ssaluja
asked on
How to implement PGP
My requirement is to implement Security in a scenario wherein the user(client may be web browser or any other desktop application) is downloading a document at its desktop and then uploading (may be after sometime) the document to webserver.The transfer of information is taking place in form of document. Can i implement security by using PGP.
I have gone through various sites of pgp including your company site, www.pgpi.org and http://www.w3.org/Conferences/WWW4/Papers2/245.html.
I havenot been able to come across the product/application that is required to be implemented at the
ClientSide(i.e.it may be WebBrowser or any other application) or at the webserver side where the document is kept.
All i have seen some products(e-ppliance,E-Busi
Or i have come across PGP-CCI on http://www.w3.org/Conferences/WWW4/Papers2/245.html.
Though it talks of some PGP-CCI application that interects with PGP API but it dosenot tell about the application.
Do we need to code some application on our own to use PGP API.I am also not sure of PGP APIs.
I have gone through various sites of pgp including your company site, www.pgpi.org and http://www.w3.org/Conferences/WWW4/Papers2/245.html.
I havenot been able to come across the product/application that is required to be implemented at the
ClientSide(i.e.it may be WebBrowser or any other application) or at the webserver side where the document is kept.
All i have seen some products(e-ppliance,E-Busi
Or i have come across PGP-CCI on http://www.w3.org/Conferences/WWW4/Papers2/245.html.
Though it talks of some PGP-CCI application that interects with PGP API but it dosenot tell about the application.
Do we need to code some application on our own to use PGP API.I am also not sure of PGP APIs.
ASKER
The Project Requirement is such that i have to use PGP based security. The requirement of security is during tranist (downloading and uploading) of document between client(web browser or any other client application etc.) and webserver.Can we use implement security with PGP in this scenario.
If this is possible then please tell me how to implement it.
If this is possible then please tell me how to implement it.
You can implement PGP in this scenario, but it is way overkill. Simply running an SSL-ized web server would be much easier and still fit the bill.
Getting PGP to work minimally requires
1. Distributing your PGP public key to all clients.
2. Distributing PGP software to all clients.
3. A back-end process that encrypts and signs the files.
4. A front-end process that decrypts the files.
Getting PGP to work minimally requires
1. Distributing your PGP public key to all clients.
2. Distributing PGP software to all clients.
3. A back-end process that encrypts and signs the files.
4. A front-end process that decrypts the files.
ASKER
Clarifications on The comments :
Pt no 2: Can you tell me which PGP software i have to distribute to all clients.Is it possible that the S/W gets downloaded the first time Client connects to the server.
Is this S/W a freeware.
Pt No 3: Please explain the back end process for encrypting and signing the files.
Pt no 4: Please explain the front end process for decrypting the file
Can we use some open source to get these things done or we have to implement Software products for implementing PGP Security
Pt no 2: Can you tell me which PGP software i have to distribute to all clients.Is it possible that the S/W gets downloaded the first time Client connects to the server.
Is this S/W a freeware.
Pt No 3: Please explain the back end process for encrypting and signing the files.
Pt no 4: Please explain the front end process for decrypting the file
Can we use some open source to get these things done or we have to implement Software products for implementing PGP Security
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
as I understand the comments so far, I agree with chris_calabrese suggestions, especially that SSL should do it.
But I know that SSL cannot guarantee for the content, just think of a man-in-the-middle-attack (using a fake server), hard to do but it can ...
In such a situation PGP might be a solution if the keys have been exchanged and prooved using a trusted media before.
I've setup a test site using PGP signatures for any requested URL. It's probably not exactly what ssaluja wants, but very close to it. 'Cause all this stuff is not yet idiot-prooved, I won't post the link here.
ssaluja, chris_calabrese, if you're interested in this, please ask support@experts-exchange.c
But I know that SSL cannot guarantee for the content, just think of a man-in-the-middle-attack (using a fake server), hard to do but it can ...
In such a situation PGP might be a solution if the keys have been exchanged and prooved using a trusted media before.
I've setup a test site using PGP signatures for any requested URL. It's probably not exactly what ssaluja wants, but very close to it. 'Cause all this stuff is not yet idiot-prooved, I won't post the link here.
ssaluja, chris_calabrese, if you're interested in this, please ask support@experts-exchange.c
Upon review of the comments here, I am recommending this disposition:
points to chris_calabrese
Please post a comment if you disagree.
DanRollins -- EE database cleanup volunteer
points to chris_calabrese
Please post a comment if you disagree.
DanRollins -- EE database cleanup volunteer
per recommendation.
SpideyMod
Community Support Moderator @Experts Exchange
SpideyMod
Community Support Moderator @Experts Exchange
If only during transit, just use an SSL-ized web server.
If you want to protect it afterwards too, then PGP is more appropriate. You'll probably have to write your own code to call PGP to encrypt/signn the documents on the server and the client, though. Unless you're using a client that PGP.com supports a plug-in for (like e-mailing the docs and using Outlook to read them).