GPG Formmail
Leigh S. Jones
kr6x@kr6x.com
Wed Jul 3 07:46:02 2002
This is a multi-part message in MIME format.
------=_NextPart_000_06E2_01C2221A.5E686830
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Here I assume that you will be encrypting the text output from the form =
and e-mailing the encrypted data to yourself.
First the good news: encryption by a script is easy. For gpg encryption =
you will not be required to provide a password. The password is only =
required at the decryption step.
Now for the bad news:
1) You have a basic problem. Although you would be able to send the =
data from the shared host to your e-mail address in securely encrypted =
fashion, the data being entered into the form will only be transferred =
from the browser to the form in a secure fashion if your shared host =
provides secure sockets layer, a.k.a. HTTPS. Thus the scheme is =
inappropriate for most security needs if HTTP is used.
2) If your web site is on the typical budget web host service there may =
be some resistance to running any executable programs on the server.
3) Your biggest problems may include securely deleting/wiping the =
unencrypted text after encryption.
4) You still have to mail the data. This is quite platform dependent. =
On Linux you may need to learn about sendmail. On NT server there are a =
number of approaches -- try looking up automailnt on the search engines.
----- Original Message -----=20
From: Jim ceStudy=20
To: gnupg-users@gnupg.org=20
Sent: Tuesday, July 02, 2002 8:30 PM
Subject: GPG Formmail
I need to set up a GPG Formmail script on a shared web host. Are =
there any instructions as to how to go about accomplishing this? I plan =
to generate the public and private keys on my local PC and upload the =
public key to the shared host.
In looking for info on this I've seen comments that some have =
encountered permissions/access problems with the various directories of =
the shared host environment - so I guess I'm wondering how feasible is =
this and can anyone recommend how to do it?
Thanks,
Jim
-------------------------------------------------------------------------=
-----
Do You Yahoo!?
New! SBC Yahoo! Dial - 1st Month Free & unlimited access
------=_NextPart_000_06E2_01C2221A.5E686830
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2712.300" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Here I assume that you will be =
encrypting the text=20
output from the form and e-mailing the encrypted data to =
yourself.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>First the good news: encryption by a =
script is=20
easy. For gpg encryption you will not be required to provide a=20
password. The password is only required at the decryption=20
step.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Now for the bad news:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>1) You have a basic problem. =
Although you=20
would be able to send the data from the shared host to your e-mail =
address in=20
securely encrypted fashion, the data being entered into the form will =
only be=20
transferred from the browser to the form in a secure fashion if your =
shared host=20
provides secure sockets layer, a.k.a. HTTPS. Thus the scheme is=20
inappropriate for most security needs if HTTP is used.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>2) If your web site is on the typical =
budget web=20
host service there may be some resistance to running any executable =
programs on=20
the server.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>3) Your biggest problems may include =
securely=20
deleting/wiping the unencrypted text after encryption.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>4) You still have to mail the =
data. This is=20
quite platform dependent. On Linux you may need to learn =
</FONT><FONT=20
face=3DArial size=3D2>about sendmail. On NT server there are a =
number of=20
approaches -- try looking up automailnt on the search =
engines.</FONT></DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV=20
style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
<A title=3Dwritetojimsemailaddress@yahoo.com=20
href=3D"mailto:writetojimsemailaddress@yahoo.com">Jim ceStudy</A> =
</DIV>
<DIV style=3D"FONT: 10pt arial"><B>To:</B> <A =
title=3Dgnupg-users@gnupg.org=20
href=3D"mailto:gnupg-users@gnupg.org">gnupg-users@gnupg.org</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Tuesday, July 02, 2002 =
8:30=20
PM</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Subject:</B> GPG Formmail</DIV>
<DIV><BR></DIV>
<P>I need to set up a GPG Formmail script on a shared =
web=20
host. Are there any instructions as to how to go about =
accomplishing=20
this? I plan to generate the public and private keys on my local =
PC and=20
upload the public key to the shared host.</P>
<P>In looking for info on this I've seen comments that some have =
encountered=20
permissions/access problems with the various directories of the shared =
host=20
environment - so I guess I'm wondering how feasible is this and =
can=20
anyone recommend how to do it?</P>
<P>Thanks,</P>
<P>Jim</P>
<P><BR>
<HR SIZE=3D1>
<B>Do You Yahoo!?</B><BR>New! <A=20
=
href=3D"http://pa.yahoo.com/*http://rd.yahoo.com/sbcyahoo/consumer/evt=3D=
640/*http://sbc.yahoo.com"=20
target=3D_blank>SBC Yahoo! Dial</A> - 1st Month Free & unlimited=20
access</BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_06E2_01C2221A.5E686830--