Add support for GnuPG API

I use PGP since many years for secure mailing and encrypted data storage. Currently I use cron with a script to email me a backup of the database to an external mailbox. It would be very helpful to manage this with the GnuPG API.

GnuPG is a free implementation of the OpenPGP standard and can be freely used, modified and distributed under the terms of the GNU General Public License.

Dependencies: cron, GnuPG (default install: /usr/bin/gpg, default keyrings/public key: /home/username/.gnupg*1

Filename: backup_mysql.php

$datestamp = date("Y-m-d"); // Current date to append to filename of backup file in format of YYYY-MM-DD

/* CONFIGURE THE FOLLOWING VARIABLES TO MATCH YOUR SETUP */
$dbuser = "username"; // Database username
$dbpwd = "password"; // Database password
$dbname = "database"; // Database name. Use --all-databases if you have more than one
$filename= "filename_$datestamp.sql.pgp"; // The name (and optionally path) of the pgp file
$to = "mail@example.com"; // Email address to send file to
$from = "mail@example.com"; // Email address message will show as coming from.
$subject = "[SITENAME] MySQL backup $datestamp"; // Subject of email
$recipient = "0x1234567890ABCDEF"; // PGP Key ID

$command = "mysqldump -u $dbuser --password=$dbpwd $dbname | gpg --no-secmem-warning --recipient $recipient --always-trust --encrypt --output $filename"; // Generate the dump and encrypt it
$result = passthru($command);

$attachmentname = array_pop(explode("/", $filename)); // If a path was included, strip it out for the attachment name

$message = "Encrypted MySQL database backup file $attachmentname attached.";
$mime_boundary = "<<<:" . md5(time());
$data = chunk_split(base64_encode(implode("", file($filename))));

$headers = "From: $from\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: multipart/mixed;\r\n";
$headers .= " boundary=\"".$mime_boundary."\"\r\n";

$content = "This is a multi-part message in MIME format.\r\n\r\n";
$content.= "--".$mime_boundary."\r\n";
$content.= "Content-Type: text/plain; charset=\"iso-8859-1\"\r\n";
$content.= "Content-Transfer-Encoding: 7bit\r\n\r\n";
$content.= $message."\r\n";
$content.= "--".$mime_boundary."\r\n";
$content.= "Content-Disposition: attachment;\r\n";
$content.= "Content-Type: Application/Octet-Stream; name=\"$attachmentname\"\r\n";
$content.= "Content-Transfer-Encoding: base64\r\n\r\n";
$content.= $data."\r\n";
$content.= "--" . $mime_boundary . "\r\n";

mail($to, $subject, $content, $headers);

unlink($filename); //delete the pgp file from the server

Cron command: php -q /home/username/etc/backup_mysql.php*2

*1 You have to import at least one public key ($recipient) into your public keyring, e.g. with cPanel.
*2 A path outside your webroot.

I would like an encryption solution that does not depend on Backup and Migrate to decrypt (so that backups are not totally useless if your site isn't running).

This solution is OpenPGP/GnuPG because I read in the module: Encrypted files can only be restored by Backup and Migrate and only on sites with the same encryption key.

Are there standard tools/techniques to decrypt GnuPG encrypted files?

GnuPG or any other OpenPGP program/implementation. OpenPGP is the standard. I use PGP for Windows (PGP Desktop).

If you haven't installed an OpenPGP compliant product you can not decrypt the backup files and in this case you don't need the GnuPG API at all.

As long as the GnuPG module isn't implemented in Backup and Migrate I prefer the slim version 1.x of the module and the solution posted in comment #3. It works perfectly for me.