[ic] GPG how-to for hosted servers

David xxxxxxx interchange-users@interchange.redhat.com
Mon Dec 24 19:28:01 2001 

Wow, I finally got this to work!  After following these instructions I was
initially receiving a blank order.  The headers were there, but there was no
body in the message.  I removed the mime types as you suggested, but the
body then consisted of a single zero.

I was reading back through the rest of the suggestions on this topic and
noticed one from Simon that had a step I had made a mistake on.  Here is a
short clip from his instructions:

***************************
Import this public key on the interch users ring on the server using:
gpg --import [filename.asc]
(as the interchange user)
***************************

When I imported the key into the ring, I did it under the wrong account.  As
soon as I imported this into the interch account, I was able to receive the
encrypted e-mail.

I know part of the confusion is that never in my life have I actually used
encrypted e-mail of any kind.  On top of that, I didn't understand the
concepts behind the rings, etc until I read about them on the gnupg website
this afternoon.

Thanks so much for your help.  Now I just have to figure out how to use the
private key to decrypt this thing in Outlook 2000.  :o)

Thanks!

Regards,

David xxxxxxx
dxxxxxxx@cyber3dnet.com



-----Original Message-----
From: interchange-users-admin@interchange.redhat.com
[mailto:interchange-users-admin@interchange.redhat.com]On Behalf Of
Patrick J. Walsh
Sent: Monday, December 17, 2001 3:26 PM
To: interchange-users@interchange.redhat.com
Subject: [ic] GPG how-to for hosted servers


    Since I didn't find any help like this in the archives, I thought I
would give a brief description of what I did to get GPG encryption working
for me in a shared environemnt.

    I can't afford a nice hosting solution such as with RedHat, so I am
using a hosting provider that uses CPanel to manage multiple virtual domains
and services.  One of the services that they offer is Interchange 4.8.2.
They also have GPG 1.0.6 installed.  Unfortunately, getting the provider to
do things like install a key in the interch user's key file is next to
impossible.  Here's the workaround that worked for me:

    First, you need to make sure gpg is installed and available to you.  Try
using the command `whereis gpg`.  Then create your keys for the account that
you will encrypt to using a command like `/usr/bin/gpg --gen-key`.  [Note: I
created two keys, one to encrypt the orders to and one to encrypt the credit
card info to.  You may wish to do the same.]  I'll assume that the key you
made has the e-mail address orders@example.com.  Make sure you know where
your keys were placed.  Probably they were put in this directory:
/home/your-user-name/.gnupg/.  Now make sure you can use the key properly by
using this command:

echo "testing" | /usr/bin/gpg --no-default-keyring --always-trust --keyring
/home/your-user-name/.gnupg/pubring.gpg -e -a --batch -t -r
'orders@example.com'

    If it works, great, if not, you need to look into the gpg documentation
and the gpg newsgroups and mailing lists to fix it before proceeding or
bothering the interchange folks.

    The next step is setting your variables properly.  To do this, use the
admin interface and go to Administration->Preferences->Encryption.  If you
don't have all of the variables listed below there, then you should create
them just to be consistent with these instructions.  Use the New Entry
submenu item.

ENCRYPTOR    <blank>
PGP    /usr/bin/gpg --no-default-keyring --always-trust --keyring
/home/dyna-q/.gnupg/pubring.gpg -e -a --batch -t -r '%s'
PGP_CC_KEY    orders-cc@example.com
PGP_KEY            orders@example.com

[Note: make the PGP_CC_KEY the same as PGP_KEY if you want to encrypt the
credit card info to the same key as the overall message.]

    Finally, edit your catalog.cfg file.  Search for the EncryptProgram and
EncryptKey lines.  If they exist, edit them, otherwise, add them before the
routes start:

EncryptProgram __PGP__
EncyptKey __PGP_KEY__

    then search through the rest of your file for Route main and make sure
the following entries are set:

credit_card    1
encrypt        1
encrypt_program    "__PGP__"
email        '__ORDERS_TO__'
pgp_cc_key    "__PGP_CC_KEY__"
pgp_key    "__PGP_KEY__"

    I also went through the etc/report file and removed all of the mime
types as it was causing problems for me.  GPG was encrypting the mime parts
and separators and my e-mail software didn't see the message.

    If you're having problems at this point, you'll want to look at the gpg
error messages.  In my environment, this was not simple as I did not have
root, or even interch access.  The logs are stored in the tmp/ directory as
pgp*.err.  In my case, I didn't have permissions to read these files.  To
circumvent this, do the following:

    First, figure out which file is the most recent that you want to look at
by typing `ls -lt *.err |head` -- probably the first entry is the one you're
after.  Next, go to the admin interface and navigate to Content.  Select
'..' then 'tmp' and choose the file you are interested in from the list.
This will give you the details of any errors that gpg is spitting out.
Ignore the insecure memory errors, the don't stop gpg from doing anything.

    And that's how you use your own keys in a hosted/shared environment.
Good luck.

..Patrick

Keywords: GPG, CPanel, Hosted, Shared, Virtual Domain, Permissions, Encrypt,
PGP, ENCRYPTOR

_______________________________________________
interchange-users mailing list
interchange-users@interchange.redhat.com
http://interchange.redhat.com/mailman/listinfo/interchange-users