PGP Security & Formmail
PGP Security & Formmail |
| |
| · PGP encryption: an Introduction | ||
| · Getting Started at LiveZone | ||
| · Configuring your PGP Keyring | ||
| · Configuring your formmail forms |
This section provides an introduction to using PGP secure encryption with the standard formmail forms processor at LiveZone. PGP security is available to all LiveZone Web site hosting packages.
"If all the personal computers in the world - ~260 million computers - were put to work on a single PGP-encrypted message, it would still take an estimated 12 million times the age of the universe, to break a single message."
-- William Crowell,
Deputy Director of the the National Security Agency,
March 1997
PGP is a collection of software sold by Pretty Good Privacy, Inc (www.pgp.com) based on the RSA public-key encryption technology developed by RSA Data Security (www.rsa.com). RSA encryption is the benchmark encryption standard, and is also used in the Secure Sockets Layer (SSL) transaction encryption.
The most basic form of encryption has a single "key" that is used to both encode and decode data. Data encrypted with the key can be decoded by anyone else with access to the key.
RSA type public-key encryption provides greatlky increased security by requiring two keys: one to encode data, and a different key to decode the data. The scheme is refered to as "public key" encryption because traditionally, one of the keys is made publicly available to everyone, allowing anyone to encode data intended for the key's owner. The owner keeps the second (decode) key private, and is therefore the only one able to decode data encrypted with the public key. If you'd like to learn more, Netscape Communications Inc has a very nice overview of public-key encryption and its uses on the Web.
It is mathmatically possible to break RSA public-key cyphers, but it requires enormous amounts of computing resources. Increasing the length of key used exponentially increases the difficulty (and cost) of breaking an encrypted message. For most ordinary commercial purposes, 1024-bits keys are more than adequate; with the present mathmatical understanding of these algorithms, breaking such a key requires several hundred years years, in a process requiring use of every computer on earth. Our server also permits key lengths of up to 2048 bits, but the trade-off is that 2048-bit keys require about 8 times the CPU processing power as a 1024-bit key to both encrypt and decrypt.
Other than mathmatical issues of encryption, the main security risks involve protecting access to the private key, and ensuring that the public keys are distributed without being subject to forgery. Controlled access to the private key is important because it permits any data sent using the public key to be read. Authentification of the public key is important, because a forged key allows a "man in the middle" attack where data encrypted using the forged public key is intercepted (decoded with the private key belonging to the forged public key), then read or modified, re-encrypted using the correct public key, and forwarded to the owner of the real public key. The real owner has not way of discovering the interception through the decoded data alone.
When the email is sent from the formmail program, the contents of the email body are encrypted using a public key that was specified for that particular form. The email is then delivered just like any other email, except that it looks someting like the example below. Only the public key is stored on the LiveZone server, and it's stored within the directory-tree of the owner's Web site. The private key is never sent to any LiveZone server, never leaves the owner's hard drive.
To: sales@someDomain.com
From: robot@someDomain.com
Subject: Another order from formmail 2257-----BEGIN PGP MESSAGE-----
Version: PGP 4.01 Business EditionhQEMAy23Cb2R+P3hAQf9Hx1MTjCpJB0CGsxsPnc8NrHkbqMTlS/QmyZEI7flnSYN
KIqFMnyDgUiQeaUbR7ixKk8+J977w+06bLz+VX1HRYuZ1Ga4CDphv4Pa5ahrlCBb
/jHlNwfBtN29UA/6o3/J5TmHUlRuDte1KDGv/81b2R87H0LVwvnMWv2fEr2dHQA4
lC/o1n/lQ5QcQVPpBIRWkIqcchIHLqwyj17+Kuzw4qd3GU/QgxtSDJyVMnKUDQep
bHeE4dVUG6X71Akuwh0J7rOx71ClHGlTweLeLYwVsohT3fkBBDv46nr5j82H8DMM
M+opl4HeoRuTvAcmtRocKrEsLWMpRexOWEMjSc/A1aYAAACs27Rqs1Bfu7M7whDy
RwYtBhOtfCLYtThFkT4G5nCat40Ov4mtzgxHtHO6Apkm7HM69x+OcDfCMOyBMlTL
qxOV4vg1FAaYHrZvKaxdES+zkrtPZ8Em7pbIeZfjw1W08eTr7l1KJGlFOk/DLuKA
lVy7R/3x7h5EfgKw/3yYGqm8rWhOsCENM+DzJeyJAOhiRHYoGozNBO1RJkU5Rc34
wV+IR0HjEtXvQL84SH9b0w==
=38kM-----END PGP MESSAGE-----
As you can see, you won't learn a lot from this email without decrypting it first! When the email reaches its destination, it's stored in a POP mailbox just like regular email. Evantually, someone will download the email using an email reader program on their Macintoish or PC (eg., Eudora, Navigator, Explorer, E@mailer, etc). Many of these programs can be configured to automatically decrypt email using the private key that's been stored on the PC's hard drive.
You must obtain a software package for your PC or Macintosh that:
Although we recommend PGP, Inc's "Business Security" package, there are a variety of other commercial and non-commercial sources of compatable PGP encryption software. If you have questions about the compatibility of any package you are considering, please direct your questions to LZSupport @ LiveZone.com.
After installing (and testing) your encryption software on your PC or Macintosh, we recommend that you create a public-private key pair that you will use only for receiving email from your LiveZone Web site. Although you can use another key pair with our servers, you will be reducing your security risk by creating a separate key for this one use.
Next, you must "export" the public key into a plain-text PGP format and email it LZWebmaster @ LiveZone.com indicating that it is a new or replacement PGP public key. When we receive the key and confirm its authenticity with you, we will sign it using the LiveZone server's private key and install it in your Web site's PGP Public Keyring. Currently, the first key installation (up to 3 public keys) per Web site is free; additional installation or administration requests are billed at our current server administration rates.
You may use the LiveZone self-administration tools to view the public keys currently installed in your PGP keyring, or to delete keys that have become obsolete. Our current PGP server software doesn't permit us to offer self-administered installation of keys; this feature will be added when we next upgrade the PGP server software.
The standard LiveZone public formmail script has been enhanced to provide PGP encryption of the email body. There are two changes that must be made to any form HTML page to support PGP:
The HTML below is extracted from the formmail help page, and shows standard un-encrypted use of the formmail script.
<FORM METHOD="POST" ACTION="http://www.yourDomain.com/cgi-bin/formmail.pl">
<INPUT TYPE=submit VALUE="submit">
This is the LiveZone formmail.pl test page...<BR><BR>
<INPUT TYPE=hidden name="recipient" value="someone@someDomain.com">
<INPUT TYPE=hidden name="subject" value="1997 Taste-Test Survey Results">
return email: <input type=text name="email">
realname: <input type=text name="realname">
<INPUT TYPE=hidden name="env_report" value="REMOTE_HOST,HTTP_USER_AGENT">
</FORM>
The changes required to enable encryption are highlighted below, where we specify a key name of "formmail from www.myDomain.com", and the standard PGP keyring.
<FORM METHOD="POST" ACTION="https://www.yourDomain.com/cgi-bin/formmail.pl/admin/pgp/pubring.pgp">
<INPUT TYPE=submit VALUE="submit">
This is the LiveZone formmail.pl test page...<BR><BR>
<INPUT TYPE=hidden name="pgp_key" value="name of your PGP key to use">
<INPUT TYPE=hidden name="recipient" value="someone@someDomain.com">
<INPUT TYPE=hidden name="subject" value="1997 Taste-Test Survey Results">
return email: <input type=text name="email">
realname: <input type=text name="realname">
<INPUT TYPE=hidden name="env_report" value="REMOTE_HOST,HTTP_USER_AGENT">
</FORM>
 www.livezone.com |
Last Updated January 2007 |