gpg im CGI Script
Billy Donahue
billy@dadadada.net
Wed, 5 Jul 2000 12:21:21 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 5 Jul 2000, Dr. Bodo Zimmermann wrote:
> In a CGI-Script (named gpg.pl, e.g.) I have called:
>
> system "gpg -se -r dozi /tmp/TEST";
>
> After https://dozi2/cgi-bin/gpg.pl
>
> I got in error_log des httpd:
>
> gpg: Warning: using insecure memory!
> gpg: fatal: ~/.gnupg: canīt create directory: no such file or directory
> secmem usage: 0/0 bytes in 0/0 blocks of pool 0/16384
First of all, "chmod +s /usr/local/bin/gnupg"..
Then it will use secure memory.
Can't find or create ~/.gnupg because what's '~' ($HOME)?
What user is this CGI running as? Give that user a home with a ~/.gnupg
directory or something... Where were you planning on storing the keys
if not there? What about a passphrase?
> What should I do in order to get /tmp/TEST.gpg
> which I got when running the CGI script directly from command line?
Well, you were running as yourself on the command line... and you HAVE
a ~/.gnupg directory.
> P.S. My idea is, to make an "upload" of plain text via an SSL secured browser
> an encrypt the uploaded file /tmp/TEST immediately after the upload, then
> deleting the plain file /tmp/TEST
>
> I know there is a securty hole, but as long as WIN-gnupg doesn`t work ......
Geez.. that's about as bad a hole as they come...
Look at the permissions on the /tmp directory...
At least make a dedicated, restricted directory for this TEST file.
Better yet, don't write it to disk at all... GnuPG is perfectly
happy taking a pipe from stdin. Keep the file contents in RAM
and print it to GnuPG's standard input.
- --
"The Funk, the whole Funk, and nothing but the Funk."
Billy Donahue <mailto:billy@dadadada.net>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: Made with pgp4pine 1.75
iD8DBQE5Y2CD+2VvpwIZdF0RAkrOAKCNARyv1cTv/h/w2ps2by3FTpgqpQCfSS3g
12tEdEpxrg5lNYAqpUdb5M4=
=JOed
-----END PGP SIGNATURE-----