Page 3 — Getting Started with PGP If you decide to use the PGP family of software, there are two parts to the puzzle: You need PGP on your Web server (to encrypt) and PGP on the recipient's machine (to decrypt). The best place to start is www.pgp.com, where you can follow the links to either download for free or purchase the pieces of the PGP puzzle. If you're using PGP for noncommercial purposes, it's free. If you're using PGP commercially, you must pay for it. Once you've followed the installation and key-creation procedures outlined in the PGP documentation and you have received (or created) a valid public key for the person who is to receive encrypted data, there's one more step that could get a little tricky. In this tutorial, PHP scripts will invoke the encryption process, and the public key has to be on the key ring of the user invoking the encryption. On the Web server, PHP usually runs as user "nobody" or "www" or as the user for your Web server. It could even be your own login name. Whichever user is assigned to PHP/the Web server, "nobody", "www," etc. must have a PGP key ring, and that key ring needs to hold the public key for any person to whom you wish to send encrypted mail by using PHP to invoke the encryption process. Most ISPs have PGP installed on their Web servers, and you may very well have access to it for the encryption side of the equation. If you don't have direct control over the server, be sure to check with your system administrator about the availability of PGP and how to add keys to the public key rings of users. Otherwise, follow the steps below to add a key to the key ring on the system. 1. Export an ASCII version of a user's public key, following the steps in the PGP documentation. 2. Upload the public key text file to the PHP user's directory on the server (/home/www/, for example). 3. Log on to your Web server via telnet or SSH, or walk over to it and type at the keyboard if you are so lucky. 4. Become the PHP user. This step could involve the su command, such as: su www. 5. Add the key to the key ring: pgpk -a /path/to/keyfile. 6. Assign a trust level to the key: pgpk -e [keyname]. 7. Select "always trust." 8. Test this process by creating an input file that contains something unimportant, such as the line "I want to test this encryption sequence." 9. Manually issue the command to encrypt the test file: pgpe -r [keyname] -o [output file] -a [input file]. 10. When prompted to trust the key file, answer Y. 11. The output file will contain the encrypted version of the text in the input file. If you're stuck on any of these steps or if you don't have access to the key ring of the PHP user, contact your system administrator. Otherwise, you can skip ahead to Invoking Public-Key Encryption. next page»