GPG WebMail

Bryan Batchelder
Mon, 4 Oct 1999 10:20:19 -0400

Hello Everyone--

	I have written a web based mail application that uses PHP3.  I would like
to be able to include encryption functionality into the system such that it
does the following:

	1.  Public and Private keys are held in a database for the user.
	2.  If the user sends mail to a user that he has a public key for, it
encrypts the mail.
	3.  The mail app will be able to import keys from email attachment.
	4.  A Key manager to deal with import/export/revoke, etc.
	5.  Private/Public key creation

I think I can do this, and it will be quite cool.  There are only a couple
problems I cannot figure out:

	1.  How can I reliably generate key pairs without the randomness
requirements.  As it stands now, if I just have the machine create the keys
it fails out saying there isn't enough randomness in the system -- and it
takes forever.  (more so than creating keys with PGP).

	2.  Is the best way to do the encryption and decryption to set up a temp
directory on the fly and generate the keyring from the information in the
database and then run GPG?  Can I forgo the keyrings and just supply the
keys at the command line?

Or should I just wait until someone writes a GPG PHP3 module?

Thanks for any input.