RE: Encryption Advice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Re: Encryption Advice

First off, thanks to the folks who replied with
advice. I am mulling over your advice (and I greatly
appreciate it!). I have been doing PHP programming for
a couple years, including secure sites, but this is my
first ecommerce venture, so I am trying to learn as
much as I can. Also it is for a friend and I figure
the learning is my payment. :)

In regards to GNU Privacy Guard (gpg), I did actually
manage to get that to work in the hosting environment
(without the help of the hosting support folks! :). I
use a directive to tell gpg to not warn me about
"using insecure memory" but since no private keys
reside on this host I think I can safely ignore that
(they can't steal what is not there).

The real difficulty is that the httpd process runs as
an id different than my logon account and I have no
shell access. What I did to get around that was to
create a subdirectory .gnupg from my html root and
ftp'd my pubring.gpg (public key ring) and trustdb.gpg
(trust database) into that subdirectory. I secured
that wide open (after all, it is a _public_ keyring)
cause otherwise gpg will fail. 

Then I coded the php program to send a command like
this using shell_exec:

/usr/bin/gpg -a -e -r 'mykeyname' --no-default-keyring
--keyring /home/users/web/myhome/.gnupg/pubring.gpg
--no-secmem-warning /home/users/web/myhome/ayres

In the above the last file "ayres" is the file to
encode and the result of the above is a file ayres.asc
which is encoded and ready to be mailed.

I used the --no-default-keyring and --keyring to point
gpg to the keyrings I ftp'd up to the .gnupg
subdirectory. 

Anyway that worked, and on downloading the encoded
file I could decode it with the secret key. 

Don't know if I will use this approach yet, but it was
fun to figure out that it could be done! :)

Thanks to all who gave advice! Again, I will give some
thought to that, and I very much appreciate advice
from people who have "been there, done that"! 

Lawrence Kennon


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux