Tuesday, March 19, 2002, 2:51:33 PM, Alexander wrote:
AS> Well, use GnuPG. Then you can use "PGP". And what you stated above is
Just some advice if you go with GPG and you don't have root/chown
access.
Since you'll create your keyring under your user, you'll likely have
to run PHP as a CGI so that it has access to your keyrings and can use
a temp file. You might get around this by making your keyrings
group-readable (for the PHP-user), but obviously w/ that *any* PHP
user on your server could potentially access your private key. Then
again, if you only need to /send/ encrypted messages and you don't
include the server's key in the recipient list, it's no big deal
because the worst they could do is send messages to people signed as
your server. They couldn't get the data.
In windows I found the easiest way to decode GPG-ed email from the server was
to install PGP6.5, the Bat! email client and generate a key w/o using
the IDEA algorithm. Import this pub key into GPG on the server. There
are GPG tools for windows but I found Win mail clients still don't
support GPG anywhere near as much as PGP. The Bat! can use GPG to
decrypt fine, but you have to enter your username and passphrase for
EVERY message. The Bat!s PGP plugin allows uid/passphrase cacheing for
a specified period of time, which was enough for me to switch.
A snippet of the code I'm using to encrypt:
//this already has the plaintext message
$plainfile = "/home/me/.gnupg/temp/".$this->hash.'plain';
//this will be created having the encrypted version
$gpgedfile = "/home/me/.gnupg/temp/".$this->hash.'gpg';
//shell command to call gpg
$command = "gpg -e -q --no-secmem-warning ";
//encrypt for my array of recipients
foreach ($this->recipients as $recipient) {
$command .= "-r '$recipient' ";
}
//target will be ascii-armored and stderr sent to stdout
$command .= "-ao '$gpgedfile' '$plainfile' 2>&1";
//environment variable for GPG
putenv("GNUPGHOME=/home/me/.gnupg");
//execute command
$this->error = exec($command);
//check error / read in $gpgedfile, unlink the files..
Hope this helps..
Steve
-- [EMAIL PROTECTED] ** http://mrclay.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
