GPG Contact Form rev10 SVN

GPG message encryption

  Add it to your Download Basket!

 Add it to your Watch List!


Rate it!

What's new in GPG Contact Form rev10 SVN:

  • Edited index.php to add a few special variables for the email content such as email, ip, useragent, date, time and then included the message. This works with both unencrypted and encrypted messages.
Read full changelog
send us
an update
GPL v3 
Dr Small
ROOT \ Security
GPG Contact Form is a tool that encrypts messages with your Public GPG Key from the server and delivers the encrypted message to your inbox. Supports both MySQL and PostgreSQL Databases.

It is powered by PHP.


First off, you need to upload all of the files in /gnupgcontact to your webserver. It could be uploaded to /contact for example.

We need to temporarily give /inc write permission so just go ahead and run:

chmod 777 inc/

This will ensure that the database.php file can be created at installation, solving many problem for you.

I have added a little command into the installation file which will automatically detect the full path to the gpg binary or the webserver. If you get any errors about this, it means that your webserver is running in SafeMode and can not execute the code.

However, the default path to gpg should be:


In order for GPG to function correctly, it will need to use a keyring and public key to encrypt the messages sent through the contact form, with your public key. If you don't have one, this is senseless.

The easiest way to obtain a keyring without any other keys (AND private keys) is to copy your .gnupg directory (on your computer) to a different location and then begin running:

gpg --homedir /path/to/new/gnupg_directory --delete-key KEYID

Until you have none left but your public key. NOTICE! It is a security risk to have your private key on this keyring, as it will be web-accessible. To delete your private key from the keyring, run:

gpg --homedir /path/to/new/gnupg_directory --delete-secret-keys KEYID

When you are all finished, make sure you only have one key on your new keyring, and that is your public key:

gpg --homedir /path/to/new/gnupg_directory --list-keys

With that complete, you may now upload this directory to your webserver. You must know the path to this directory for installation!

On the Installation page, for the "Key Id" submit field, DO NOT fill in your keyid in, as the following fashion: "0xAB2356FD". Please simply use "AB2356FD" instead.

The rest of the installation should be self-explanitory! Have fun!

GPG Permission Problems

If you keep getting blank emails, it's because there is a problem with GPG outputting the encrypted text. Here is a list of permissions that you should manually set to get the thing to work properly, should you have any problems.

The .gpg directory:

rwx-rwx-rwx (777)


rwx-r-x-r-x (755)


rwx-r-x-r-x (755)


rw-------   (600)


rw-r--r--   (644)

Theoritically, the only file necessary is .gpg/pubring.gpg but if you are copying your default .gpg directory, those other files are most likely there. If they are missing they will be created when GPG executes.

Last updated on October 11th, 2008


#GPG encryption #message encryption #contact form #GPG #message #encryption #security

Add your review!