Decryption through CGI/Perl script
L. Sassaman
rabbi@quickie.net
Tue, 2 May 2000 13:54:45 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
How does this provide the user any security at all? I'm failing to see
this.
On Tue, 2 May 2000, Mark Malkasian wrote:
> Hi All,
>
> I'm working on a CGI script in Perl that would allow users to decrypt
> GnuPG-encrypted files on the web. (I'm trying to avoid the hassle of
> guiding them through the process of setting up and using PGP on their
> Windows machines and also to accommodate Mac users.) Users are
> presented with a web form asking them to submit their passphrase.
> (Transmission would take place under SSL.) The script then inserts
> the passphrase into a GnuPG command and executes the command by
> opening a pipe (or using backticks, or a system call, etc.) to the
> gpg executable.
>
> I should note that my web site is being hosted remotely and our
> sysadm isn't particularly flexible. To get GnuPG working at all, I
> picked up a copy of the compiled gpg executable from another
> subscriber to this list, Greg McKean, and uploaded pubring.gpg,
> secring.gpg, and trustdb.gpg to the server after creating them on my
> local Windows machine.
>
> From browsing the mailing list archive, I cobbled together a
> bare-bones test script (see below). I have no problem creating an
> encrypted file. Moreover, I'm able to download the file to my local
> machine and decrypt it there. However, as you may have guessed,
> providing the passphrase to gpg has tripped me up. When I run the
> script below for decryption, I get the following error message:
>
> gpg: encrypted with 1024-bit ELG-E key, ID E91E3613, created 2000-05-02
> "test1 (Test) <mark@web-crafter.net>"
> gpg: public key decryption failed: bad passphrase
> gpg: decryption failed: secret key not available
>
> Is there a way around this, or does it make more sense to retreat and
> declare victory? (BTW, if I were managing my own server I'd take a
> look at the GnuPG-Interface module Frank Tobin has put together. See
> http://GnuPG-Interface.sourceforge.net/ . Very impressive.)
>
> Best,
> Mark Malkasian
>
>
> #!/usr/local/bin/perl
>
> $| = 1;
>
> print "Content-type: text/html\n\n";
>
> $gpg_path = "$ENV{DOCUMENT_ROOT}/cgi-local/gnupg/gpg";
> $gpg_config_files = "$ENV{DOCUMENT_ROOT}/cgi-local/gnupg";
> $ENV{"GNUPGHOME"} = $gpg_config_files;
>
> # To encrypt a test file, uncomment the line below.
> # $gpg_command = "$gpg_path -r test1 --output
> /u/web/myuserid/test.gpg --encrypt /u/web/myuserid/test.txt";
>
> $gpg_command = "$gpg_path --batch --passphrase-fd 0 --output
> /u/web/myuserid/decrypt.txt --decrypt /u/web/myuserid/test.gpg <
> test";
>
> # Execute command. Capture STDOUT and STDERR and print it to screen.
> open(READ, "$gpg_command 2>&1 |") or die "Failure on open $!\n";
> while (<READ>)
> {
> $output .= $_;
> }
> close (READ) or die "Failure on close $!\n";
> print $output;
> -------------------------
> Mark Malkasian
> mark@web-crafter.net
> http://www.web-crafter.net
>
__
L. Sassaman
System Administrator |
Technology Consultant | "To hold a pen is to be at war."
icq.. 10735603 |
pgp.. finger://ns.quickie.net/rabbi | --Voltaire
-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.
iD8DBQE5D0CdPYrxsgmsCmoRAvnVAJ9mkOsz/YqV+ALTZkpR/UQoiEBdXACfe/We
EQd3h50WUH1ftkmUVCKnr68=
=izRx
-----END PGP SIGNATURE-----