Scripting and CGI use of GPG
phil@Stimpy.netroedge.com
phil@Stimpy.netroedge.com
Tue, 31 Aug 1999 12:02:21 -0700 (PDT)
OK, thanks to all the great suggestions and polite advice! I managed to
get it partially working, but it wasn't very easy. In the end, I used the
CPAN module for GPG mentioned by Frank (actually, it looks like he wrote
it! :'), but it had the same problems that I had in my own code. It worked
eventually, but I did have to modify the environment first:
$ENV{"GNUPGHOME"}="/home/nobody/.gnupg";
As Alan suggested, the user which Apache was running under was indeed
'nobody' (as I expected). I made a 'home directory' for this user to keep
things like GPG keys. But, GPG still wasn't finding them. Using the
"--homedir" parameter from within the script didn't work for some strange
reason (it worked from the command line...)! I also noticed that it
wasn't mentioned on a 'gpg -h', so I thought it might have been
depricated or something?!
In any event, using the environment setting above (and making sure
permissions were OK) fixed things. But, I can not have the CGI
encrypt+sign successfully. It automatically 'pops' back to interactive
mode prompting for the password for the secret key eventhough I supplied
it as CPAN specifies. I know having the password in a script isn't very
secure, but it seems better than having the secret key w/o any password
protection.
Thanks again for the help, and hopefully I can get encrypt+sign working
after some more fudging.
Phil
------------------------------------------------------------
Philip Edelbrock -- IS Manager -- Edge Design, Corvallis, OR
phil@netroedge.com -- http://www.netroedge.com/~phil
PGP F16: 01 D2 FD 01 B5 46 F4 F0 3A 8B 9D 7E 14 7F FB 7A