How can I make an emailed form secure?

Posted on 2007-10-10
Last Modified: 2008-02-01
My company was using PGP to secure online emailed forms sent from a website that had a security certificate. We have since changed web hosting and have redesigned the site. I am in the process or recreating the forms and want to make sure they are secure when emailed. I'm working from the base of what was used before but I have read that pgp isn't really secure especially when submitting charge card info.

The forms I've redesigned use PHP scripting. I have a GeoTrust security certificate on the site. I'm wondering if I add PGP scripting back into the forms will they really be secure?  The forms in question will have charge card information.

Is there some other avenue I should be looking at (example: not emailing the forms but leaving them on the site with an email notification to download them from the site). The forms must not only be secure  when submitted but the person receiving the information must receive it in a way that doesn't create other problems or difficulty.
Question by:LunaLibby
    LVL 6

    Assisted Solution

    How exactly was your application sending these forms using PGP? Using PGP to secure e-mails would require that the application be able to look up a private key associated with the recipients e-mail and thereby encrypt the e-mail to that person. Under this scenario, PGP is very secure. The problem presented there is that you will need to have a key created and stored for every possible recipient and the recipient will have to have some way of decrypting a PGP encrypted e-mail message (ie a desktop client installed that can hook with Outlook or other e-mail app).

    Now that is under the assumption you were actually sending PGP e-mails and not just zip the information into a PGP zip file attachment, in which case it will only be secure as the universally used password for the file.

    I think that hosting the file online and sending a notification is a very secure method IF(notice big IF) the recipient will have to provide some kind of personal identification or credentials to access the online resource. If you can force them to provide credentials, then this method would certainly be the simplest as well.

    Let me know if this doesn't make sense with your situation.
    LVL 6

    Assisted Solution

    Correction: "private key" should read "public key"

    You need a recipients public key to send them an e-mail, they need their private key to decrypt.

    Author Comment

    I'm not sure how it was happening as this was before my employment. The previous forms were asp files, used a different mailer, and had this coding in them. (I've deleted some of the information that is field specific and repetitious).

    I will have to revise this coding to make it work with my version of php scripted forms but I am not familiar with how/what to do and am wondering if it will really be secure or just "look" secure if I do get the coding correct.
    Set Mailer = Server.CreateObject("SMTPsvg.Mailer")

      Mailer.FromName = Request.Form("Name")
      Mailer.FromAddress = Request.Form("email")

      strMailHost = ""
      Mailer.RemoteHost = strMailHost

      Mailer.AddRecipient "xxx xxxx", ""

      Mailer.Subject = "Conference Registration"

      Mailer.Priority = 1
      Mailer.Urgent = true

      plaintextFN="e:\www\users\southern\conference\pgp\"& randFN &".txt"
      encryptedFN="e:\www\users\southern\conference\pgp\"& randFN &".asc"
      Set objFSO = CreateObject("Scripting.FileSystemObject")
      Set objTextFile = objFSO.CreateTextFile(plaintextFN, true)


      objTextFile.WriteLine "Name:                        "& Name
      objTextFile.WriteLine "Title:                        "& Title
      objTextFile.WriteLine "Name Preferred on badge:      "& preferredName
      objTextFile.WriteLine "Dep/Division of Company      "& Dept
      objTextFile.WriteLine "Company:                  "& Company
      objTextFile.WriteLine "Address:                  "& Address
      objTextFile.WriteLine "City:                        "& city
      objTextFile.WriteLine "State:                        "& state
      objTextFile.WriteLine "Zip Code:                  "& zip
      objTextFile.WriteLine "Phone Number:                  "& phone
      objTextFile.WriteLine "Fax Number                  "& fax
      objTextFile.WriteLine "Email Address:                  "& email
      objTextFile.WriteLine ""
      objTextFile.WriteLine "Total Amount:                  "& Total_Amount
      objTextFile.WriteLine ""
      objTextFile.WriteLine ""
      objTextFile.WriteLine "Bill my credit card $"& Credit_Amount
      objTextFile.WriteLine "Card Type:                  "& cardType
      objTextFile.WriteLine "Card Number:                  "& CreditCardNumber
      objTextFile.WriteLine "Security Number:                  "& CreditCardSecurityNumber
      objTextFile.WriteLine "Customer Code Number (required for all purchasing cards):                  "& CustomerCodeNumber
      objTextFile.WriteLine "Exp. Date:                  "& expirationDate
      objTextFile.WriteLine "Name on Card:                  "& CardName
      objTextFile.WriteLine ""

      Mailer.PGPPath = "e:\userbin\pgp.exe"

      Mailer.PGPParams = " -a -t -w " & plaintextFN & " Mark -o " & encryptedFN

       if Mailer.GetBodyTextFromFile(encryptedFN, true, false) then
              if Mailer.SendMail then
    <!--#include file="" -->
                    if not Mailer.SendMail then
                           if Mailer.Response <> "" then
                                 strError = Mailer.Response
                                 strError = "Unknown"
                           end if
                     Response.Write "Mail Failed. Reason: " & strError
                    end if
              end if
              Response.Write "<h2 align=center>Error: Failure with encryption or with file access...</h2>"
      end if


    Author Comment

    The person receiving these pgp files did have a password to decrypt them. However, I'm no sure that this is the best way to insure security or if the best way would be to leave the information on the web server. If a form is submitted using ssl and the submitted content remains on the server as a file, would that file have to a decryption key to be read by the person opening it?

    We have our site on a Microsoft server which only allows 1 password/user id to be used.
    LVL 6

    Assisted Solution

    Ok so that code is using PGP commandline with options that will result in an ASCII Armored File (ie the .asc filetype). It is not using any sort of key or passphrase to protect this file. This means that your data will be encoded in transit, making it impossible to piece together without the whole file, but the recipient will not need any kind of identification to decrypt. Also, if someone can intercept the entire message it will be compromised. I would say that this is not very secure at all. Encryption for sensitive data should always force the recipient to prove "who" they are with credentials and is more and more common to require them to "have" something like a key to prove who they are.

    Again, I would recommend hosting the file and requiring the recipient to have some kind of credentials to access it. Obviously passing the credentials in the notification e-mail would not be appropriate, but providing this via phone or snail mail would be acceptable.

    Does this help answer your question? If not, what more would you like to know?

    Author Comment

    Sorry. I'm not being very clear due to my inexperience in this area. You have answered some of my question but I think I confused the matter for you. First the OLD online forms which I sent you information about, were asp files that used PGP. The person who received these emailed forms has a PGP key to decrypt the files. However, these forms are no longer used. They were abandoned when we moved our site to our new web host.

    The forms I'm currently working with use PHP coding. I haven't added PGP security to them yet and am not sure if I should attempt it or if PGP will even work with PHP scripted forms. I have been reading that PGP encryption isn't really secure when used with online, emailed form submittal. But I don't know if this is true or not.

    Before I proceed attempting to add PGP coding to the new PHP forms I need to know whether it will work with PHP AND whether it will actually secure the emails (assuming my coding is applied correctly).

    If it won't work, or isn't secure then I need another alternative that will assure me that the form is encrypted for everyone EXCEPT the person who is supposed to be viewing the file AND will be a very easy way for this person to retrieve the submitted information.

    This person can be given a password to FTP to the site but it will be the same password/id as the admin of the site (me) so I'd like to add another layer somehow. Unfortunately, because we are hosted on a Windows Server, our webhost only allows for this one password/id.

    So, I guess my general question can be broken into the following mini questions:

    Will PGP encryption really secure an emailed form?
    Can PGP be added to a PHP form?
    If the emailed form is bounced from the web host to several intermediary mail servers before it gets to its destination is it encrypted all the way?
    Is there a way to just keep the submitted form content on the web host and allow the person responsible for retreiving the data to securely retrieve the content directly from the host (FTP? Download file? View Result in Browser Window?) without giving anyone else access?
    Is there another, better solution?

    LVL 6

    Accepted Solution

    PGP encryption is secure for any type of e-mail, and is a good solution for e-mail encryption. In your case I would recommend GnuPG (GPG). It is a freeware version of the PGP encryption scheme.

    PGP can work with PHP just as it works with ASP. See an example here:

    Intermediary servers will have access to only the PGP message block which is encrypted and would require the associated private key to decrypt. As long as the private key is kept secure (ie valid users have it, others can't get it).

    Depending on the type of data you are presenting, it seems that you could host a page that presents the data from a database. This would allow you to require authentication into the page and then the app would show data from the database. The only other way would be to parse whatever type of file you have(what format is this file anyway? Just text?) and represent it as HTML. If it is just text, this should be easy, if it is PDF, I think this is impossible.

    Those 2 solutions truly seem like the best for me. If the file you want to present is very basic (ie text), it should be programmatically basic to read in from the file, present the corresponding HTML on the page, and then make sure the page requires whatever kind of authentication you want. The PGP solution may be more complex if you have a simple file type to present, but may be the only option if it is a complex file.

    Need more specifics somewhere here? Just let me know.

    Author Comment

    Thanks. That is very helpful and points me in a direction for my next step.

    The form information submitted is just text at this point. Now that I know that PGP is secure and can work with PHP, I'll try to add it to the form in question and do some testing. I may need more help on this part later. We currently own a PGP package that I'm hoping is still valid to use since it was purchased in 2000.

    If coding the form to be emailed using PGP  proves too difficult for my skill level, I'll go the route of representing the page as HTML with a login of some sort. The only problem I see with this is that the user who retrieves the information, will have to somehow get it off the html page and into a database she maintains on a local server. She is resistant to having to do anything that might be extra work.

    I'll leave this ticket open for a little longer to see if there are any other responses that might give me more insight.

    Author Comment

    Any more clarifying comments or opinions would be appreciated.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Being able to change email signatures is made really simple with email signature software and services.
    Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
    This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
    This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now