CGI script decrypting using GPG?

Robert qg7l80202@sneakemail.com
Mon Jun 23 19:15:02 2003


For a system I'm using GPG to encrypt data as users enter it and store that in a database.

I also need for some admistrative-type users to be able to view this data un-encrypted and I'm having problems writing a CGI script to do this trick.

This is on a UNIX system and my problem is that I need to give gpg 2 different pieces of input: the data to be decrpyted and the passphrase to use to decrypt it.

Something that Works, but is Bad is this:

echo "<data to be decrypted>" | gpg --options decrypt.conf 2< <text file containing passphrase>

But that means storing the passphrase in a plain text file on the server.
And that means anyone gaining root access to the server could decrypt this data.
I would rather ask the administrative-users for that passphrase (as well as a username and password that my CGI script would enforce), but I don't know how to pipe that into anything other than the standard input for GPG and I can't have the passphrase and the data-to-be-decrytped both piped in via stdin.

I know this is confusing, but I've been trying to make this work for a week and am just getting nowhere.

Thanks so much in advance!