Newbie here- how do I use this thing?

Per Tunedal pt@radvis.nu
Mon Sep 16 12:44:02 2002


Hi Sean,
I have found a page that uses the concept your driving at:
http://disastry.dhs.org/contact.htm

Take a look and send a mail to the chap.

Per Tunedal


At 11:04 2002-09-15 +0200, you wrote:
>Hi Sean,
>
>On Saturday, September 14, 2002, 11:33:42 PM, Sean wrote:
> > Basically I have a website with a form on it, and that form is going to
> > send personal information to me via e-mail (ie. credit cards).
> > [snip]
> > I have been told that I can use GnuPG to encrypt the results of this
> > form when they are sent as an e-mail to me and that then I can
> > de-encrypt it myself...but after downloading the program I have no
> > idea how to use it.
>
>While it would theoretically possible to install gpg on the webserver
>(only if you have the right access permissions on that server!) and
>use it via a script (e.g. modified formmail) to encrypt the data that
>has to be mailed to you, that would not give you the kind of security
>you probably have in mind. Please take a look at the way, the data has
>to take to reach you:
>
>   customer's computer -> webserver -> mailserver -> your computer
>
>Since gpg is running on the webserver, only the second and third part
>of the way can be secured with it. There are a few possible solutions:
>- The webserver has to communicate securely with the customer, this
>   can be done with SSL.
>- Then the webserver can use gpg to encrypt the data with your
>   (public) key and send it to you.
>   Or the data could be stored on the webserver and you use a
>   SSL-secured connection to access and retrieve the data (with your
>   webbrowser and not via e-mail).
>
> > Can anyone tell me what I need to do to get this to work?
>
>Sorry, I can't give you actual implementation tips. Getting SSL to
>work depends on the type of webserver you use (shared hosting
>environment / your own server / server of your company?) and other
>things. If you use the services / servers of a webhosting firm, it's
>probably a shared hosting environment, you should ask your webhoster
>how to set up a SSL-secured form. In other cases, the admin of the
>webserver should know how to do it.
>I never used gpg in a script or on a webserver, so I can't help you
>with that either, maybe others on this list can. Also, please take a
>look at the gpg-FAQ, point 4.14 (http://www.gnupg.org/faq.html#q4.14).
>
>Regards,
>Mark Kirchner
>
>--
>Key (0x19DC86D3) available: http://www.mark-kirchner.de/keys/key-mk.asc
>
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users