[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Encrypting Email

Posted on 2000-02-29
6
Medium Priority
?
239 Views
Last Modified: 2006-11-17
I am developing a PHP application which collects information from a web based form & emails it to a recipient. The data is very sensitive so I am using a mod_ssl & will be getting a Verisign certificate before the site goes live.

The information is secure (I trust) between the browser & the server, but how can I ensure it stays secure as it is transmitted by email? Ideally I'd like the recipient to have a private key, then I could get PHP to encode it using the corresponding public key. Looking at the manual there seems to be a million ways to encrypt data - which is best?
0
Comment
Question by:bergsy
  • 2
  • 2
  • 2
6 Comments
 
LVL 8

Accepted Solution

by:
us111 earned 400 total points
ID: 2568994
USE PGP (private & public key)
it's the best solution to encrypt your message or data

http://www.pgpi.org
There, you'll find source, and exe

Before sending your email, crypt it with PGP and  then send it.

below a piece of code
of course you need pgp installed on your server


<?

$PGP_TEMP="/www/pgpmail/temp";
$PGP_PROG="/bin/pgpe";

#### Encrypt a string with PGP      
#### Param:
#### $userid : User ID
#### $msg    : String which be encrypted
#### Return encrypted string
function pgp_encrypt($userid, $msg)
{      if (file_exists($PGP_PROG) == false)
      {      print "<h1>Cannot find $PGP_PROG</h1>";
            exit();      
      }
      
      if (is_dir($PGP_TEMP) == false)
      {      print "<h1>Cannot find $PGP_TEMP</h1>";
            exit();      
      }
      
      # Put message into file
      $f = fopen("$PGP_TEMP", "w");
      fputs($f, $msg);
      fclose($f);

      # Encrypt this file with pgp
      exec("$PGP_PROG -r $userid -af $PGP_TEMP -o $PGP_TEMP.asc > /dev/null");
                        
      # Get file into $msg
      $f = fopen("$PGP_TEMP.asc" ,"r");
      $msg = fread($f, filesize("$PGP_TEMP.asc"));
      fclose($f);
            
      # Delete temp files
      unlink("$PGP_TEMP.asc");
      unlink("$PGP_TEMP");

      # Return encrypted message
      return $msg;
}
?>
0
 
LVL 8

Expert Comment

by:us111
ID: 2569001
USE PGP (private & public key)
it's the best solution to encrypt your message or data

http://www.pgpi.org
There, you'll find source, and exe

Before sending your email, crypt it with PGP and  then send it.

below a piece of code
of course you need pgp installed on your server


<?

$PGP_TEMP="/www/pgpmail/temp";
$PGP_PROG="/bin/pgpe";

#### Encrypt a string with PGP      
#### Param:
#### $userid : User ID
#### $msg    : String which be encrypted
#### Return encrypted string
function pgp_encrypt($userid, $msg)
{      if (file_exists($PGP_PROG) == false)
      {      print "<h1>Cannot find $PGP_PROG</h1>";
            exit();      
      }
      
      if (is_dir($PGP_TEMP) == false)
      {      print "<h1>Cannot find $PGP_TEMP</h1>";
            exit();      
      }
      
      # Put message into file
      $f = fopen("$PGP_TEMP", "w");
      fputs($f, $msg);
      fclose($f);

      # Encrypt this file with pgp
      exec("$PGP_PROG -r $userid -af $PGP_TEMP -o $PGP_TEMP.asc > /dev/null");
                        
      # Get file into $msg
      $f = fopen("$PGP_TEMP.asc" ,"r");
      $msg = fread($f, filesize("$PGP_TEMP.asc"));
      fclose($f);
            
      # Delete temp files
      unlink("$PGP_TEMP.asc");
      unlink("$PGP_TEMP");

      # Return encrypted message
      return $msg;
}
?>
0
 

Author Comment

by:bergsy
ID: 2571622
Perfect!
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:gravity
ID: 2571637
I think you need a quick modification to the program so that if the $PGP_TEMP.asc file already exists, PHP loops until it is deleted... just think what would happen if two people accessed it at the same time :)
0
 

Author Comment

by:bergsy
ID: 2571711
Gravity : My program has session handling happening already - each $PGP_TEMP.asc is actually given a unique name for each session.

The main problem I have found is that PGP is looking for the keyrings on user 'Nobody', as that's who has permissions at run time. I think I will create a user for this host and use the suEXEC feature of apache to get around this - it also means that anyone else who is on the server at the time cannot grab a copy of the file before it is encrypted, which is very unlikely but just about possible.
0
 
LVL 2

Expert Comment

by:gravity
ID: 2574156
Aha, that certainly makes life easier :)
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses
Course of the Month20 days, 8 hours left to enroll

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question