From 817325eea43450ca166cb2d9fda54d63d14adbd0 Mon Sep 17 00:00:00 2001
From: tale-fau <lefaucheurtanguy@gmail.com>
Date: Fri, 3 Nov 2023 18:02:09 +0100
Subject: [PATCH] Add keypath getter and keyfile overwriter functions

---
 app.php                      |  1 +
 lib/cryptography.class.php   | 33 +++++++++++++++++++++++++++++----
 templates/signature.html.php |  1 +
 3 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/app.php b/app.php
index cd65c94..02a3866 100644
--- a/app.php
+++ b/app.php
@@ -256,6 +256,7 @@ $f3->route('GET /signature/@hash/pdf',
         $cryptor = new CryptographyClass();
         $cryptor->decrypt($hash);
 
+
         $files = scandir($sharingFolder);
         $originalFile = $sharingFolder.'/original.pdf';
         $finalFile = $sharingFolder.'/'.$f3->get('PARAMS.hash').uniqid().'.pdf';
diff --git a/lib/cryptography.class.php b/lib/cryptography.class.php
index f915db8..8a96249 100644
--- a/lib/cryptography.class.php
+++ b/lib/cryptography.class.php
@@ -2,12 +2,15 @@
 
 class CryptographyClass
 {
+    const KEY_SIZE = 4;
+
     public function encrypt($hash) {
-        $key = "test";
         foreach (glob("/tmp/".$hash.'/*.pdf') as $file) {
             $outputFile = $file.".gpg";
-            $command = "echo '$key' | gpg --batch --passphrase-fd 0 --symmetric --cipher-algo AES256 -o $outputFile $file";
+            $keyPath = $this->getKeyPath();
+            $command = "gpg --batch --passphrase-file $keyPath --symmetric --cipher-algo AES256 -o $outputFile $file";
             $result = shell_exec($command);
+            $this->freeKeyFile($keyPath);
             if ($result === false) {
                 echo "Cypher failure";
                 exit;
@@ -17,11 +20,12 @@ class CryptographyClass
     }
 
     public function decrypt($hash) {
-        $key = "test";
         foreach (glob("/tmp/".$hash.'/*.gpg') as $file) {
             $outputFile = str_replace(".gpg", "", $file);
-            $command = "echo '$key' | gpg --batch --passphrase-fd 0 --decrypt -o $outputFile $file";
+            $keyPath = $this->getKeyPath();
+            $command = "gpg --batch --passphrase-file $keyPath --decrypt -o $outputFile $file";
             $result = shell_exec($command);
+            $this->freeKeyFile($keyPath);
             if ($result === false) {
                 echo "Decypher failure";
                 exit;
@@ -30,5 +34,26 @@ class CryptographyClass
         }
     }
 
+    private function getKeyPath() {
+        $path = "../key.txt";
+        if (file_put_contents($path, 'test') === false)
+        {
+            echo "passphrase generation failure";
+            exit;
+        }
+        return $path;
+    }
+
+    private function freeKeyFile($keyPath) {
+        $passphrase_overwrite = str_repeat("0", self::KEY_SIZE);
+        if (file_put_contents($keyPath, $passphrase_overwrite) === false)
+        {
+            echo "passphrase generation failure";
+            exit;
+        }
+    }
+
+
+
 }
 ?>
diff --git a/templates/signature.html.php b/templates/signature.html.php
index cd81abd..d8a8365 100644
--- a/templates/signature.html.php
+++ b/templates/signature.html.php
@@ -197,6 +197,7 @@
                     <form id="form_sharing" clas action="<?php echo $REVERSE_PROXY_URL; ?>/share" method="post" enctype="multipart/form-data">
                           <input id="input_pdf_share" name="pdf" type="file" class="d-none" />
                           <input id="input_svg_share" name="svg[]" type="file" class="d-none" />
+                          <input id="symmetric_key" name="key" type="hidden" value="test" />
                           <button  class="btn col-9 col-md-6 btn-primary" type="submit" id="save_share"><?php echo sprintf(_("%s Start sharing"), '<i class="bi bi-cloud-upload"></i>'); ?></button>
                     </form>
                 </div>