Blog Menu

OpenPGP Encryption PDF Print E-mail
(4 votes)
Saturday, 12 September 2009 08:32

Recently while working on a project for a large pharma company I was asked to investigate how we could encrypt emails on one server, deliver them securely, and then decode them on a second server. I knew there was a project called OpenPGP and so I started investigating...

It turns out that this is rediculously easy to use! Once you've installed OpenPGP and Crypt_GPG the process is not tricky.

  1. Create a key - the public part to encrypt your email, the private part to decrypt it on the other server.
  2. Create an email form (on SSL page), pass form results to a separate php script to handle it.
  3. Show form results to user, encrypt form data, send encrypted email
  4. Using the private key, either decode the email on arrival, or use another form.

The results are usable and effective! Go have a look at my OpenPGP test script in the sandbox and enjoy sending yourself some 2048bit secure emails!

I've included the important bits of the code below just incase it helps anyone out.

 

Encrypting the form

$message = "Format your email message here from the form data";
$gpg = new Crypt_GPG(array('homedir' => '/home/.gnupg'));
$gpg->addEncryptKey(' This e-mail address is being protected from spambots. You need JavaScript enabled to view it ');
$message = $gpg->encrypt($message);
$headers = 'From: yourserverfromemail@yourdomain' . "\r\n" .
'Reply-To: yourserverfromemail@yourdomain' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($attn, "OpenPGP Encrypted Email", $message2, $headers);

Decrypting the message

if (!isset($_POST['message'])) {
echo "<form method=\"post\" action=\"decrypt.php\">
<textarea name=\"message\" rows=\"4\" cols=\"40\"></textarea><br />
<input type=\"submit\" value=\"Submit\" />
</form>";
} else {
require_once '/home/php/Crypt/GPG.php';
$gpg = new Crypt_GPG(array('homedir' => '/home/.gnupg'));
$gpg->addDecryptKey(' This e-mail address is being protected from spambots. You need JavaScript enabled to view it ' , 'keypassword');
$decrypted = $gpg->decrypt($_POST['message']);
echo "$decrypted";
}

Comments
Add New Search
Write comment
Name:
Email:
 
Title:

3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."