gpg logo, static URLs, demo keypair
lynch at cognitivearts.com
Thu Feb 4 01:19:36 CET 1999
Is there a gnupg logo?
Are there static URLs for quickie downloads of the latest releases on both
Unix and Windoze? <HOPEFULLY> Will there be once 1.0 is released?
Is there a canonical "Demo" public/private keypair that I should use to
demo gpg where the private key is not private at all and has the passphrase
in plaintext somehow...? Yet obviously labeled as "Demo" private key?...
I want to build some pages to demo gpg where the user types in a message,
encrypts it and then either:
has the server decrypt it (not much of a demo, since we could be "cheating")
downloads gpg and the server's keyring to decrypt the message on their own box
It's just a silly kick-the-tires sort of thing that I think would appeal to
the uninitiated/ignoramuses such as myself. :-)
Apologies if I'm asking stuff that's in the docs or an e-mail archive, but
I couldn't find the answers to this. I did find the kinder, gentler URL of
www.gnupg.org on my own though :-)
I want to have a gpg logo on my explanation page of the security
methodology employed by my site, and then the kick-the-tires demo of it:
For those who have forgotten my "scheme":
1. Use a Virtual Server to process an order with an suExec'ed cgi.
[I'm using PHP, but it doesn't matter much.]
2. Have the cgi shell-execute gpg with the order info to self-encrypt the
order, including credit info.
3. E-Mail the resulting encrypted (ascii armored) message to a human.
4. The human runs gpg on a non-networked machine with the decrypting key in
his keyring that matches the encrypting key on the server and then
processes the plain-text invoice through existing store-front credit card
[I hope that sentence makes sense...]
Most ISPs these days include a Virtual Server in their hosting package
price: They suck you dry with expecting you to pay them to design the
pages, interface with CyberCa$h, setup fees on the credit card processing,
and then automagically run your orders through their credit card processor
for a rather large percentage of the sales. [EG 10% of sales, of which at
most 4% goes to Visa/MC, so they get 6% for doing very, very little work.]
But with this scheme, one only needs to find a Secure Server at a
reasonable rate, and have an existing store-front credit charge terminal.
I believe a great many businesses would fit this description.
My ToDo list for this project now includes:
Download/Install/Test latest gpg.
Write security.htm to:
A Make inexperienced users feel good about how secure this is.
B Inform experienced users about how it works and how cool gpg is.
Generate new keys, with the decrypting key not even *on* the server.
Last time I tried this (0.4.2?), it was required that I have a full keypair
for the sender of the message, which I shouldn't really need, and I got
real frustrated, so I just have 1 test pair with both encrypt/decrypt keys
on both server and non-networked machine. I want to completely eliminate
the decryption key from the server keyring, if I can. If that requires a
bogus, totally unused keypair for the sender to be able to send a message
encrypted with the recipient's public key, so be it. But why do I need
that bogus keypair...?
Write example pages to show off gpg and how easy and cool this idea is,
without breaking my arm patting myself on the back. :-)
When completed, the kick-the-tires demo will be announced here and will
have links to source code, so you needn't, please :-) ask me in the
meantime to send it to you. Only the "real" code exists so far, and that's
got a whole mess of crap in it that you don't want to wade through. [A
large order form.]
Note that there won't be a whole lot of code, really. I imagine most of
you could manage to write a cgi that executes gpg and snags the results
into an e-mail far faster than I was able to do so. :-) Oh well.
*MUCH* thanks to everybody for their help with this project, and apologies
that my day job ground it to a halt for so damn long.
Wow, how did this post get so long? :-?
-- "TANSTAAFL" Rich lynch at cognitivearts.com webmaster@ and www. all of:
R&B/jazz/blues/rock - jademaze.com music industry org - chatmusic.com
acoustic/funk/world-beat - astrakelly.com sculptures - olivierledoux.com
my own nascent company - l-i-e.com cool coffeehouse - uncommonground.com
More information about the Gnupg-devel