[nycphp-talk] cookbook: gpg
dmintz at panix.com
Mon Aug 11 10:13:52 EDT 2003
On Mon, 11 Aug 2003, David Sklar wrote:
> gpg has to run as a user that has access to your secret key ring.
> Doing gpg encryption with a passphrase-protected key on a shared server has
> many risks: can anyone else on the server (through misadministration or a
> hole in pages on your site) alter any of your cgi-wrapped scripts and do
> their own encryption/decryption/steal your key? Separately, putting your
> passphrase in a file readable by other users is no better than just having a
> passphraseless key.
> What are you trying to encrypt?
Last question first: credit card information, which will then be emailed
and/or written to a database.
As for the first question, well... maybe I'm confused. When I run the
$encrypted = shell_exec( "echo 'secret stuff'|/usr/bin/gpg
--no-secmem-warning --homedir /my/.gnupg -ear recipient at example.com");
from the command line or as a wrapped script, it does not require a
passphrase in order to encrypt. Since gpg needs the user's secret key in
order to encrypt and sign, a copy of that secret key has to live on the
server -- is there any way around that? The permissions are as restrictive
as possible and I guess the key is as safe/vulnerable as anything else in
the house that's similarly chmoded.
The private key for decrypting is not going to be anywhere near the
server, nor will my secret key passphrase.
So how, if at all, does one safely gpg-encrypt on a shared server?
Email: See http://dmintzweb.com/whitelist.php first!
More information about the talk