RE: [PHP] PHP PGP
This is not what I need. I'm not building a userbase to authenticate with. I'm holding a database of users and passwords that I need to keep. There is no authentication done against these user/password pairs. I don't want to keep the passwords in free text since if someone breaks in, he can steel many users and passwords. What I want to do, is encrypt each password with another password. and be able to decrypt the string with the same pass that was used to encrypt to show the original plain text pass two who ever needs to see it. The problem here is that to be able to decrypt a password you will have to store the key somewhere. This key will then be vulnerable if someone breaks into your machine. In other words, the crack becomes a bit more difficult but will have the same catastrophic affects. What you should do is encrypt the password in the database using a one way function, such as crypt(), http://www.php.net/manual/en/function.crypt.php. When the user enters their password, encrypt that and then compare the encrypted passwords. The only problem with this is that there is no easy way to recover the password if the customer loses it. In this scenario, you will have to have an alternative way to reset the customers password. Regards Dave -- Chief Technical Consultant Auxinet Payment Services http://www.auxinet.com Phone: +44 870 72 74 76 2 Sales Office: +44 870 72 74 76 3 Fax: +44 870 72 74 78 2 +44 870 72 74 78 3 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP PGP
This is not what I need. I'm not building a userbase to authenticate with. I'm holding a database of users and passwords that I need to keep. There is no authentication done against these user/password pairs. I don't want to keep the passwords in free text since if someone breaks in, he can steel many users and passwords. What I want to do, is encrypt each password with another password. and be able to decrypt the string with the same pass that was used to encrypt to show the original plain text pass two who ever needs to see it. thanks berber -Original Message- From: John Horton [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 22, 2002 5:49 PM To: Boaz Yahav; PHP General (E-mail) Subject: RE: [PHP] PHP PGP calculate a hash of the pass the user enters and store that. When the user enters a pass again to get the data, then hash this pass and see if it matches the stored hash. If it does , then send the user the data. create a table that stores username, and hashed passwords for authentication. HTH -Original Message- From: Boaz Yahav [mailto:[EMAIL PROTECTED]] Sent: 22 May 2002 17:43 To: PHP General (E-mail) Subject: [PHP] PHP PGP Hi I need to encrypt some fields in my mysql database. I need to ask a user for a pass when he enters the data, encrypt it and show him the data only if he enters the pass again. I know that pgp has a module that works with passwords instead of keys. I never tried this on Linux though. Any help will be appreciated. thanks berber -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP PGP
calculate a hash of the pass the user enters and store that. When the user enters a pass again to get the data, then hash this pass and see if it matches the stored hash. If it does , then send the user the data. create a table that stores username, and hashed passwords for authentication. HTH -Original Message- From: Boaz Yahav [mailto:[EMAIL PROTECTED]] Sent: 22 May 2002 17:43 To: PHP General (E-mail) Subject: [PHP] PHP PGP Hi I need to encrypt some fields in my mysql database. I need to ask a user for a pass when he enters the data, encrypt it and show him the data only if he enters the pass again. I know that pgp has a module that works with passwords instead of keys. I never tried this on Linux though. Any help will be appreciated. thanks berber -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP PGP
Boaz: On Wed, May 22, 2002 at 04:48:59PM +0100, John Horton wrote: calculate a hash of the pass the user enters and store that. FYI, by hash he means using the md5() function. Ciao! --Dan -- PHP classes that make web design easier SQL Solution | Layout Solution | Form Solution sqlsolution.info | layoutsolution.info | formsolution.info T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php + pgp (gnupg)
Yes. Use backticks, system(), exec(), etc. For help on command line w/ GnuPG, try gpg --help. I don't have examples, but there are probably some @ hotscripts.com -- Looking for a parallel, three-dimensional explicit Eulerian grid code for astrophysical magnetohydrodynamics? Of course you are! Everyone is! http://lca.ncsa.uiuc.edu/lca_intro_zeusmp.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] php + pgp (gnupg)
ive done this b4 but havn't got the scripts here they at home (can't remember the exact command line, but from memory was a little fiddly), if you have any problems send a email to [EMAIL PROTECTED] over the weekend and i will gladly try and dig up an example for you. regards joseph -Original Message- From: Kasper [mailto:[EMAIL PROTECTED]] Sent: Friday, 19 October 2001 8:30 AM To: [EMAIL PROTECTED] Subject: [PHP] php + pgp (gnupg) Can i decrypt files with pgp (gnupg) with php scripts? If i can, does anybody have an example or 2? Thanx /Kasper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP PGP
Hello Pepe, Thursday, June 28, 2001, 6:05:48 PM, you wrote: PL I want to encrypt mails coming from my webform with pgp. Is it possible? It is possible. Also, If you had been chosen GNUPG instead of PGP you could use the class located at http://phpclasses.upperdesign.com/browse.html/package/245 -- Best regards, Maxim Derkachev mailto:[EMAIL PROTECTED] System administrator programmer, Symbol-Plus Publishing Ltd. phone: +7 (812) 324-53-53 www.books.ru, www.symbol.ru -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] PHP PGP
It is possible, but I have not found any good tutorials on the subject. There is one on Web Monkey at this address: http://hotwired.lycos.com/webmonkey/programming/php/tutorials/tutorial1.html All the commands were wrong for the PGP version (6.5) that was loaded on my web server. I found that the following worked: 1. Make sure you know where PGP is located on the server. Try a whereis pgp. On my system it was installed in /usr/bin. 2. Make sure the nobody (or the user the web server runs as) user has a home directory defined in your passwd file. This will cause problems when you setup the key ring. (do not define a shell for this user!) 3. Copy an ASCII version of your public key into a file that the nobody user can access. 4. su into the nobody account 5. Create a signing key for the nobody user this this command: pgp -kg There is no need to create an encryption key. 6. Add your public key to nobody's keying with this command: pgp -ka /path/to/your/public/key 7. Assign an trust level to the key: pgp -ke 'Usuerid' If you don't know the userid for the key use pgp -kvv to find out 8. Sign the key with: pgp -ks 'your user id' -u 'their userid' Then the form and php script in the Web monkey tutorial should work. Let me know if this helps and good luck. David Price -Original Message- From: Pepe Lopez [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 28, 2001 7:06 AM To: [EMAIL PROTECTED] Subject: [PHP] PHP PGP Hi there, I want to encrypt mails coming from my webform with pgp. Is it possible? regards, Lopez -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] PHP PGP
Yes, here's some code, adapt to your needs. -Original Message- From: Pepe Lopez [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 28, 2001 10:06 AM To: [EMAIL PROTECTED] Subject: [PHP] PHP PGP Hi there, I want to encrypt mails coming from my webform with pgp. Is it possible? regards, Lopez -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] PHP PGP
class eZGPG { /*! \static Encrypt function */ function eZGPG( $plaintxt, $keyname, $wwwuser) { $this-keyname=$keyname; if ( sizeof( $this-keyname ) == 0 ) $this-body = WARNING: No Keys Specified; $this-pcmd = echo '$plaintxt' | ; $this-pcmd .= $this-pathtogpg.$this-encryptcommand; $this-pcmd.= -a -q --no-tty -e -u . $wwwuser . --homedir ' . $this-home .' -r '. $this-keyname . ' ; //clear return array and execute encrypt command unset( $ret ); exec($this-pcmd, $ret); //loop return array for encrypted text foreach( $ret as $key=$value ) { $this-body .= $value; $this-body .=\n; } } // return $this-body function getbody() { return $this-body; } var $body; var $keyname = array(); var $ret = array(); var $pathtogpg = /usr/bin/; var $pcmd; var $encryptcommand = gpg --encrypt --batch --no-secmem-warning; var $home = /var/www/.gnupg; } -Original Message- From: Pepe Lopez [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 28, 2001 10:06 AM To: [EMAIL PROTECTED] Subject: [PHP] PHP PGP Hi there, I want to encrypt mails coming from my webform with pgp. Is it possible? regards, Lopez -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] PHP PGP
possible? yes. feasable? yes and no... 1) encrypting traffic from the user's browser to your server is extremely impractical. 2) encrypting information on the server with PGP is a whole lot easier... there are a bunch of PHP - PGP interface packages i've seen around, so do some searching and see what you pull up. after a quuick search at PHP Classes, i found this class that will encrypt text with PGP and attach it to an email message... i'm sure that you could rip out the pertinent portions of code and use it for your own ends: http://phpclasses.upperdesign.com/browse.html/package/39 -Original Message- From: Pepe Lopez [mailto:[EMAIL PROTECTED]] Subject: [PHP] PHP PGP Hi there, I want to encrypt mails coming from my webform with pgp. Is it possible? regards, Lopez -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP PGP
Pepe Lopez [EMAIL PROTECTED] wrote: Hi there, I want to encrypt mails coming from my webform with pgp. Is it possible? this hack might help you http://alt-php-faq.org/#id65 -- Henrik Hansen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]