Scripting and CGI use of GPG

[Alan Ferrency]

> > OK, I've been tearing my hair out over a simple implementation of a Perl
> > CGI which uses GPG.  I've got this test CGI:
> > 
> > If I run it on the command line (as the user which the web server runs
> > under), I get the expected out (i.e., the environment followed by my
> > encrypted 'blah'). 
> > 
> > If I run it as a CGI through Apache, I only get the environment and not
> > any encrypted message!  For some reason, GPG doesn't run when it is in a
> > CGI for me. :'( I've made sure that my key is available for the user which
> > the web server is running as, and have done everything else I can think
> > of. 
> 
> What if you redirect stderr to stdout?
> 
> How does gpg find your keyring? Did you do a 'export HOME=/home/myname' ?

The most common problems I have when doing this stuff are, making sure
the user that Apache is running as (usually "nobody" or "www") has all
the right permissions to do what it needs (read keyrings, etc), and
making sure gpg knows where the keyrings live.  You also need to make
sure that all the keys you're using are trusted, or it'll spit out a
prompt asking you "are you sure" or something.

The user Apache runs as (I'll use "nobody" as an example) shouldn't
have a shell or home directory.  To test permissions as user nobody,
you can be root and "su -m nobody" before running the script in the
shell.  This leaves the environment and shell the same as they were
when you were root, so it doesn't test things exactly as if you were
running in Apache, but it will tell you if permissions are correct or
not.

Alan