Impossible tri-bar

Digital Phenomena - Your first stop for internet consultancy 
Data Encryption Tutorial — Lesson 1

Page 4 — Getting Started with GnuPG

If you decide to use the open-source GnuPG software, you have to do two things: You need to put GnuPG on your Web server (to encrypt) and place GnuPG on the recipient's machine (to decrypt). To get started, visit and download the proper version based on your operating system. Then follow the installation and key-creation procedures outlined in the GnuPG documentation.

Once you've followed the installation and key-creation procedures outlined in the GnuPG documentation and you have received (or created) a valid public key for the person who is to receive encrypted data, there's one more step that could get a little tricky. In this tutorial, PHP scripts will invoke the encryption process, and the public key has to be on the key ring of the user invoking the encryption. On the Web server, PHP usually runs as user "nobody" or "www" or as the user for your Web server. It could even be your own login name. Whichever user is assigned to PHP/the Web server, "nobody", "www," etc. must have a GnuPG key ring, and that key ring needs to contain the public key for any person to whom you wish to send encrypted mail by using PHP to invoke the encryption process.

Most ISPs have PGP rather GnuPG installed, so check with your system administrator regarding the availability or installation of the software on the server side. Otherwise, if you have the GnuPG software on your server, follow the steps below to add a key to the key ring on the system.

1. Export an ASCII version of a user's public key, following the steps in the GnuPG documentation.

2. Upload the public key text file to the PHP user's directory on the server (/home/www/, for example).

3. Log on to your Web server via telnet or SSH, or walk over to it and type at the keyboard if you are so lucky.

4. Become the PHP user. This step could involve the su command, such as: su www.

5. Add the key to the key ring: gpg --import /path/to/keyfile.

6. Edit the key to assign a trust level: gpg --edit-key [keyname]

7. At the gpg command prompt, type "trust".

8. Select "I trust fully."

If you're stuck on any of these steps or if you don't have access to the key ring of the PHP user, contact your system administrator. Otherwise, you can move on to Invoking Public-Key Encryption.

next page»

|Home|About Us|Services|Search|
W3C validatedW3C validated CSSCompatible with all browsers