August 9th, 2002, 02:22 PM
GNUPG (GPG) on Windows/IIS
I'm trying to set up GNUPG (GPG) on a Windows/IIS platform so that I can encrypt, then e-mail, data submitted in HTML forms over an SSL connection. GPG seems to be forcing me to keep my private key on the web server though in order to operate. This doesn't seem like a good idea. I just want to be able to encrypt with the public key on the web server. The private key would be held by the organization that the data is being e-mailed to. Needless to say, I don't want the private key anywhere near the web server. Any advice on setting up GPG on my web server to perform the encryption I've described without the private key being present is welcome.
Thanks in advance
August 10th, 2002, 07:57 AM
I think you've misunderstood how public cryptography work.
Example (We'll use good ol' Alice and Bob):
Alice has one private and one public key.
Bob got one private and one public key.
Bob import Alice public key into his key chain.
Alice import Bobs public key into your key chain.
Alice encrypts a mail to you Bobs public key.
Bob decrypt the message using his private key.
You see, once the message is encrypted by Alice with Bob's public key she can't decrypt it, even though she was the one doing all the encrypting. For this, only Bobs private key will do.
So, translating this to your problem it would be:
Your web server imports your public key. And you import the web serverís public key. The web server encrypts a message and sends it off to you. You use your private key to decrypt it.
The only danger with having the web serverís private key on the web server is that if someone hacks your computer, they can forge messages. It won't compromise the safety of the encrypted messages though. The same goes for your computer though, if someone "borrows" your computer, they can send encrypted mails from it pretending to be you.
Only way of protecting against this is keeping the servers in a locked room and keep up the general security which you should have during normal operations anyway (update system frequently, use a firewall, implement IDS (or NIDS, or both), have some sort of file system integrity check, review your logs regularly etc.) which I hope you or whomever are in charge of the servers are doing already.
As I read your message, I got the impression you weren't interested in authentication anyway, so this security hazard may not apply to you, in which case you have nothing to worry about at all.
For a basic and easy to follow description on how public and private cryptography work, look here: http://www.geekgirls.com/net_publick.htm
Last edited by Fjodor; August 10th, 2002 at 08:01 AM.
August 11th, 2002, 07:51 PM
Thanks for your reply Fjodor. I don't have much experience with cryptography applications, but I have researched it and do understand the concept of public key cryptograpy pretty well (despite my apparent naivete).
You're right though, I misconstrued the situation. I should have been able to figure this out . . . . Like you said, I should just make a user in GPG to represent my web server and import the public key of the client that will be receiving the messages.
I don't administer the system and don't have any influence on any of the things you mention, so I hope the administrator is doing those things too! It's a Windows/IIS/ColdFusion setup, so security is pretty flimsy I think. For example, I'm pretty sure that a ColdFusion script can access pretty much any file because there are no permissions.
You're right, I'm not really concerned with authentication. I'm using encryption in this case to protect information, such as credit card data, submitted by users of my client's website and e-mailed to them. If someone did get the private key of "the web server" I don't think there's much they could do with it. Even if they used it to sign messages sent to the client, if something really off the wall came through, they would realize it.
Thanks, I appreciate your explanation, suggestions, and link.