GnuPG::Interface
Stef Caunter
stef at caunter.ca
Mon Apr 23 02:17:49 CEST 2007
I do this but don't use the module, just the shell.
You have to confirm the environment for the user. I reset HOME.
$ENV{'HOME'}="/home/gnupg";
.gnupg directory permission has to be 0700 owned by the webserver user, with
0600 on the files.
Plaintext is encrypted to the key and then securely deleted; I'm sure I just
didn't know what to do with the perl module, but I need gpg to work, not perl.
$gpg_result=system("/usr/local/bin/gpg --batch --armor -er nobody
$DIR/$gpg_file && /bin/rm -P $DIR/$gpg_file ");
# didn't work
if($gpg_result){
# do what you think is appropriate
}
# worked
unless($gpg_result){
# note that file gets .asc appended to its name
open GPG, "$DIR/$gpg_file\.asc" or warn "$! asc open\n";
while(<GPG>){
$message_body.="$_";
}
close GPG or warn "$! asc close\n";
# email the ciphertext, or whatever you want to do with it.
}
Stef
http://caunter.ca/contact.html
On Sun, 22 Apr 2007, Linda Jen wrote:
> I am trying to run a CGI application that uses GnuPG::Interface
> in perl. The application runs fine from the command line but not from
> CGI. Of course, the CGI is running as user httpd and I have now changed the
> homedir path to be owned by httpd also. The application creates a
> temporary files for encrypting and signing. I have followed coding exactly
> like that in examples. I have included a relevant snippet of
> code below:
> -----------------------------------------------------------------------
> my $gnupg = GnuPG::Interface->new();
> $gnupg->options->hash_init( armor => 1,
> recipients => $data{'gpg_user'},
> homedir => $data{'gpg_home'});
> my $input = IO::Handle->new();
> my $output = IO::Handle->new();
> my $handles = GnuPG::Handles->new( stdin => $input,
> stdout => $output);
> $gnupg->encrypt(handles => $handles);
> open(unENCR,"/tmp/$prefix") || die "You are pissing me off!";
> @alltext = <unENCR>;
> print $input @alltext;
> close $input;
> my @ciphertext = <$output>;
> print @ciphertext ;
> close $output;
> wait;
> open(ENCR,">/tmp/$prefix2")|| die "Cannot open file to encrypt";
> print ENCR @ciphertext;
> close(ENCR);
> print @ciphertext;
> # *** obtain the GnuPG signature data
> open (ENCR, $encryptedfile) or die "Unable to open encryptedfile -
> $encryptedfil
> e";
> while(<ENCR>){
> $message .= $_;
> }
> close(ENCR);
>
> $base64message = encode_base64($message);
> $url = $eacportal.'?sg='.$base64message.'&comp='.$pm_shortname;
>
> print "\n$url\n";
> exit(0);
> --------------------------------------------------------------------
> I get the following messages in my apache server log:
>
> [Fri Apr 20 14:10:45 2007] [error] [client 852.12.22.138] gpg: WARNING:
> unsafe permissions on homedir
> "/xxxxxxxxxxxxxxxx/.gnupg", referer:
> http://yyyyyyyyy/test/login.test2.html
> [Fri Apr 20 14:10:45 2007] [error] [client 852.12.22.138] gpg: failed to
> create temporary file
> `/xxxxxxxxxxxxxxx/.gnupg/.#lk0x9b7bf18.xxxxx.13310':
> Permission denied, referer:
> http://yyyyyyyyy/test/login.test2.html
> [Fri Apr 20 14:10:45 2007] [error] [client 852.12.22.138] gpg: fatal:
> /xxxxxxxxxxxxxxxx/.gnupg/trustdb.gpg:
> can't create lock, referer:
> http://yyyyyyyyy/test/login.test2.html
> [Fri Apr 20 14:10:45 2007] [error] [client 852.12.22.138] secmem usage:
> 1408/1408 bytes in 2/2 blocks of pool 1408/16384, referer:
> http://yyyyyyyyy/test/login.test2.html
> -----------------------------------------------------------------------
> One suggestion I read was to chmod u+s on the executable. None of these
> worked. Does anyone have an idea of a workaround for this or does
> anyone have any suggestions or working examples including proper
> permissions on directories and programs? Changing owners to
> root or the server (httpd) doesn't seem to help. Thanks in advance.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
More information about the Gnupg-users
mailing list