Newbie here- how do I use this thing?

Mark Kirchner mail@mark-kirchner.de
Sun Sep 15 11:03:02 2002 

Hi Sean,

On Saturday, September 14, 2002, 11:33:42 PM, Sean wrote:
> Basically I have a website with a form on it, and that form is going to
> send personal information to me via e-mail (ie. credit cards).
> [snip]
> I have been told that I can use GnuPG to encrypt the results of this
> form when they are sent as an e-mail to me and that then I can
> de-encrypt it myself...but after downloading the program I have no
> idea how to use it.

While it would theoretically possible to install gpg on the webserver
(only if you have the right access permissions on that server!) and
use it via a script (e.g. modified formmail) to encrypt the data that
has to be mailed to you, that would not give you the kind of security
you probably have in mind. Please take a look at the way, the data has
to take to reach you:

  customer's computer -> webserver -> mailserver -> your computer

Since gpg is running on the webserver, only the second and third part
of the way can be secured with it. There are a few possible solutions:
- The webserver has to communicate securely with the customer, this
  can be done with SSL.
- Then the webserver can use gpg to encrypt the data with your
  (public) key and send it to you.
  Or the data could be stored on the webserver and you use a
  SSL-secured connection to access and retrieve the data (with your
  webbrowser and not via e-mail).

> Can anyone tell me what I need to do to get this to work?

Sorry, I can't give you actual implementation tips. Getting SSL to
work depends on the type of webserver you use (shared hosting
environment / your own server / server of your company?) and other
things. If you use the services / servers of a webhosting firm, it's
probably a shared hosting environment, you should ask your webhoster
how to set up a SSL-secured form. In other cases, the admin of the
webserver should know how to do it.
I never used gpg in a script or on a webserver, so I can't help you
with that either, maybe others on this list can. Also, please take a
look at the gpg-FAQ, point 4.14 (http://www.gnupg.org/faq.html#q4.14).

Regards,
Mark Kirchner

-- 
Key (0x19DC86D3) available: http://www.mark-kirchner.de/keys/key-mk.asc