[ic] GPG how-to for hosted servers, follow up

[Patrick J. Walsh]

Anton,

	I think you are a little more responsive than my provider has
been.  My instructions were really a how-to for doing it without the help
of the provider.  It also allows for multiple keys for different order
types or for credit cards, etc.  But your way works too. :-)

..Patrick

On Mon, 17 Dec 2001, AddAction New Media wrote:

> Patrick, thanks for this great overview. I would like to comment on a few
> things as being a user and host with Cpanel accounts.
>
> Under Cpanel (Cpanel 4 installs 4.8.1), interchange is usually installed as
> user "cpanel" To setup the encryption for our customers we ask them to
> download an encryption program at:
> http://www.pgpi.org/products/pgp/versions/freeware/ Install this on their PC
> and create a key pair for their order e-mail like order@domain.com. Then
> they send us the Public Key and we import the Public Key to the .gnupg
> directory of Cpanel (since this is the User for Interchange in all
> catalogs). Then all they have to do is to put their key description/number
> in the PGP_KEY field in the admin section and it works. This might not work
> for all installations and you need the help of your host.
>
> Anton
>
> ********************
>
> AddAction.net
> E-mail: info@addaction.net
> www.addaction.net
>
> -----Original Message-----
> From: interchange-users-admin@interchange.redhat.com
> [mailto:interchange-users-admin@interchange.redhat.com]On Behalf Of
> Patrick J. Walsh
> Sent: Monday, December 17, 2001 4:26 PM
> To: interchange-users@interchange.redhat.com
> Subject: [ic] GPG how-to for hosted servers
>
>
>     Since I didn't find any help like this in the archives, I thought I
> would give a brief description of what I did to get GPG encryption working
> for me in a shared environemnt.
>
>     I can't afford a nice hosting solution such as with RedHat, so I am
> using a hosting provider that uses CPanel to manage multiple virtual domains
> and services.  One of the services that they offer is Interchange 4.8.2.
> They also have GPG 1.0.6 installed.  Unfortunately, getting the provider to
> do things like install a key in the interch user's key file is next to
> impossible.  Here's the workaround that worked for me:
>
>     First, you need to make sure gpg is installed and available to you.  Try
> using the command `whereis gpg`.  Then create your keys for the account that
> you will encrypt to using a command like `/usr/bin/gpg --gen-key`.  [Note: I
> created two keys, one to encrypt the orders to and one to encrypt the credit
> card info to.  You may wish to do the same.]  I'll assume that the key you
> made has the e-mail address orders@example.com.  Make sure you know where
> your keys were placed.  Probably they were put in this directory:
> /home/your-user-name/.gnupg/.  Now make sure you can use the key properly by
> using this command:
>
> echo "testing" | /usr/bin/gpg --no-default-keyring --always-trust --keyring
> /home/your-user-name/.gnupg/pubring.gpg -e -a --batch -t -r
> 'orders@example.com'
>
>     If it works, great, if not, you need to look into the gpg documentation
> and the gpg newsgroups and mailing lists to fix it before proceeding or
> bothering the interchange folks.
>
>     The next step is setting your variables properly.  To do this, use the
> admin interface and go to Administration->Preferences->Encryption.  If you
> don't have all of the variables listed below there, then you should create
> them just to be consistent with these instructions.  Use the New Entry
> submenu item.
>
> ENCRYPTOR    <blank>
> PGP    /usr/bin/gpg --no-default-keyring --always-trust --keyring
> /home/dyna-q/.gnupg/pubring.gpg -e -a --batch -t -r '%s'
> PGP_CC_KEY    orders-cc@example.com
> PGP_KEY            orders@example.com
>
> [Note: make the PGP_CC_KEY the same as PGP_KEY if you want to encrypt the
> credit card info to the same key as the overall message.]
>
>     Finally, edit your catalog.cfg file.  Search for the EncryptProgram and
> EncryptKey lines.  If they exist, edit them, otherwise, add them before the
> routes start:
>
> EncryptProgram __PGP__
> EncyptKey __PGP_KEY__
>
>     then search through the rest of your file for Route main and make sure
> the following entries are set:
>
> credit_card    1
> encrypt        1
> encrypt_program    "__PGP__"
> email        '__ORDERS_TO__'
> pgp_cc_key    "__PGP_CC_KEY__"
> pgp_key    "__PGP_KEY__"
>
>     I also went through the etc/report file and removed all of the mime
> types as it was causing problems for me.  GPG was encrypting the mime parts
> and separators and my e-mail software didn't see the message.
>
>     If you're having problems at this point, you'll want to look at the gpg
> error messages.  In my environment, this was not simple as I did not have
> root, or even interch access.  The logs are stored in the tmp/ directory as
> pgp*.err.  In my case, I didn't have permissions to read these files.  To
> circumvent this, do the following:
>
>     First, figure out which file is the most recent that you want to look at
> by typing `ls -lt *.err |head` -- probably the first entry is the one you're
> after.  Next, go to the admin interface and navigate to Content.  Select
> '..' then 'tmp' and choose the file you are interested in from the list.
> This will give you the details of any errors that gpg is spitting out.
> Ignore the insecure memory errors, the don't stop gpg from doing anything.
>
>     And that's how you use your own keys in a hosted/shared environment.
> Good luck.
>
> ..Patrick
>
> Keywords: GPG, CPanel, Hosted, Shared, Virtual Domain, Permissions, Encrypt,
> PGP, ENCRYPTOR
>
> _______________________________________________
> interchange-users mailing list
> interchange-users@interchange.redhat.com
> http://interchange.redhat.com/mailman/listinfo/interchange-users
>
>
> _______________________________________________
> interchange-users mailing list
> interchange-users@interchange.redhat.com
> http://interchange.redhat.com/mailman/listinfo/interchange-users
>