• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 352
  • Last Modified:

How can I make an emailed form secure?

My company was using PGP to secure online emailed forms sent from a website that had a security certificate. We have since changed web hosting and have redesigned the site. I am in the process or recreating the forms and want to make sure they are secure when emailed. I'm working from the base of what was used before but I have read that pgp isn't really secure especially when submitting charge card info.

The forms I've redesigned use PHP scripting. I have a GeoTrust security certificate on the site. I'm wondering if I add PGP scripting back into the forms will they really be secure?  The forms in question will have charge card information.

Is there some other avenue I should be looking at (example: not emailing the forms but leaving them on the site with an email notification to download them from the site). The forms must not only be secure  when submitted but the person receiving the information must receive it in a way that doesn't create other problems or difficulty.
  • 5
  • 4
4 Solutions
How exactly was your application sending these forms using PGP? Using PGP to secure e-mails would require that the application be able to look up a private key associated with the recipients e-mail and thereby encrypt the e-mail to that person. Under this scenario, PGP is very secure. The problem presented there is that you will need to have a key created and stored for every possible recipient and the recipient will have to have some way of decrypting a PGP encrypted e-mail message (ie a desktop client installed that can hook with Outlook or other e-mail app).

Now that is under the assumption you were actually sending PGP e-mails and not just zip the information into a PGP zip file attachment, in which case it will only be secure as the universally used password for the file.

I think that hosting the file online and sending a notification is a very secure method IF(notice big IF) the recipient will have to provide some kind of personal identification or credentials to access the online resource. If you can force them to provide credentials, then this method would certainly be the simplest as well.

Let me know if this doesn't make sense with your situation.
Correction: "private key" should read "public key"

You need a recipients public key to send them an e-mail, they need their private key to decrypt.
LunaLibbyAuthor Commented:
I'm not sure how it was happening as this was before my employment. The previous forms were asp files, used a different mailer, and had this coding in them. (I've deleted some of the information that is field specific and repetitious).

I will have to revise this coding to make it work with my version of php scripted forms but I am not familiar with how/what to do and am wondering if it will really be secure or just "look" secure if I do get the coding correct.
Set Mailer = Server.CreateObject("SMTPsvg.Mailer")

  Mailer.FromName = Request.Form("Name")
  Mailer.FromAddress = Request.Form("email")

  strMailHost = "mx.localweb.com"
  Mailer.RemoteHost = strMailHost

  Mailer.AddRecipient "xxx xxxx", "xxx@xxxxx.org"

  Mailer.Subject = "Conference Registration"

  Mailer.Priority = 1
  Mailer.Urgent = true

  plaintextFN="e:\www\users\southern\conference\pgp\"& randFN &".txt"
  encryptedFN="e:\www\users\southern\conference\pgp\"& randFN &".asc"
  Set objFSO = CreateObject("Scripting.FileSystemObject")
  Set objTextFile = objFSO.CreateTextFile(plaintextFN, true)


  objTextFile.WriteLine "Name:                        "& Name
  objTextFile.WriteLine "Title:                        "& Title
  objTextFile.WriteLine "Name Preferred on badge:      "& preferredName
  objTextFile.WriteLine "Dep/Division of Company      "& Dept
  objTextFile.WriteLine "Company:                  "& Company
  objTextFile.WriteLine "Address:                  "& Address
  objTextFile.WriteLine "City:                        "& city
  objTextFile.WriteLine "State:                        "& state
  objTextFile.WriteLine "Zip Code:                  "& zip
  objTextFile.WriteLine "Phone Number:                  "& phone
  objTextFile.WriteLine "Fax Number                  "& fax
  objTextFile.WriteLine "Email Address:                  "& email
  objTextFile.WriteLine ""
  objTextFile.WriteLine "Total Amount:                  "& Total_Amount
  objTextFile.WriteLine ""
  objTextFile.WriteLine ""
  objTextFile.WriteLine "Bill my credit card $"& Credit_Amount
  objTextFile.WriteLine "Card Type:                  "& cardType
  objTextFile.WriteLine "Card Number:                  "& CreditCardNumber
  objTextFile.WriteLine "Security Number:                  "& CreditCardSecurityNumber
  objTextFile.WriteLine "Customer Code Number (required for all purchasing cards):                  "& CustomerCodeNumber
  objTextFile.WriteLine "Exp. Date:                  "& expirationDate
  objTextFile.WriteLine "Name on Card:                  "& CardName
  objTextFile.WriteLine ""

  Mailer.PGPPath = "e:\userbin\pgp.exe"

  Mailer.PGPParams = " -a -t -w " & plaintextFN & " Mark -o " & encryptedFN

   if Mailer.GetBodyTextFromFile(encryptedFN, true, false) then
          if Mailer.SendMail then
<!--#include file="_sent.inc" -->
                if not Mailer.SendMail then
                       if Mailer.Response <> "" then
                             strError = Mailer.Response
                             strError = "Unknown"
                       end if
                 Response.Write "Mail Failed. Reason: " & strError
                end if
          end if
          Response.Write "<h2 align=center>Error: Failure with encryption or with file access...</h2>"
  end if

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

LunaLibbyAuthor Commented:
The person receiving these pgp files did have a password to decrypt them. However, I'm no sure that this is the best way to insure security or if the best way would be to leave the information on the web server. If a form is submitted using ssl and the submitted content remains on the server as a file, would that file have to a decryption key to be read by the person opening it?

We have our site on a Microsoft server which only allows 1 password/user id to be used.
Ok so that code is using PGP commandline with options that will result in an ASCII Armored File (ie the .asc filetype). It is not using any sort of key or passphrase to protect this file. This means that your data will be encoded in transit, making it impossible to piece together without the whole file, but the recipient will not need any kind of identification to decrypt. Also, if someone can intercept the entire message it will be compromised. I would say that this is not very secure at all. Encryption for sensitive data should always force the recipient to prove "who" they are with credentials and is more and more common to require them to "have" something like a key to prove who they are.

Again, I would recommend hosting the file and requiring the recipient to have some kind of credentials to access it. Obviously passing the credentials in the notification e-mail would not be appropriate, but providing this via phone or snail mail would be acceptable.

Does this help answer your question? If not, what more would you like to know?
LunaLibbyAuthor Commented:
Sorry. I'm not being very clear due to my inexperience in this area. You have answered some of my question but I think I confused the matter for you. First the OLD online forms which I sent you information about, were asp files that used PGP. The person who received these emailed forms has a PGP key to decrypt the files. However, these forms are no longer used. They were abandoned when we moved our site to our new web host.

The forms I'm currently working with use PHP coding. I haven't added PGP security to them yet and am not sure if I should attempt it or if PGP will even work with PHP scripted forms. I have been reading that PGP encryption isn't really secure when used with online, emailed form submittal. But I don't know if this is true or not.

Before I proceed attempting to add PGP coding to the new PHP forms I need to know whether it will work with PHP AND whether it will actually secure the emails (assuming my coding is applied correctly).

If it won't work, or isn't secure then I need another alternative that will assure me that the form is encrypted for everyone EXCEPT the person who is supposed to be viewing the file AND will be a very easy way for this person to retrieve the submitted information.

This person can be given a password to FTP to the site but it will be the same password/id as the admin of the site (me) so I'd like to add another layer somehow. Unfortunately, because we are hosted on a Windows Server, our webhost only allows for this one password/id.

So, I guess my general question can be broken into the following mini questions:

Will PGP encryption really secure an emailed form?
Can PGP be added to a PHP form?
If the emailed form is bounced from the web host to several intermediary mail servers before it gets to its destination is it encrypted all the way?
Is there a way to just keep the submitted form content on the web host and allow the person responsible for retreiving the data to securely retrieve the content directly from the host (FTP? Download file? View Result in Browser Window?) without giving anyone else access?
Is there another, better solution?

PGP encryption is secure for any type of e-mail, and is a good solution for e-mail encryption. In your case I would recommend GnuPG (GPG). It is a freeware version of the PGP encryption scheme.

PGP can work with PHP just as it works with ASP. See an example here: http://www.alt-php-faq.org/local/65/

Intermediary servers will have access to only the PGP message block which is encrypted and would require the associated private key to decrypt. As long as the private key is kept secure (ie valid users have it, others can't get it).

Depending on the type of data you are presenting, it seems that you could host a page that presents the data from a database. This would allow you to require authentication into the page and then the app would show data from the database. The only other way would be to parse whatever type of file you have(what format is this file anyway? Just text?) and represent it as HTML. If it is just text, this should be easy, if it is PDF, I think this is impossible.

Those 2 solutions truly seem like the best for me. If the file you want to present is very basic (ie text), it should be programmatically basic to read in from the file, present the corresponding HTML on the page, and then make sure the page requires whatever kind of authentication you want. The PGP solution may be more complex if you have a simple file type to present, but may be the only option if it is a complex file.

Need more specifics somewhere here? Just let me know.
LunaLibbyAuthor Commented:
Thanks. That is very helpful and points me in a direction for my next step.

The form information submitted is just text at this point. Now that I know that PGP is secure and can work with PHP, I'll try to add it to the form in question and do some testing. I may need more help on this part later. We currently own a PGP package that I'm hoping is still valid to use since it was purchased in 2000.

If coding the form to be emailed using PGP  proves too difficult for my skill level, I'll go the route of representing the page as HTML with a login of some sort. The only problem I see with this is that the user who retrieves the information, will have to somehow get it off the html page and into a database she maintains on a local server. She is resistant to having to do anything that might be extra work.

I'll leave this ticket open for a little longer to see if there are any other responses that might give me more insight.
LunaLibbyAuthor Commented:
Any more clarifying comments or opinions would be appreciated.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now