Re[2]: [cobalt-users] SSL ?

[Jason Gottschalk <Jason@xxxxxxx>]

Hello Jeff,
Sounds good. I'll look in to it.  My E-Mail program of choice is great
when it come to pgp.

Saturday, April 19, 2003, 10:58:13 AM, you wrote:
JL> Jason Gottschalk wrote:

>> Hello Jeff,

JL> Hello, Jason... I'm replying to you directly as well as to the list, so
JL> you'll get to read this before the list comes back up again on Monday,
JL> since it's shutdown for the weekend.

>> I have telnet turned off.  But in the interest of security, I suppose
>> it should still be encrypted.

JL> Definitely.  Do you have ssh?  Do you give anyone at all ssh access to
JL> the box?  Anyone with ssh access could read the file, even if it's in a
JL> password protected directory.

>> How might I go about doing that?  I have a simple cgi that reads the
>> form and writes it to disk.  Then I have a password protected html
>> file that does a ssi to read in the data file.

JL> Theoretically, I can tell you: you use gpg or pgp.  In practice... it's
JL> something I've been trying to make work for quite a while <frown>.  Any
JL> experts out there?

>> So I guess my cgi needs to encrypt it, then I'll need another cgi to
>> read it rather than just bringing it in through ssi.

JL> The way I want to do it is quite simple:

JL> Read the form and encrypt the data, and send an encrypted email, in real
JL> time, as the form is sent (using https) to the server.

JL> Then when you or your client gets the email, decrypt it locally again
JL> with either gpg or pgp, and read it.

JL> Never store it on the system at all, not even encrypted.

JL> That's the safest way.

>> Can perl encrypt it with out much trouble?

JL> A perl script can call gpg or pgp.  Easily?  I'd say so, but I'm still
JL> having trouble figuring it out <frown>.

JL> Any helpers?

JL> Jeff


-- 
Best regards,
 Jason Gottschalk                         mailto:Jason@xxxxxxx
 SYO Computer Engineering Services, Inc.
 586-286-2557