basic error? PHP and GPG

Ken McCormack design at palmer21.com
Tue Dec 17 13:57:02 CET 2002


Hi Enzo,

You're right, storing a secret key anywhere near a server is a bad idea...
just to note that I dont keep a secret key on the server at all - I'm fully
aware that once its on there anyone (including all the staff at the hosting
company) have free access to it!

My understanding is fairly basic, that in general you don't need install a
secret key unless the server is itself receiving encrypted e-mails... this
is unlikely... and certainly not a requirement in my application, as the
secure route to the server is via the browser and SSL.

BUT it could happen, for example, if the server was needed to decrypt an
e-mail sent to it, and then convey this onward to several different
recipients, encrypting for each with their own public key...

I thought this was an interesting circumstance, and of course impossible to
do securely if the secret key is stored on the server, which it must.  One
idea I had was that it could be possible to get round this by encrypting the
data twice, using two different secret keys, only one of which would be
stored on the server.

If the encryption is 'transparent' mathematically, it should work:

1. The final recipients have their own secret key plus an additional 'group'
secret key.

2. The initial sender uses the group public key to encrypt the message [->
stage1].

3. The sender then further 'double encrypts' the message using the public
key of the server.

4. The message is sent to the server

5. On receipt, the server decrypts using its own secret key (which may be
compromised), revealing the encrypted message [as at stage1].

6. This is then re-encrypted with the recipients' own public keys

7. This is sent on to each recipient.

8. On receipt the recipient first decrypts with their own secret key [as at
stage 1]

9.  The recipient then decrypts with the group secret key.


Do I have that right? (All these keys are confusing) Would that work?  Can
we encrypt twice and then go in reverse?

Ken

----- Original Message -----
From: "Enzo Michelangeli" <em at who.net>
To: "Ken McCormack" <design at palmer21.com>; <gnupg-devel at gnupg.org>
Sent: Tuesday, December 17, 2002 11:07 PM
Subject: Re: basic error? PHP and GPG


> I don't think it's a good idea to keep a secret keyring on a shared
server:
> running a sniffer on the same LAN segment one can read your passphrase,
and
> then decrypt the secret key. The only exception would be if gpg could make
> use of tamperproof keystores, such as some types of smartcards: but this
is
> not yet available.
>
> Enzo
>
> ----- Original Message -----
> From: "Ken McCormack" <design at palmer21.com>
> To: <gnupg-devel at gnupg.org>
> Cc: "Noel D. Torres Taño" <ndtt at ll.iac.es>
> Sent: Tuesday, December 17, 2002 7:38 PM
> Subject: Re: basic error? PHP and GPG
>
>
> > Thanks Noel, will try that. I was aware of the difference, but not what
to
> > do about it.
> >
> > On the recent post regarding the secring.pgp:file open error - ( I
haven't
> > seen the full thread, sorry... please forgive me if I'm 'barking up the
> > wrong tree' with this),  this error looks quite similar to the one I was
> > getting.
> >
> > Just to give a basic explanation about what happened (in case any other
> poor
> > designers are having the same trouble), I was getting an error because I
> had
> > imported keys as the wrong user -- I was importing key files into my
site
> > login username or as root, rather than the web server user 'apache' or
> > 'httpd'.  The keys weren't found because they had been installed for
> another
> > user.
> >
> > Its pretty obvious when you think about it, as neither root nor the site
> > user actually call the gpg script. But it fooled me for a few days.
When
> > using PHP for example, this is done on behalf of the web server user...
so
> > the keys need to be added from apache or httpd or 'nobody'... what I did
> was
> > log in as root and su to apache.
> >
> > I also found that 'apache' also needed to have full write permissions on
> the
> > /home/apache/.gnupg/ directory, so it could create the keyring etc.
> >
> > I recently tried to set this up on a shared hosting account for a design
> > client, my host charged me $75 to set up the keyrings, apparently it was
> the
> > first time they had this requested...!
> >
> > Perhaps a good subject for a FAQ for the site would be 'setting up GPG
on
> a
> > shared server'?
> >
> > Best regards
> >
> > Ken
> >
> >
> > ----- Original Message -----
> > From: "Noel D. Torres Taño" <ndtt at ll.iac.es>
> > To: <gnupg-devel at gnupg.org>
> > Cc: "Ken McCormack" <design at palmer21.com>
> > Sent: Tuesday, December 17, 2002 10:04 PM
> > Subject: Re: basic error? PHP and GPG
> >
> >
> > > > Ken McCormack wrote:
> > > >
> > > > Hi All...
> > > >
> > > > I've just recently got into GPG for the first time, its a wonderful
> > > > tool, but there are so many mysteries!
> > > > Having finally sussed that for use with PHP I need to set keyrings
> > > > from the web user - apache - rather than root or my own account, I
am
> > > > now up and running....
> > > >
> > > > Only one small problem, after encrypting an e-mail which
> > > > contains standard carriage returns ( \n or (for html) <br>), the
> > > > output in Outlook Express comes out as having black squares where
the
> > > > line feeds should be....
> > > >
> > > > Does anyone have any ideas as to why this is, and if there are any
> > > > ways to counteract this?
> > > > I'm using PGP 7.0.3 on my PC... using 1024 bit DSA cipher...
> > > >
> > > > Regards
> > > >
> > > > Ken
> > > >
> > > Keep in mind the diference between the UNIX way of line brakes and the
> > > DOS way. For DOS, you need the pair CR LF. Try using -text in your
gpg.
> > >
> > > Noel
> > >
> > > _______________________________________________
> > > Gnupg-devel mailing list
> > > Gnupg-devel at gnupg.org
> > > http://lists.gnupg.org/mailman/listinfo/gnupg-devel
> > >
> >
> >
> > _______________________________________________
> > Gnupg-devel mailing list
> > Gnupg-devel at gnupg.org
> > http://lists.gnupg.org/mailman/listinfo/gnupg-devel
>





More information about the Gnupg-devel mailing list