str_replace('//','/',$FILE); } else { $FILE = "/none"; } } } } else { if (isset($_REQUEST['file'])) { // touch legitimate files only ! if (isset($USERID)) { $FILESDIR = $DATADIR ."/". $USERID; } else { $FILESDIR = $GPGDIR."/data"; } $RELATIVEFILE = checkinput($_REQUEST['file'],"noscript"); $FILE = $FILESDIR ."/". $RELATIVEFILE; $FILE = str_replace('//','/',$FILE); } } if (! isset($RELATIVEFILE)){ $RELATIVEFILE = "/none"; } $FILE = str_replace('../','xxx',$FILE); if (! is_dir($GPGDIR)){ die ("GPG directory $GPGDIR does not exist."); } else { $ERRORFILE = $GPGDIR."/gpgerrors"; } if (! isset($DECRYPTBIGFILES)){ $DECRYPTBIGFILES = "no"; } if (! isset($PLAINRETURN)){ $PLAINRETURN = "no"; } $TEXT = ""; if (isset($_REQUEST[$DECRYPTIONTEXTAREA])) { $TEXT = $_REQUEST[$DECRYPTIONTEXTAREA]; $TEXT = addslashes($TEXT); } if (isset($_REQUEST['secret'])) { $SECRET = checkinput($_REQUEST['secret'],"noscript"); } if (! isset($KEYSELECTION)){ $KEYSELECTION = "no"; } if (! isset($DECRYPTIONIFRAMENUMBER)){ $DECRYPTIONIFRAMENUMBER = 0; } if (! isset($REPLACEFILE)){ $REPLACEFILE = "no"; } if (isset($_REQUEST['decryptionkey'])){ $DECRYPTIONKEY = checkinput($_REQUEST['decryptionkey'],"noscript"); } echo "\n"; echo "
\n"; if (isset($TEXT) && isset($SECRET)) { // perform decryption if (strlen($SECRET) > 0) { $ERRORFILE = $GPGDIR."/gpgerrors"; unix("rm ".$ERRORFILE); echo "

Decryption

\n"; // get random file name for plain text $rndhandle = fopen("/dev/urandom","r"); $RND = fread($rndhandle,20); fclose($rndhandle); $FILENAME = $GPGDIR."/".sha1($RND); // $FILENAME will contain plain text data $CRYPTOGRAM = $GPGDIR."/".sha1($RND)."-encrypted.file"; if ($DECRYPTBIGFILES == "yes"){ if ($INPUT == 'file') { // decrypt a file unix("touch ".$CRYPTOGRAM); unix("chmod 600 ".$CRYPTOGRAM); unix("cp \"".$FILE."\" ".$CRYPTOGRAM); $SIZE = unix("wc -c ".$CRYPTOGRAM." | cut -f1 -d' ' "); echo "

decrypting ".$SIZE." bytes ...

\n"; $ENC ="/usr/bin/gpg --homedir ".$GPGDIR." --require-secmem --batch --no-tty --yes --logger-file ".$ERRORFILE." --passphrase ".$SECRET." --output ".$FILENAME." --decrypt ".$CRYPTOGRAM ; unix($ENC); unix("rm ".$CRYPTOGRAM); } else { $ENC ="/usr/bin/gpg --homedir ".$GPGDIR." --require-secmem --batch --no-tty --yes --logger-file ".$ERRORFILE." --passphrase ".$SECRET." --output - --decrypt > ".$FILENAME ; unixpipe($ENC,$TEXT); } unix("chmod 600 ".$FILENAME); $handle = fopen($FILENAME, "r"); $RESULT = fread($handle,20000000); fclose($handle); // $RESULT may contain code $RESULT = checkinput($RESULT, "noscript"); if ($INPUT != 'file') { // destroy content of the plain text file unix("dd if=/dev/zero of=".$FILENAME." bs=1 count=".strlen($RESULT)); unix("sync"); unix("rm ".$FILENAME); } } else { $ENC ="echo \"".$TEXT."\" | /usr/bin/gpg --homedir ".$GPGDIR." --require-secmem --batch --no-tty --yes --logger-file ".$ERRORFILE." --passphrase ".$SECRET." --output - --decrypt" ; $RESULT = unix($ENC); } $ERRORS = unix("cat ".$ERRORFILE); echo "\n"; // check if decryption is successful $ERR1 = strpos($RESULT,'No such file or directory'); $ERR2 = strpos($RESULT,'no valid OpenPGP data found'); if (($ERR1 === false) && ($ERR2 === false) && (strlen($RESULT) > 0 )){ echo "

".strlen($RESULT)." bytes decrypted

"; if ($INPUT != 'file') { echo "

Plain Text

"; echo "\n
\n"; echo "

\n"; echo "    \n\n"; } else { if ($REPLACEFILE == "yes") { unix("cp ".$FILENAME." \"".$FILE."\""); } else { // strip .asc from filename if (substr($FILE,-4) == '.asc') { $FNAME = substr($FILE,0,-4); } else { $FNAME = $FILE; } unix("cp ".$FILENAME." \"".$FNAME."\""); } // destroy content of the plain text file unix("dd if=/dev/zero of=".$FILENAME." bs=1 count=".strlen($RESULT)); unix("sync"); unix("rm ".$FILENAME); echo "\n"; } echo "

version ".$VERSION." powered by Senderek Web Security

"; } else { echo "

Decryption failed.

"; echo "
\n"; } } else { echo "

Please enter a passphrase.

"; echo "

\n"; } } else { // prompt for a passphrase echo "

Decryption

\n"; echo "

Available secret keys

\n"; $Keys = unix("/usr/bin/gpg --homedir $GPGDIR --list-secret-keys --fingerprint"); $List = explode ("\n", $Keys); if (count($List) < 2 ) { die ("

No keys available. Aborting ...

"); } echo "\n"; $START = 0; foreach ($List as $Line){ $START += 1; if (substr_count($Line, "sec ") == 1) { $START = 0; $SEC = $Line; } if ( $START == 1) { $FP = substr($Line,24); } if ( $START == 2) { $UID = htmlentities(substr($Line,4)); } if ( $START == 3) { $SUB = $Line; echo ""; echo "\n"; echo "\n"; } } echo "
".$SEC."
".$SUB."		".$UID."
\n"; echo "
\n"; echo "\n"; echo "\n"; if (! isset($_REQUEST['secret'])) { echo ""; echo "\n"; } else { echo "\n"; } if ($INPUT != 'file') { echo "\n"; echo "\n"; } else { $FNAME = $FILE; if (isset($DATADIR)) { // strip directory name from filename $FNAME = substr($FNAME,strlen($DATADIR)); } echo "\n"; echo "\n"; } echo "
Passphrase
\n
"; echo "    \n"; echo "
File".$FNAME."
"; echo "    \n"; echo "
\n"; echo "
\n"; echo "

powered by Senderek Web Security

"; } echo "\n

\n"; ?>