gpg logo, static URLs, demo keypair

Richard Lynch lynch at cognitivearts.com
Thu Feb 4 01:19:36 CET 1999 

Is there a gnupg logo?

Are there static URLs for quickie downloads of the latest releases on both
Unix and Windoze?  <HOPEFULLY> Will there be once 1.0 is released?
</HOPEFULLY>

Is there a canonical "Demo" public/private keypair that I should use to
demo gpg where the private key is not private at all and has the passphrase
in plaintext somehow...?  Yet obviously labeled as "Demo" private key?...
I want to build some pages to demo gpg where the user types in a message,
encrypts it and then either:
has the server decrypt it (not much of a demo, since we could be "cheating")
downloads gpg and the server's keyring to decrypt the message on their own box
It's just a silly kick-the-tires sort of thing that I think would appeal to
the uninitiated/ignoramuses such as myself. :-)

Apologies if I'm asking stuff that's in the docs or an e-mail archive, but
I couldn't find the answers to this.  I did find the kinder, gentler URL of
www.gnupg.org on my own though :-)

I want to have a gpg logo on my explanation page of the security
methodology employed by my site, and then the kick-the-tires demo of it:

For those who have forgotten my "scheme":

1. Use a Virtual Server to process an order with an suExec'ed cgi.
   [I'm using PHP, but it doesn't matter much.]

2. Have the cgi shell-execute gpg with the order info to self-encrypt the
order, including credit info.

3. E-Mail the resulting encrypted (ascii armored) message to a human.

4. The human runs gpg on a non-networked machine with the decrypting key in
his keyring that matches the encrypting key on the server and then
processes the plain-text invoice through existing store-front credit card
terminal.
[I hope that sentence makes sense...]


Most ISPs these days include a Virtual Server in their hosting package
price: They suck you dry with expecting you to pay them to design the
pages, interface with CyberCa$h, setup fees on the credit card processing,
and then automagically run your orders through their credit card processor
for a rather large percentage of the sales.  [EG 10% of sales, of which at
most 4% goes to Visa/MC, so they get 6% for doing very, very little work.]

But with this scheme, one only needs to find a Secure Server at a
reasonable rate, and have an existing store-front credit charge terminal.
I believe a great many businesses would fit this description.


My ToDo list for this project now includes:

Download/Install/Test latest gpg.

Write security.htm to:
  A  Make inexperienced users feel good about how secure this is.
  B  Inform experienced users about how it works and how cool gpg is.

Generate new keys, with the decrypting key not even *on* the server.
Last time I tried this (0.4.2?), it was required that I have a full keypair
for the sender of the message, which I shouldn't really need, and I got
real frustrated, so I just have 1 test pair with both encrypt/decrypt keys
on both server and non-networked machine.  I want to completely eliminate
the decryption key from the server keyring, if I can.  If that requires a
bogus, totally unused keypair for the sender to be able to send a message
encrypted with the recipient's public key, so be it.  But why do I need
that bogus keypair...?

Write example pages to show off gpg and how easy and cool this idea is,
without breaking my arm patting myself on the back. :-)


When completed, the kick-the-tires demo will be announced here and will
have links to source code, so you needn't, please :-) ask me in the
meantime to send it to you.  Only the "real" code exists so far, and that's
got a whole mess of crap in it that you don't want to wade through.  [A
large order form.]

Note that there won't be a whole lot of code, really.  I imagine most of
you could manage to write a cgi that executes gpg and snags the results
into an e-mail far faster than I was able to do so. :-)  Oh well.


*MUCH* thanks to everybody for their help with this project, and apologies
that my day job ground it to a halt for so damn long.

Wow, how did this post get so long? :-?

-- "TANSTAAFL" Rich lynch at cognitivearts.com   webmaster@  and www. all of:
R&B/jazz/blues/rock - jademaze.com      music industry org - chatmusic.com
acoustic/funk/world-beat - astrakelly.com   sculptures - olivierledoux.com
my own nascent company - l-i-e.com   cool coffeehouse - uncommonground.com

More information about the Gnupg-devel mailing list