Solved

Encrypting Email

Posted on 2000-02-29
6
229 Views
Last Modified: 2006-11-17
I am developing a PHP application which collects information from a web based form & emails it to a recipient. The data is very sensitive so I am using a mod_ssl & will be getting a Verisign certificate before the site goes live.

The information is secure (I trust) between the browser & the server, but how can I ensure it stays secure as it is transmitted by email? Ideally I'd like the recipient to have a private key, then I could get PHP to encode it using the corresponding public key. Looking at the manual there seems to be a million ways to encrypt data - which is best?
0
Comment
Question by:bergsy
  • 2
  • 2
  • 2
6 Comments
 
LVL 8

Accepted Solution

by:
us111 earned 100 total points
ID: 2568994
USE PGP (private & public key)
it's the best solution to encrypt your message or data

http://www.pgpi.org
There, you'll find source, and exe

Before sending your email, crypt it with PGP and  then send it.

below a piece of code
of course you need pgp installed on your server


<?

$PGP_TEMP="/www/pgpmail/temp";
$PGP_PROG="/bin/pgpe";

#### Encrypt a string with PGP      
#### Param:
#### $userid : User ID
#### $msg    : String which be encrypted
#### Return encrypted string
function pgp_encrypt($userid, $msg)
{      if (file_exists($PGP_PROG) == false)
      {      print "<h1>Cannot find $PGP_PROG</h1>";
            exit();      
      }
      
      if (is_dir($PGP_TEMP) == false)
      {      print "<h1>Cannot find $PGP_TEMP</h1>";
            exit();      
      }
      
      # Put message into file
      $f = fopen("$PGP_TEMP", "w");
      fputs($f, $msg);
      fclose($f);

      # Encrypt this file with pgp
      exec("$PGP_PROG -r $userid -af $PGP_TEMP -o $PGP_TEMP.asc > /dev/null");
                        
      # Get file into $msg
      $f = fopen("$PGP_TEMP.asc" ,"r");
      $msg = fread($f, filesize("$PGP_TEMP.asc"));
      fclose($f);
            
      # Delete temp files
      unlink("$PGP_TEMP.asc");
      unlink("$PGP_TEMP");

      # Return encrypted message
      return $msg;
}
?>
0
 
LVL 8

Expert Comment

by:us111
ID: 2569001
USE PGP (private & public key)
it's the best solution to encrypt your message or data

http://www.pgpi.org
There, you'll find source, and exe

Before sending your email, crypt it with PGP and  then send it.

below a piece of code
of course you need pgp installed on your server


<?

$PGP_TEMP="/www/pgpmail/temp";
$PGP_PROG="/bin/pgpe";

#### Encrypt a string with PGP      
#### Param:
#### $userid : User ID
#### $msg    : String which be encrypted
#### Return encrypted string
function pgp_encrypt($userid, $msg)
{      if (file_exists($PGP_PROG) == false)
      {      print "<h1>Cannot find $PGP_PROG</h1>";
            exit();      
      }
      
      if (is_dir($PGP_TEMP) == false)
      {      print "<h1>Cannot find $PGP_TEMP</h1>";
            exit();      
      }
      
      # Put message into file
      $f = fopen("$PGP_TEMP", "w");
      fputs($f, $msg);
      fclose($f);

      # Encrypt this file with pgp
      exec("$PGP_PROG -r $userid -af $PGP_TEMP -o $PGP_TEMP.asc > /dev/null");
                        
      # Get file into $msg
      $f = fopen("$PGP_TEMP.asc" ,"r");
      $msg = fread($f, filesize("$PGP_TEMP.asc"));
      fclose($f);
            
      # Delete temp files
      unlink("$PGP_TEMP.asc");
      unlink("$PGP_TEMP");

      # Return encrypted message
      return $msg;
}
?>
0
 

Author Comment

by:bergsy
ID: 2571622
Perfect!
0
Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

 
LVL 2

Expert Comment

by:gravity
ID: 2571637
I think you need a quick modification to the program so that if the $PGP_TEMP.asc file already exists, PHP loops until it is deleted... just think what would happen if two people accessed it at the same time :)
0
 

Author Comment

by:bergsy
ID: 2571711
Gravity : My program has session handling happening already - each $PGP_TEMP.asc is actually given a unique name for each session.

The main problem I have found is that PGP is looking for the keyrings on user 'Nobody', as that's who has permissions at run time. I think I will create a user for this host and use the suEXEC feature of apache to get around this - it also means that anyone else who is on the server at the time cannot grab a copy of the file before it is encrypted, which is very unlikely but just about possible.
0
 
LVL 2

Expert Comment

by:gravity
ID: 2574156
Aha, that certainly makes life easier :)
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Download tables into separate sheets 3 25
Fulfillment API php code sample 1 40
Php recording post 4 39
How would I do this...? 2 28
I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question