A couple of newbie ?s

David Jourard cgi@bytesinteractive.com
Fri Mar 2 21:20:10 2001


Hi,

I'd like to use pgp to encrypt a form on a web site for a shopping cart. 
This means I need a commercial license for the pgp on the server. I phoned 
network solutions and the cost was astronomical for the kind of web site 
that needs it.  I then came to pgpi.com and discovered that it is possible 
to use gpg.

Here are few questions which I couldn't find in the documentation.

a. Is it possible to use a public key created by pgp version 6.x 
(commercial or free version) using Diffie Hellman or RSA.  eg. Add this key 
to the gpg keyring.  Use it to encrypt an e-mail generated for a web-form 
then have the owner of the public key use their pgp software (commercial or 
free) decrypt the e-mail received.

(I experimented with the Diffie Hellman using pgp on one machine (Windows 
98) and then using gpg on another (Windows NT) and it worked but I thought 
it uses now RSA or ELG - (taken from the gpg --help).


b. Is it possible to take a pgp (commercial or free version) public key 
ring and rename it as a gpg public keyring. Then use it simply to lookup 
the public keys for encrypting again data from a web site form sent as an 
e-mail to the owner of the public key.

I ask these questions because I'd like to have the gpg unix version 
installed for the web site but I'd like the customers to be able to use pgp 
6.x (commercial or free) or gpg to create their public/private keys and 
decrypt their e-mails encrypted with gpg.

BTW I find this encryption stuff fascinating.

Thanks in advance
David