Mon, 4 Oct 1999 10:20:19 -0400
I have written a web based mail application that uses PHP3. I would like
to be able to include encryption functionality into the system such that it
does the following:
1. Public and Private keys are held in a database for the user.
2. If the user sends mail to a user that he has a public key for, it
encrypts the mail.
3. The mail app will be able to import keys from email attachment.
4. A Key manager to deal with import/export/revoke, etc.
5. Private/Public key creation
I think I can do this, and it will be quite cool. There are only a couple
problems I cannot figure out:
1. How can I reliably generate key pairs without the randomness
requirements. As it stands now, if I just have the machine create the keys
it fails out saying there isn't enough randomness in the system -- and it
takes forever. (more so than creating keys with PGP).
2. Is the best way to do the encryption and decryption to set up a temp
directory on the fly and generate the keyring from the information in the
database and then run GPG? Can I forgo the keyrings and just supply the
keys at the command line?
Or should I just wait until someone writes a GPG PHP3 module?
Thanks for any input.