Solved

Encrypting Email

Posted on 2000-02-29
6
232 Views
Last Modified: 2006-11-17
I am developing a PHP application which collects information from a web based form & emails it to a recipient. The data is very sensitive so I am using a mod_ssl & will be getting a Verisign certificate before the site goes live.

The information is secure (I trust) between the browser & the server, but how can I ensure it stays secure as it is transmitted by email? Ideally I'd like the recipient to have a private key, then I could get PHP to encode it using the corresponding public key. Looking at the manual there seems to be a million ways to encrypt data - which is best?
0
Comment
Question by:bergsy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 8

Accepted Solution

by:
us111 earned 100 total points
ID: 2568994
USE PGP (private & public key)
it's the best solution to encrypt your message or data

http://www.pgpi.org
There, you'll find source, and exe

Before sending your email, crypt it with PGP and  then send it.

below a piece of code
of course you need pgp installed on your server


<?

$PGP_TEMP="/www/pgpmail/temp";
$PGP_PROG="/bin/pgpe";

#### Encrypt a string with PGP      
#### Param:
#### $userid : User ID
#### $msg    : String which be encrypted
#### Return encrypted string
function pgp_encrypt($userid, $msg)
{      if (file_exists($PGP_PROG) == false)
      {      print "<h1>Cannot find $PGP_PROG</h1>";
            exit();      
      }
      
      if (is_dir($PGP_TEMP) == false)
      {      print "<h1>Cannot find $PGP_TEMP</h1>";
            exit();      
      }
      
      # Put message into file
      $f = fopen("$PGP_TEMP", "w");
      fputs($f, $msg);
      fclose($f);

      # Encrypt this file with pgp
      exec("$PGP_PROG -r $userid -af $PGP_TEMP -o $PGP_TEMP.asc > /dev/null");
                        
      # Get file into $msg
      $f = fopen("$PGP_TEMP.asc" ,"r");
      $msg = fread($f, filesize("$PGP_TEMP.asc"));
      fclose($f);
            
      # Delete temp files
      unlink("$PGP_TEMP.asc");
      unlink("$PGP_TEMP");

      # Return encrypted message
      return $msg;
}
?>
0
 
LVL 8

Expert Comment

by:us111
ID: 2569001
USE PGP (private & public key)
it's the best solution to encrypt your message or data

http://www.pgpi.org
There, you'll find source, and exe

Before sending your email, crypt it with PGP and  then send it.

below a piece of code
of course you need pgp installed on your server


<?

$PGP_TEMP="/www/pgpmail/temp";
$PGP_PROG="/bin/pgpe";

#### Encrypt a string with PGP      
#### Param:
#### $userid : User ID
#### $msg    : String which be encrypted
#### Return encrypted string
function pgp_encrypt($userid, $msg)
{      if (file_exists($PGP_PROG) == false)
      {      print "<h1>Cannot find $PGP_PROG</h1>";
            exit();      
      }
      
      if (is_dir($PGP_TEMP) == false)
      {      print "<h1>Cannot find $PGP_TEMP</h1>";
            exit();      
      }
      
      # Put message into file
      $f = fopen("$PGP_TEMP", "w");
      fputs($f, $msg);
      fclose($f);

      # Encrypt this file with pgp
      exec("$PGP_PROG -r $userid -af $PGP_TEMP -o $PGP_TEMP.asc > /dev/null");
                        
      # Get file into $msg
      $f = fopen("$PGP_TEMP.asc" ,"r");
      $msg = fread($f, filesize("$PGP_TEMP.asc"));
      fclose($f);
            
      # Delete temp files
      unlink("$PGP_TEMP.asc");
      unlink("$PGP_TEMP");

      # Return encrypted message
      return $msg;
}
?>
0
 

Author Comment

by:bergsy
ID: 2571622
Perfect!
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 2

Expert Comment

by:gravity
ID: 2571637
I think you need a quick modification to the program so that if the $PGP_TEMP.asc file already exists, PHP loops until it is deleted... just think what would happen if two people accessed it at the same time :)
0
 

Author Comment

by:bergsy
ID: 2571711
Gravity : My program has session handling happening already - each $PGP_TEMP.asc is actually given a unique name for each session.

The main problem I have found is that PGP is looking for the keyrings on user 'Nobody', as that's who has permissions at run time. I think I will create a user for this host and use the suEXEC feature of apache to get around this - it also means that anyone else who is on the server at the time cannot grab a copy of the file before it is encrypted, which is very unlikely but just about possible.
0
 
LVL 2

Expert Comment

by:gravity
ID: 2574156
Aha, that certainly makes life easier :)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question