httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brent 'Dax' Royal-Gordon <br...@brentdax.com>
Subject Re: [users@httpd] Encrypting things
Date Mon, 17 May 2004 01:11:18 GMT
Jim Sabatke wrote:
> Thanks for the detailed response.  One more question, and I'm just 
> learning about web technology, how about asking for a password and then 
> using that to decrypt a file?

Sure, you could do that.  By far the easiest way to do so would be to 
use a CGI script, but that's not really in Apache's realm.

I suggest you look at the GPG (GNU Privacy Guard) package, and on Perl 
the Crypt::OpenPGP module.  You should be able to use GPG to create a 
passphrased key and encrypt your file, and then write a CGI script with 
Crypt::OpenPGP to prompt for the passphrase and decrypt with it.

If you need help with CGI, the newsgroup 
comp.infosystems.www.authoring.cgi can probably give you a few pointers; 
GPG has a website at <http://www.gnupg.org> that should be able to help 
you with that tool.

Remember, though, that since your passphrased key will have to be 
visible to the CGI script, your encryption will only be as good as your 
passphrase.  You will need to choose an exceptionally strong passphrase 
to get any sort of security.

Also note that, if it's transmitted over standard HTTP, your nominally 
encrypted file will pass through the entire Internet as cleartext. 
You'll need SSL to combat that threat.

-- 
Brent "Dax" Royal-Gordon <brent@brentdax.com>
Perl and Parrot hacker

Oceania has always been at war with Eastasia.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message