If you decide to use the PGP family of software, there are
two parts to
the puzzle: You need PGP on your Web server (to encrypt) and
PGP on the
recipient's machine (to decrypt). The best place to start is
www.pgp.com, where you can follow
the links
to either download for free or purchase the pieces of the PGP
puzzle. If
you're using PGP for noncommercial purposes, it's free. If you're
using
PGP commercially, you must pay for it.
Once you've followed the installation and key-creation procedures
outlined in the PGP documentation and you have received (or created)
a
valid public key for the person who is to receive encrypted data,
there's
one more step that could get a little tricky. In this tutorial,
PHP
scripts will invoke the encryption process, and the public key
has to be on
the key ring of the user invoking the encryption. On the Web
server, PHP
usually runs as user "nobody" or "www" or as the user for your
Web server. It
could even be your own login name. Whichever user is assigned
to PHP/the
Web server, "nobody", "www," etc. must have a PGP key ring, and
that key
ring needs to hold the public key for any person to whom you
wish to
send encrypted mail by using PHP to invoke the encryption process.
Most ISPs have PGP installed on their Web servers, and you
may very well
have access to it for the encryption side of the equation. If
you don't
have direct control over the server, be sure to check with your
system
administrator about the availability of PGP and how to add keys
to the
public key rings of users. Otherwise, follow the steps below
to add a key
to the key ring on the system.
1. Export an ASCII version of a user's public key, following
the steps
in the PGP documentation.
2. Upload the public key text file to the PHP user's directory
on the
server (/home/www/, for example).
3. Log on to your Web server via telnet or SSH, or walk over
to it and
type at the keyboard if you are so lucky.
4. Become the PHP user. This step could involve the su command,
such as: su www.
5. Add the key to the key ring: pgpk -a /path/to/keyfile.
6. Assign a trust level to the key: pgpk -e [keyname].
7. Select "always trust."
8. Test this process by creating an input file that contains
something
unimportant, such as the line "I want to test this encryption
sequence."
9. Manually issue the command to encrypt the test file: pgpe
-r
[keyname] -o [output file] -a [input file].
10. When prompted to trust the key file, answer Y.
11. The output file will contain the encrypted version of
the text in
the input file.
If you're stuck on any of these steps or if you don't have
access to
the key ring of the PHP user, contact your system
administrator. Otherwise, you can skip ahead to Invoking
Public-Key Encryption.
next page»