Sending PGP HTML Encrypted e-mail with PHP

While adding the PGP HTML Report feature to WeSunSolve, I first successfully crypted the content of the HTML report to be sent to the user with PGP key. I would have thought that this was gonna be the hardest part, that was without thinking about MIME and HTML support of PGP encrypted mails.

Here is how I finally ended up by creating HTML PGP encrypted Mails using PHP which can be opened using (at least) claws-mail and thunderbird with proper rendering of the HTML report:

Content of the clear message

 Subject: My HTML crypted report
 X-PHP-Originating-Script: 1000:mlist.obj.php
 From: "We Sun Solve" <>
 X-Sender: WeSunSolve v2.0
 Message-ID: <>
 Date: Sun, 29 Apr 2012 18:34:36 +0200
 MIME-Version: 1.0
 Content-Type: multipart/encrypted; 

This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)
 Content-Type: application/pgp-encrypted
 Content-Description: PGP/MIME version identification Version: 1
 Content-Type: application/octet-stream; name="encrypted.asc"
 Content-Description: OpenPGP encrypted message
 Content-Disposition: inline; filename="encrypted.asc"
 Version: GnuPG v1.4.10 (GNU/Linux)
 -----END PGP MESSAGE-----

Content of the PGP encrypted part

Content-Type: multipart/alternative; 
 This is a multi-part message in MIME format.
 Content-Type: text/plain; charset=utf-8
 Content-Transfer-Encoding: quoted-printable
 You need to have a MUA capable of rendering HTML to read the WeSunSolve emails.
 You can consult the website if you are not able to read this email, the information sent to you should also be on the website...
 Content-Type: text/html; charset="utf-8"
 Content-Transfer-Encoding: quoted-printable

This is the report in cleartext!

Code Used

$pgpmime = ”;
$mime = ”;
$headers = ”;
$dest = ‘’;
$subject = ‘My HTML crypted report’;
$clearContent = ‘<html><p>This is the report in cleartext!</p></html>’;
$clearText = ‘This is the text version of the report’;
/* Prepare the crypted Part of the message */
$bound = ‘————‘.substr(strtoupper(md5(uniqid(rand()))), 0, 25);
$pgpmime .= “Content-Type: multipart/alternative;\r\n boundary=\”$bound\”\r\n\r\n”;
$pgpmime .= “This is a multi-part message in MIME format.\r\n”;
$pgpmime .= “–$bound\r\n”;
$pgpmime .= “Content-Type: text/plain; charset=utf-8\r\n”;
$pgpmime .= “Content-Transfer-Encoding: quoted-printable\r\n\r\n”;
$pgpmime .= $clearText.”\r\n\r\n”;
$pgpmime .= “–$bound\r\n”;
$pgpmime .= “Content-Type: text/html; charset=\”utf-8\”\r\n”;
$pgpmime .= “Content-Transfer-Encoding: quoted-printable\r\n\r\n”;
$pgpmime .= $clearContent.”\r\n”;
$pgpmime .= “–$bound–\r\n”;
$content = GPG::cryptTxt($pgpkey, $pgpmime);
/* Make the email’s headers */
$headers = ”;
$headers = “From: $from\r\n”;
$headers .= “Reply-to: “.$config[‘mailFrom’].”\r\n”;
$headers .= “X-Sender: WeSunSolve v2.0\r\n”;
$headers .= “Message-ID: <“.time().”@”.$_SERVER[‘SERVER_NAME’].”>\r\n”;
$headers .= “Date: ” . date(“r”) . “\r\n”;
$bound = ‘————enig’.substr(strtoupper(md5(uniqid(rand()))), 0, 25);
$headers .= “MIME-Version: 1.0\r\n”;
$headers .= “Content-Type: multipart/encrypted;\r\n”;
$headers .= ” protocol=\”application/pgp-encrypted\”;\r\n”;
$headers .= ” boundary=\”$bound\”\r\n\r\n”;
/* And the cleartext body which encapsulate PGP message */
$mime = ”;
$mime .= “This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)\r\n”;
$mime .= “–$bound\r\n”;
$mime .= “Content-Type: application/pgp-encrypted\r\n”;
$mime .= “Content-Description: PGP/MIME version identification\r\n\r\n”;
$mime .= “Version: 1\r\n\r\n”;
$mime .= “–$bound\r\n”;
$mime .= “Content-Type: application/octet-stream; name=\”encrypted.asc\”\r\n”;
$mime .= “Content-Description: OpenPGP encrypted message\r\n”;
$mime .= “Content-Disposition: inline; filename=\”encrypted.asc\”\r\n\r\n”;
$mime .= $content.”\r\n”;
$mime .= “–$bound–“;
mail($dest, $subject, $mime, $headers);
This entry was posted in Programming. Bookmark the permalink.

1 Response to Sending PGP HTML Encrypted e-mail with PHP

  1. Pingback: html mail encryption from terminal

Leave a Reply

Your email address will not be published. Required fields are marked *