gpg im CGI Script

Billy Donahue billy@dadadada.net
Wed, 5 Jul 2000 12:21:21 -0400 (EDT)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 5 Jul 2000, Dr. Bodo Zimmermann wrote:


> In a CGI-Script (named gpg.pl, e.g.) I have called:
>
> system "gpg -se -r dozi /tmp/TEST";
>
> After https://dozi2/cgi-bin/gpg.pl
>
> I got in error_log des httpd:
>
> gpg: Warning: using insecure memory!
> gpg: fatal: ~/.gnupg: canīt create directory: no such file or directory
> secmem usage: 0/0 bytes in 0/0 blocks of pool 0/16384
First of all, "chmod +s /usr/local/bin/gnupg".. Then it will use secure memory. Can't find or create ~/.gnupg because what's '~' ($HOME)? What user is this CGI running as? Give that user a home with a ~/.gnupg directory or something... Where were you planning on storing the keys if not there? What about a passphrase?
> What should I do in order to get /tmp/TEST.gpg
> which I got when running the CGI script directly from command line?
Well, you were running as yourself on the command line... and you HAVE a ~/.gnupg directory.
> P.S. My idea is, to make an "upload" of plain text via an SSL secured browser
> an encrypt the uploaded file /tmp/TEST immediately after the upload, then
> deleting the plain file /tmp/TEST
>
> I know there is a securty hole, but as long as WIN-gnupg doesn`t work ......
Geez.. that's about as bad a hole as they come... Look at the permissions on the /tmp directory... At least make a dedicated, restricted directory for this TEST file. Better yet, don't write it to disk at all... GnuPG is perfectly happy taking a pipe from stdin. Keep the file contents in RAM and print it to GnuPG's standard input. - -- "The Funk, the whole Funk, and nothing but the Funk." Billy Donahue <mailto:billy@dadadada.net> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: Made with pgp4pine 1.75 iD8DBQE5Y2CD+2VvpwIZdF0RAkrOAKCNARyv1cTv/h/w2ps2by3FTpgqpQCfSS3g 12tEdEpxrg5lNYAqpUdb5M4= =JOed -----END PGP SIGNATURE-----