GPG & Perl

Adam Knowles adam@apocalypsecow.net
Thu Mar 1 17:04:01 2001


Newbiemail here.  I'm trying to swap from PGP to GPG for sending out e-mail
from a Perl script running on a website.  This is probably more of a Perl
question than a GPG question, but if anyone can help I'd be eternally
grateful!! Otherwise I may have to install PGP :-( and continue using it,
which is less legal.

Bear with me on this.. I'm 99% there, and I'm sure the problem may be
resolved easily.

Am I right in thinking that Perl executes CGI scripts as the user who owns
the script?

If so, my problem may be that the user who own the script does not have a
.gnupg directory or keyring on the system.  I've set GNUPGHOME to
/etc/httpd/.gnupg which is the location of the keyring for the HTTPD user.
Thing is, it is not this user that executes the script, it is bbadmin who
owns it.  Two problems:

1) The HTTPD user does not have the rights to execute CGI scripts

2) The user who *does* own the script, bbadmin, cannot have a .gnupg/keyring
directory of his own because he does not have shell access.  - I mean I can
make the directory for him, but how do I then get a keyring in there.  Can I
just copy the HTTPD one?

Is there any solution to this?


Extra info supplied below.
----------------------------------------------------------------------

The PGP mail was created by this in my Perl script. This worked fine:

<------------------- snip --------------------->

# Set path to SendMail
$mailprog = '/usr/sbin/sendmail';

# Set path to PGP encrypt program
$pgppath = '/usr/bin/pgpe';

# Set path to PGP keyring
$ENV{PGPPATH}='/www/mysite/.pgp';

# Set what key to use when encrypting
$PGPUserID = '0xE899DEFA';

# Set who to send the e-mail to
$recipient = 'sales@mysite.co.uk';

open (MAIL, "|$mailprog $recipient") or die "Can't open SendMail.  Fatal
error.\n";
 print MAIL "From: mysite \<mysite\>\n"
 . "To: mysite processing \<$recipient\>\n"
 . "Subject: mysite order enclosed\n\n";

# Open PGP
$pgptmp = 'pgptmp' . getppid() . '.asc';

if (open(PGP, "|$pgppath -r $PGPUserID -a > $pgptmp") == 0) # Returns 0 if
went wrong
{
  die("Cannot open $pgppath!\n");
}

print PGP "This message should be encrypted and e-mailed out!";

close(PGP);

# Now forward PGP's output to SendMail
open(PGPFILE, $pgptmp) or die "Can't open $pgptmp. Fatal error";
while (<PGPFILE>)
{
 print MAIL;
}
close(PGPFILE);
unlink("$pgptmp");

close(MAIL);

<------------------- /snip --------------------->

So I tried to change it to GPG with this:

<------------------- snip2 --------------------->

# Set path to SendMail
$mailprog = '/usr/sbin/sendmail';

# Set path to GPG encrypt program
$pgppath = '/usr/local/bin/gpg';

# Set path to PGP keyring
$ENV{GNUPGPATH}='/etc/httpd/.gnupg';

# Set what key to use when encrypting
$PGPUserID = '0xE899DEFA';

# Set who to send the e-mail to
$recipient = 'sales@mysite.co.uk';

# Open SendMail
open (MAIL, "|$mailprog $recipient") or die "Can't open SendMail.  Fatal
error.\n";
print MAIL "From: mysite \<mysite\>\n"
	. "To: mysite processing \<$recipient\>\n"
	. "Subject: mysite order enclosed\n\n";

# Open PGP
$pgptmp = 'pgptmp' . getppid() . '.asc';

if (open(PGP, "|$pgppath --output $pgptmp --recipient
$PGPUserID --armor --encrypt") == 0)
{
	die("Cannot open $pgppath!\n");
}

print PGP "This message should be encrypted and e-mailed out!";

close(PGP);

# Now forward PGP's output to SendMail
open(PGPFILE, $pgptmp) or die "Can't open $pgptmp. Fatal error";
while (<PGPFILE>)
{
	print MAIL;
}
close(PGPFILE);
unlink("$pgptmp");

close(MAIL);

<------------------- snip2 --------------------->


I made up the paramters to pass to GPG by trial & error and found that the
following works running from the shell, when logged in as httpd which is
what the webserver runs as (but possibly not the script?):

echo 'Hello world' | /usr/local/bin/gpg --output
/home/moo/mytmp22.asc --recipient 0xE899DEFA --armor --encrypt

Any help gratefully received.


==============================
Adam Knowles
e-mail: adam@acdinternet.com
==============================