gpg: processing message failed: eof
Matthew Nuzum
newz@cyberdude.com
Wed Jun 6 04:52:01 2001
Well, so far so good.
The server is deemed insecure, which is why I=92m pursuing public key
encryption.
I=92m successfully encrypting messages in an automated fashion on the ser=
ver.
Server is a Linux 2.2.14 on i386. Once messages are encrypted, they are
emailed to a mailbox on the same server, which is also deemed insecure.
Messages are downloaded to a workstation running Windows 95 via a PERL ba=
sed
MUA. The message body is stripped and saved to a textfile using the
following command:
$return =3D system("C:\\gnupg\\gpg.exe --no-tty -o $txtfile -d $ascfile")=
;
Where $txtfile is where the output goes and $ascfile is the file containg
the encrypted data.
The data is not decrypted and the message displayed on the screen is:
gpg: no valid OpenPGP data found.
gpg: decrypt_message failed: eof
If I use Outlook as my MUA and then copy the encrypted data to the clipbo=
ard
to be decrypted by =93Windoze Privacy Tray=94 (WPT) the message is decryp=
ted
accurately. If I open the text file created from the above perl command, =
the
data cannot be decrypted by WPT.
By searching the Internet, I found the recommendation to sign the encrypt=
ed
file. Now, keep in mind that I cannot guarantee the integrity of the
private key stored on the server, and therefore felt it was useless to si=
gn
anything. I went ahead and signed the message during the encryption
process. Here is the perl code I used:
use Crypt::GPG;
$gpg =3D new Crypt::GPG;
$gpg->gpgbin('/usr/local/bin/gpg');
$gpg->gpgopts('--lock-multiple --no-secmem-warning --quiet --homedir
~admin/.gnupg');
$gpg->secretkey('0x2AC7B6EB');
$encrypted =3D $gpg->encrypt ($text, 'matt@domain.com', -text, -sign);
The problem persists.
I=92m sure this is something pretty simple. In my mind I envision it bei=
ng
something to do with different return chars between Unix and Windows. I
tried compensating for this but I can=92t tell if I=92ve done it right or=
not
and I didn=92t get any change.
Please let me know what you think. If you are curios, this application
encrypts sensitive information from a web form and emails it. Despite my
previous statements, the server is reasonably secure (or as secure as you
can be with the power turned on). We use SSL, SSH and APOP for all
connections and only one person has shell access. Nonetheless, we assume
that if a computer is on the Net, it is insecure. The data it collects i=
s
stored on a computer that IS secure. (ie no network connection)
I appreciate any advice. TIA,
Matt Nuzum
P.S. Has anyone considering getting ht://DIG <www.htdig.org> for the mail=
ing
list archives? Could be useful.