I am looking for suggestions for either a perl or php form script that uses PGP or GnuGP to encrypt data before being sent out.

To encrypt the entered data at the user end before it's returned to the server, you're user would have to have PGP or GPG installed and configured on their machine and in a predictable location that's the same on every machine.

Why not just use SSL for the form page?

Originally posted by NyteOwl
[B]To encrypt the entered data at the user end before it's returned to the server, you're user would have to have PGP or GPG installed and configured on their machine and in a predictable location that's the same on every machine.Are you sure? I don't agree, since PGP (or GnuPG) uses the key on the server to encrypt the form data as submitted. It is not encrypted via PGP on the user end at all.

Why not just use SSL for the form page? This would only encrypt the data between the user and the connected server, not the form results (as email). Using SSL *and* PGP, you can keep the data fairly safe from prying eyes.

As for a PERL solution to this, you could try soupermail. I've gotten this to work with PGP and GnuPG.

If you wait to encrypt at teh server end what is the point? I thought the idea was to protect the form info in transit.
as he said "before the data is sent out" .If you send it back to the server in the clear you get no benefit of encryption.

Ok, if you just want to encrypt the returned data on the server, then I imagine it would become trivial to write a script to do so. PHP even has blowfish capability "wired" in so that would be an option as well.

Originally posted by NyteOwl
If you wait to encrypt at teh server end what is the point? I thought the idea was to protect the form info in transit. If you re-read what I wrote, I explained that. You can't encrypt the data (apart from SSL encryption from user to server) using PGP via form. The method is: use SSL to connect to the server creating an encrypted 'session'. Fill out a form normally, which is submitted to PGP/GPG for encryption using the key on the server. Message gets "sent out" encrypted, and can only be decrypted using the corresponding key that the recipient created when he created the public key that was used to encrypt at the server level.

as he said "before the data is sent out" .If you send it back to the server in the clear you get no benefit of encryption.
You aren't sending anything 'back to the server' in the clear. The connection between you and the server is encrypted via SSL. The form data gets submitted to the PGP executable from that form directly.

Thanks bear that is what I am looking for. I will have a form on a secure/SSL connection for the user to fill out. Then have the data encyrpted with GnuGP and emailed to me where it can be de-crypted offline.

No problem Rox off, happy to help.

He didn't say that initially however. Nowhere in what I replied to does he mention the connection is already SSL.

Now that he has been more explicite, then writing a script to do what he wants should be trivial.

Originally posted by Odd Fact
I will have a form on a secure/SSL connection for the user to fill out. Then have the data encyrpted with GnuGP and emailed to me where it can be de-crypted offline. Would you be willing to post the code (and "how to" instructions) for doing this?

In my cpanel, I see the GnuPG option, but I have no idea how to actually use it once I have created a "public and pricate" key, etc...

Thanks!

Originally posted by mrzippy
Would you be willing to post the code (and "how to" instructions) for doing this?

In my cpanel, I see the GnuPG option, but I have no idea how to actually use it once I have created a "public and pricate" key, etc...

Thanks!



Yes, instructions would be great! Where can we find them?!?!


Catherine

would be helpful to see some sample for a project of mine as well ...

thanks.

www.gnupg.org
Guess should be somewhere there. We have the same problem and are trying to solve it.