Encrypting Web Forms

Matthias Urlichs smurf@noris.de
Tue, 20 Jul 1999 14:24:13 +0200


Michael Roth:

> to use GnuPG to encrypt in a pipeline called from a webserver, CGI, or
> something else use:
> gpg --no-default-keyring --keyring /somewhere/keyring.gpg \
> --always-trust --encrypt --recipient bla@foobar.org
> However, it isn't a good idea to sign the message because you must store
> the secret key on a public maschine and/or store the passphrase somewhere
> in the script. This is highly insecure.
You can store the passphrase in a script which prompts for the secret at system startup. That's somewhat less insecure. You can store the secret in a program which marks itself as nonswappable. Even less insecure, though anybody with root could still attach a debugger to it and watch as it passes the secret to gnupg. :-( On a production system, you could recompile the kernel and disable ptrace()... of course you'd also have to remove /dev/[k]mem, disable kernel module loading, disable mknod(), ... ugh. -- Matthias Urlichs | noris network GmbH | smurf@noris.de | ICQ: 20193661 The quote was selected randomly. Really. | http://www.noris.de/~smurf/ -- "Memory serves wise commanders." -- Tz'u-hsi, 638 AD