Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 77233 invoked from network); 17 May 2004 01:11:45 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 17 May 2004 01:11:45 -0000 Received: (qmail 99121 invoked by uid 500); 17 May 2004 01:11:29 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 99104 invoked by uid 500); 17 May 2004 01:11:28 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 99089 invoked by uid 98); 17 May 2004 01:11:28 -0000 Received: from brent@brentdax.com by hermes.apache.org by uid 82 with qmail-scanner-1.20 (clamuko: 0.70. Clear:RC:0(64.81.33.205):. Processed in 0.012189 secs); 17 May 2004 01:11:28 -0000 X-Qmail-Scanner-Mail-From: brent@brentdax.com via hermes.apache.org X-Qmail-Scanner: 1.20 (Clear:RC:0(64.81.33.205):. Processed in 0.012189 secs) Received: from unknown (HELO navi.architechies.com) (64.81.33.205) by hermes.apache.org with SMTP; 17 May 2004 01:11:28 -0000 Received: from [192.168.1.100] (helo=[192.168.1.100]) by navi.architechies.com with esmtp (Exim 3.35 #1 (Debian)) id 1BPWbT-0005l8-00 for ; Sun, 16 May 2004 18:07:39 -0700 Message-ID: <40A81136.9090500@brentdax.com> Date: Sun, 16 May 2004 18:11:18 -0700 From: Brent 'Dax' Royal-Gordon User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) X-Accept-Language: en MIME-Version: 1.0 To: users@httpd.apache.org References: <40A7C720.40904@execpc.com> <20040516223542.GA408@Dark-Age.local> <40A7EE85.7050708@execpc.com> <40A7F798.6030204@brentdax.com> <40A7FA5E.3010506@execpc.com> In-Reply-To: <40A7FA5E.3010506@execpc.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: hermes.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] Encrypting things X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Jim Sabatke wrote: > Thanks for the detailed response. One more question, and I'm just > learning about web technology, how about asking for a password and then > using that to decrypt a file? Sure, you could do that. By far the easiest way to do so would be to use a CGI script, but that's not really in Apache's realm. I suggest you look at the GPG (GNU Privacy Guard) package, and on Perl the Crypt::OpenPGP module. You should be able to use GPG to create a passphrased key and encrypt your file, and then write a CGI script with Crypt::OpenPGP to prompt for the passphrase and decrypt with it. If you need help with CGI, the newsgroup comp.infosystems.www.authoring.cgi can probably give you a few pointers; GPG has a website at that should be able to help you with that tool. Remember, though, that since your passphrased key will have to be visible to the CGI script, your encryption will only be as good as your passphrase. You will need to choose an exceptionally strong passphrase to get any sort of security. Also note that, if it's transmitted over standard HTTP, your nominally encrypted file will pass through the entire Internet as cleartext. You'll need SSL to combat that threat. -- Brent "Dax" Royal-Gordon Perl and Parrot hacker Oceania has always been at war with Eastasia. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org