CGI script decrypting using GPG?
Mon Jun 23 19:15:02 2003
For a system I'm using GPG to encrypt data as users enter it and store that in a database.
I also need for some admistrative-type users to be able to view this data un-encrypted and I'm having problems writing a CGI script to do this trick.
This is on a UNIX system and my problem is that I need to give gpg 2 different pieces of input: the data to be decrpyted and the passphrase to use to decrypt it.
Something that Works, but is Bad is this:
echo "<data to be decrypted>" | gpg --options decrypt.conf 2< <text file containing passphrase>
But that means storing the passphrase in a plain text file on the server.
And that means anyone gaining root access to the server could decrypt this data.
I would rather ask the administrative-users for that passphrase (as well as a username and password that my CGI script would enforce), but I don't know how to pipe that into anything other than the standard input for GPG and I can't have the passphrase and the data-to-be-decrytped both piped in via stdin.
I know this is confusing, but I've been trying to make this work for a week and am just getting nowhere.
Thanks so much in advance!