[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Using Perl to call GPG on a Raq (Was: Re SSL ?)
- Subject: [cobalt-users] Using Perl to call GPG on a Raq (Was: Re SSL ?)
- From: "Michelle A. Hoyle" <mahlist@xxxxxxxxxxxxx>
- Date: Mon Apr 21 02:13:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Date: Sat, 19 Apr 2003 07:58:13 -0700
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
<SNIP>
Theoretically, I can tell you: you use gpg or pgp. In practice... it's
something I've been trying to make work for quite a while <frown>. Any
experts out there?
<SNIP>
> Can perl encrypt it with out much trouble?
A perl script can call gpg or pgp. Easily? I'd say so, but I'm still
having trouble figuring it out <frown>.
Any helpers?
Jeff
I set up a web-based ordering system a few years ago on my RaQ4 that
allows people to order pizza from a web page, then their order, with
any credit card information, is encrypted in memory using gpg, and
stored as a file. Finally, the file is copied via scp to the pizza
store, where it's decrypted and printed. This is all done in Perl.
From my Perl prefs file for an online ordering system
#location of gpg keys
$ENV{'GNUPGHOME'} = '/home/sites/www.yourdomain.com/users/youruser/.gnupg';
$gpg = "/usr/local/bin/gpg --always-trust -ear" ; #location of gpg and options
$gpguser = "gpguserkeytouse"; #gpg public encryption key to use
From the ordering system, which produces what looks like an e-mail
but stores it in an encrypted file on the file system.
#Encrypt info using gpg and store in a file
sub ToSecureFile {
my ($cleartext) = @_;
my ($encryptedtext);
$encryptedtext = `echo -n \"$cleartext\" | $gpg $gpguser`;
open(FILENAME, ">$cartdir$ordernum.ord.sec");
print FILENAME "From: The Online Ordering System <orders\@yourdomain.com>\n",
"To: gpguserkeytouse\@yourdomain.com\n",
"Subject: Web order $ordernum for ", param('deliverymethod'),
"\n\n";
print FILENAME "$encryptedtext \n";
close (FILENAME);
}
Installing GPG/configuring:
I just checked my version notes and I don't have any special notes
about installation, so the installer I used must have been compiled
OK by default or obviously so. I do have a hazy recollection that it
needs to be compiled so that it runs in memory. I do have a note
saying that I had to set suid root for the gpg binary which is in
/usr/local/bin/gpg
The last version I have installed is gnupg-1.0.6 and I installed that
in November of last year.
In order to make the Perl stuff work, the script owner (the youruser)
has the .gnugpg directory with the public encryption key you want to
use to encrypt the file in it. The gpg options I'm using in the $gpg
string above don't validate the keys and the keys are fully trusted.
It also produces an ASCII version of the encrypted file, suitable for
sending by non-MIME mail.
Additional Notes:
My "cleartext" already has all shell characters escaped or removed.
This is a very important step!
For optimum security, the "cleartext" is never stored on disk. It's
all handled in memory, which is why I'm using echo and a backtick to
send it off to be processed by the system.
Michelle
cc: Jeff Lasman off list