basic error? PHP and GPG

Enzo Michelangeli Enzo Michelangeli" <em@em.no-ip.com
Tue Dec 17 13:07:01 2002 

I don't think it's a good idea to keep a secret keyring on a shared serve=
r:
running a sniffer on the same LAN segment one can read your passphrase, a=
nd
then decrypt the secret key. The only exception would be if gpg could mak=
e
use of tamperproof keystores, such as some types of smartcards: but this =
is
not yet available.

Enzo

----- Original Message -----
From: "Ken McCormack" <design@palmer21.com>
To: <gnupg-devel@gnupg.org>
Cc: "Noel D. Torres Ta=F1o" <ndtt@ll.iac.es>
Sent: Tuesday, December 17, 2002 7:38 PM
Subject: Re: basic error? PHP and GPG


> Thanks Noel, will try that. I was aware of the difference, but not what=
 to
> do about it.
>
> On the recent post regarding the secring.pgp:file open error - ( I have=
n't
> seen the full thread, sorry... please forgive me if I'm 'barking up the
> wrong tree' with this),  this error looks quite similar to the one I wa=
s
> getting.
>
> Just to give a basic explanation about what happened (in case any other
poor
> designers are having the same trouble), I was getting an error because =
I
had
> imported keys as the wrong user -- I was importing key files into my si=
te
> login username or as root, rather than the web server user 'apache' or
> 'httpd'.  The keys weren't found because they had been installed for
another
> user.
>
> Its pretty obvious when you think about it, as neither root nor the sit=
e
> user actually call the gpg script. But it fooled me for a few days.   W=
hen
> using PHP for example, this is done on behalf of the web server user...=
 so
> the keys need to be added from apache or httpd or 'nobody'... what I di=
d
was
> log in as root and su to apache.
>
> I also found that 'apache' also needed to have full write permissions o=
n
the
> /home/apache/.gnupg/ directory, so it could create the keyring etc.
>
> I recently tried to set this up on a shared hosting account for a desig=
n
> client, my host charged me $75 to set up the keyrings, apparently it wa=
s
the
> first time they had this requested...!
>
> Perhaps a good subject for a FAQ for the site would be 'setting up GPG =
on
a
> shared server'?
>
> Best regards
>
> Ken
>
>
> ----- Original Message -----
> From: "Noel D. Torres Ta=F1o" <ndtt@ll.iac.es>
> To: <gnupg-devel@gnupg.org>
> Cc: "Ken McCormack" <design@palmer21.com>
> Sent: Tuesday, December 17, 2002 10:04 PM
> Subject: Re: basic error? PHP and GPG
>
>
> > > Ken McCormack wrote:
> > >
> > > Hi All...
> > >
> > > I've just recently got into GPG for the first time, its a wonderful
> > > tool, but there are so many mysteries!
> > > Having finally sussed that for use with PHP I need to set keyrings
> > > from the web user - apache - rather than root or my own account, I =
am
> > > now up and running....
> > >
> > > Only one small problem, after encrypting an e-mail which
> > > contains standard carriage returns ( \n or (for html) <br>), the
> > > output in Outlook Express comes out as having black squares where t=
he
> > > line feeds should be....
> > >
> > > Does anyone have any ideas as to why this is, and if there are any
> > > ways to counteract this?
> > > I'm using PGP 7.0.3 on my PC... using 1024 bit DSA cipher...
> > >
> > > Regards
> > >
> > > Ken
> > >
> > Keep in mind the diference between the UNIX way of line brakes and th=
e
> > DOS way. For DOS, you need the pair CR LF. Try using -text in your gp=
g.
> >
> > Noel
> >
> > _______________________________________________
> > Gnupg-devel mailing list
> > Gnupg-devel@gnupg.org
> > http://lists.gnupg.org/mailman/listinfo/gnupg-devel
> >
>
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel