basic error? PHP and GPG

Enzo Michelangeli em at who.net
Tue Dec 17 13:07:01 CET 2002 

I don't think it's a good idea to keep a secret keyring on a shared server:
running a sniffer on the same LAN segment one can read your passphrase, and
then decrypt the secret key. The only exception would be if gpg could make
use of tamperproof keystores, such as some types of smartcards: but this is
not yet available.

Enzo

----- Original Message -----
From: "Ken McCormack" <design at palmer21.com>
To: <gnupg-devel at gnupg.org>
Cc: "Noel D. Torres Taño" <ndtt at ll.iac.es>
Sent: Tuesday, December 17, 2002 7:38 PM
Subject: Re: basic error? PHP and GPG


> Thanks Noel, will try that. I was aware of the difference, but not what to
> do about it.
>
> On the recent post regarding the secring.pgp:file open error - ( I haven't
> seen the full thread, sorry... please forgive me if I'm 'barking up the
> wrong tree' with this),  this error looks quite similar to the one I was
> getting.
>
> Just to give a basic explanation about what happened (in case any other
poor
> designers are having the same trouble), I was getting an error because I
had
> imported keys as the wrong user -- I was importing key files into my site
> login username or as root, rather than the web server user 'apache' or
> 'httpd'.  The keys weren't found because they had been installed for
another
> user.
>
> Its pretty obvious when you think about it, as neither root nor the site
> user actually call the gpg script. But it fooled me for a few days.   When
> using PHP for example, this is done on behalf of the web server user... so
> the keys need to be added from apache or httpd or 'nobody'... what I did
was
> log in as root and su to apache.
>
> I also found that 'apache' also needed to have full write permissions on
the
> /home/apache/.gnupg/ directory, so it could create the keyring etc.
>
> I recently tried to set this up on a shared hosting account for a design
> client, my host charged me $75 to set up the keyrings, apparently it was
the
> first time they had this requested...!
>
> Perhaps a good subject for a FAQ for the site would be 'setting up GPG on
a
> shared server'?
>
> Best regards
>
> Ken
>
>
> ----- Original Message -----
> From: "Noel D. Torres Taño" <ndtt at ll.iac.es>
> To: <gnupg-devel at gnupg.org>
> Cc: "Ken McCormack" <design at palmer21.com>
> Sent: Tuesday, December 17, 2002 10:04 PM
> Subject: Re: basic error? PHP and GPG
>
>
> > > Ken McCormack wrote:
> > >
> > > Hi All...
> > >
> > > I've just recently got into GPG for the first time, its a wonderful
> > > tool, but there are so many mysteries!
> > > Having finally sussed that for use with PHP I need to set keyrings
> > > from the web user - apache - rather than root or my own account, I am
> > > now up and running....
> > >
> > > Only one small problem, after encrypting an e-mail which
> > > contains standard carriage returns ( \n or (for html) <br>), the
> > > output in Outlook Express comes out as having black squares where the
> > > line feeds should be....
> > >
> > > Does anyone have any ideas as to why this is, and if there are any
> > > ways to counteract this?
> > > I'm using PGP 7.0.3 on my PC... using 1024 bit DSA cipher...
> > >
> > > Regards
> > >
> > > Ken
> > >
> > Keep in mind the diference between the UNIX way of line brakes and the
> > DOS way. For DOS, you need the pair CR LF. Try using -text in your gpg.
> >
> > Noel
> >
> > _______________________________________________
> > Gnupg-devel mailing list
> > Gnupg-devel at gnupg.org
> > http://lists.gnupg.org/mailman/listinfo/gnupg-devel
> >
>
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel

More information about the Gnupg-devel mailing list