Anybody actually have GnuPG encrypted froms wroking?

[HappyPappy]

I have spent about a fortnight on this, read every post on the subject contained here and investigated a ton and a half of support information on both PGP and GnuPG.

Reason I'm posting here is simply to ask if ANYONE has actually every been successful using GnuPG to encrypt the contents of a HTML form so they can decrypt it on their local machines.

Cheers

 

[itf]

[quote:c59850cab4][i:c59850cab4]Originally posted by HappyPappy[/i:c59850cab4]

I have spent about a fortnight on this, read every post on the subject contained here and investigated a ton and a half of support information on both PGP and GnuPG.

Reason I'm posting here is simply to ask if ANYONE has actually every been successful using GnuPG to encrypt the contents of a HTML form so they can decrypt it on their local machines.

Cheers[/quote:c59850cab4]
refer to these threads I wrote about GnuPG in more details:

http://forums.cpanel.net/read.php?TID=4867&page=1

http://forums.cpanel.net/read.php?TID=5389&page=1

also refer to this cgi this is an example of gpg formmail also you can download and use it http://www.p-kotech.com/secureorder.html

 

[PT109]

Short answer . . . . no

I see you're tackling something we have spent quite a while on. I have to tell you I know of nobody that's got this happening. We have given up on it - but that doesn't mean to say it's a dud cpanel feature - but for us it's turned out that way, however we are only a reseller so don't have the luxury of attacking the server via root all the time.

I know how frustrated you may be so I'll take a bit of time to shell out out progress -

The first thing we discovered is support/advice is pretty light on the ground. The above two posts from itf are perhaps the best you are likely to get. You will find heaps on GnuPG but little on really getting the thing to work with an HTML form.

The next thing is scripts to handle the form ourput parsing it to .gnupg are also not exactly in plentiful supply.

We spent about three days with SimpleSecure.cgi and gave up after the 1,000 th - &sorry, for some reason no content found& message&.

We then went to the form itf mentions above. Again the same output.

These two cgi's are based off FormMail1.6 so there was always going to be the question about whether we were happy using these once we got going - but as it turned out we never had to face this decision.

To encrypt and decrypt we tried WinPT - a nice little program but we found it could not trigger the key it made nor the keys CPanel made.

Next we tried PGPFW7.03zip which integrates with Outlook Express and is complete with latest version of gnupg. This is an awesome little program and the keys it made we easily imported into CPanel.

Again, no luck.

I don't like posting negativity but thought that this might save you some time. I think the fact that nobody has posted a message in here to say they have it working speaks for itself.

If you want more info, email me and I'll send you all I had done before I put my monitor through the kitchen window!!

 

[HappyPappy]

thnx

Thnx itf and pt109,

We are with liveplanets.com and they have helped us by setting permissions on our home/us/.gnupg to drwx---rwx. Is this correct?

If anone knows what should the permission settings be for the main gnupg and home/us/.gnupg this would be appreciated. Error log points to a permission problem. Our cgi script is working as we too are getting form result emails with &Error: no content found&.

Could be barking up the wrong tree, but its the only one left.

Cheers

 

[HappyPappy]

Yep, we also using PGPfreeware7.0.3.exe. Like it cause it works well within OutLook Express and no probs with exporting or importing keys to and from CPanel.

Any suggestions to get GnuPG working would be appreciated.

Cheers

 

[mikerayner]

My bank is using OBS/IBQ banking software (in commercial it has different name) and there is a feature that uses PGP or GnuPG for transactions (only for US customers?), it has a client setup feature that when I got it configured my server and it's working , (however that featue is no longer offered ? )

As I know that software (OBS/IBQ) has been developed by ITF in this forum (as a project manager)

please ITF let us know how to implement GnuPG

 

[itf]

[quote:470ef268d6][i:470ef268d6]Originally posted by HappyPappy[/i:470ef268d6]

I have spent about a fortnight on this, read every post on the subject contained here and investigated a ton and a half of support information on both PGP and GnuPG.

Reason I'm posting here is simply to ask if ANYONE has actually every been successful using GnuPG to encrypt the contents of a HTML form so they can decrypt it on their local machines.

Cheers[/quote:470ef268d6]

I’ve received so many emails asking for how to implement GnuPG,

I would like to answer as I wrote a how-to but there is a restriction by law,

Legal issues in general have hampered widespread use of cryptography technologies
Also In certain countries public use of cryptography is illegal

And the most important issue is:
This is a US based forum, Cryptography technologies are subject to the same export regulations and restrictions as munitions are, it consist of information and programs, thus as this forum is publicly used worldwide it would be considered as point of distribution or export that requires submission with authorities,

I cannot publicly post the how-to but,

There is an exception for US based businesses who can argue:
1) They are US based
2) There isn’t any restriction by law to you
3) The reason behind your usage

Also this law is for security reasons.

 

[HappyPappy]

Thanks you itf,

This sot of makes sense. To carry it to the next obvious level is the creation of a generic application form to US authorities to gain permission so we and our hosting clients can utilise GnuPG to handle HTML payment forms.

Perhaps could be included with WHM/CPanel documentation, ready to be completed and sent. I am sure the use of the publically available GnuPG technology so website owners can obtain credit card information from a HTML form on a website will meet with approval.

Check out this post from VentureOnline, it's the only one I have ben able to find that addresses the issue of customers trying to work with GnuPG to get a HTML form to work on a website: http://www.venturesonline.com/forums/showthread.php?s=321638377d3cc3115f3a774fd9d9f5df&threadid=2742&highlight=GnuPG

Would you be kind to provide the address so at least I can make a start with an applicaton to use GnuPG. I will post my progress in these forums.

Again, thank you for your time.

Cheers

 

[itf]

[quote:207e956a93][i:207e956a93]Originally posted by HappyPappy[/i:207e956a93]

Thanks you itf,

This sot of makes sense. To carry it to the next obvious level is the creation of a generic application form to US authorities to gain permission so we and our hosting clients can utilise GnuPG to handle HTML payment forms.

Perhaps could be included with WHM/CPanel documentation, ready to be completed and sent. I am sure the use of the publically available GnuPG technology so website owners can obtain credit card information from a HTML form on a website will meet with approval.

Check out this post from VentureOnline, it's the only one I have ben able to find that addresses the issue of customers trying to work with GnuPG to get a HTML form to work on a website: http://www.venturesonline.com/forums/showthread.php?s=321638377d3cc3115f3a774fd9d9f5df&threadid=2742&highlight=GnuPG

Would you be kind to provide the address so at least I can make a start with an applicaton to use GnuPG. I will post my progress in these forums.

Again, thank you for your time.

Cheers
[/quote:207e956a93]
If you are inside the US no approval is necessary unless you want to export to outside the United States that they will ask you to remove cryptography from your software or restrict it and reduce the safety.

Also if you are not inside the US it is not necessary to get any approval from US authorities you have to refer to your local law if it permits usage of cryptography for the public you are free to use it i.e. in France public use of cryptography is illegal

What I wrote in my last post in this thread is about this forum, I cannot post a step-by-step how to that teaches every newbie to use cryptography, it is restricted by export controls, however may be you are not under export control but when I post it here everyone can read and use it.

However it is Nick who can decide either want to be a point of distribution of cryptography or not.

 

[HappyPappy]

Thnx again itf,

We are in Australia, one of only a handful of countries that enjoy a very strong highest level bond with the US in many areas, especially in security matters. And our local laws do allow the use of low level encryption in the public arena.

However, your point about posting a how-to is a good one. The responsibility for this, as you indicate, is with the client who may have to shoulder the responsibility if they provide a how-to to their hosting clients that are located outside &an approved country/area&.

I do, however, feel GnuPG is an excellent feature of the WHM/Cpanel product. Allowing our hosting clients to place HTML forms on thier websites to receive credit card information safely and securely is not only VERY much in our own interests, but also in the interests of the public utilising the internet and will serve to sure up wavering confidence in online e-commerce activity.

For instance, how many sites do you know put payment (or similar) HTML forms on SSL and promote it as being safe and secure, this is a huge misconception and only contributes to massive fraud problems which totally undermines consumer confidence in our industry.

In Australia a Merchant account is separate to a credit card payment gateway and is given by a bank. If you have a merchant account you can receive credit card info from your site (or over the phone), physically enter info in a payment slip and physically deliver it to the bank. No credit card gatway means no massive set up fees, no monthly fees etc etc, so its a very economical way of handling online transactions, even though it a bit of a pain. However, to get a merchant account for this use you actually have to prove to the bank the credit card info you receive from your site is from a form that is located on SSL, and form output contents is itself encryted. This is resonably new (SSL + content encryption) and has been implemented by banks to help counter credit card fraud at this level.

To this end I would have thought the CPanel GnuPG component has the potential to be a key (punn intended) selling point for the product and thus, our respective hosting operations.

It also obviously enables us to be competitive with other non-CPanel hosting operations offering similar HTML transmission security through other (and sometimes the same) means.

So, where am I headed? I'm not sure. I think the first obvious step is to find out if the free GnuPG is banned in any country and if so what country. While I am no expert I know GnuPG is an approved encryption for public use and is considered a reasonably low form of encryption technology when compared to that which is used in both the private and government sectors the world over, ie banks and financial institutions.

Perhaps Nick could possobly make a comment here as I think a fully supported implementation of GnuPG (together with supporting documentation) would be a huge plus for WHM/CPanel, our clients and the internet in general, if of course it is O.K. to do so.

Cheers

(Sorry for the long post but I think this subject is worthy of some discussion and consideration)