|
email this article to a colleague
suggest an article
|
Introduction
PGP (Pretty Good Privacy) is an encryption program being used for secure transmission of files and e-mails. This adapts public-key encryption technology in which pairs of keys are used to maintain secure communication.
Mostly Web sites are hosted in remote locations. Users' private information, like registered profile and orders, collected in those sites needs to be securely transferred for processing or analysis. PGP can be used to send such information securely in an encrypted e-mail format. The transfer of this information can be triggered immediately after it gets added/updated on a remote site.
This article describes the installation and configuration of PGP Command Line, and the generation of PGP-encrypted e-mails from ASP.
The Concept of PGP
For PGP-based communication both the sender and receiver should have public and private key pairs. The sender's public key should be distributed to the receiver. Similarly, the receiver's public key should be distributed to the sender. When sending a message or a file, the sender can sign using his private key. Also, the sender's private key is never distributed.
Signing
Signing an e-mail message means the sender attaches a digital ID to it so that the recipient knows the sender. Signing authenticates a message, but it does not provide protection.
Encrypting
Encrypting a message means converting the information into a "scramble" format; only the true recipient can "unscramble" it. Encrypting a message requires that you have the recipient's digital ID.
Installation and Configuration of PGP Command Line
The Massachusetts Institute of Technology (MIT) distributes PGP Freeware without cost for personal, noncommercial use at http://web.mit.edu/network/pgp.html. A commercial version of PGP is offered as a PGP E-Business server product. For the commercial version, contact PGP Security, a subsidiary of Network Associates Technology, Inc., at http://www.pgp.com/products/whatsnew/pgp-ebusiness-server-71.asp.
If you have already installed and configured PGP Command Line, skip this section.
Installation of PGP Command Line
Run the setup and install in your preferred location.
Configuration of PGP Command Line
Before sending an encrypted mail, PGP needs to be configured. The steps for configuration are given below:
- Generation of key pair
- Extracting public key
- Adding recipient's public key
Generation of Key Pair
Key-pair generation can be invoked by command 'pgp -kv'.
You will be prompted for the following steps during the key-pair generation process.
- Key type
- Key algorithm
- Key size
- Public ID for user key
- Validity period of signing key
- Pass phrase
Digital Signature Standard -- Diffie-Hellman (DSS/DH) is a recommended key algorithm. RSA (Rivest-Shamir-Adleman), a cryptology method by RSA Data Security, Inc., that uses a two-part key, can also be used, and this is the only algorithm supported by the older versions (2.x or earlier) of PGP. During the process, select the key size and type that suits you.
Follow the screenshots that show the key-generation process.
Extracting the Public Key
A public key should be exchanged between the sender and recipient before starting communication. A public key can be extracted in a text file and distributed to the recipient. Keys can be extracted using the command 'pgp -kx userid keyfile'.
A screenshot of extracting the key appears below:
Adding Recipient's Public Key
As a part of the key-exchange process, the recipient's public key should be added to the sender's key ring. The public key can be using the command 'pgp -ka keyfilename'.
A screenshot of adding the key appears below:
After confirming the authenticity of the public key, you can sign them. While encrypting a file using a recipient's ID, you will be prompted with a warning about the trustworthiness of the public key. Signing will eliminate the prompting of warning during the encryption process of a message. A key can be signed using the command 'pgp -ks userid'.
Generation of PGP-Encrypted E-mails from ASP
Earlier sections of this article have detailed the installation and configuration of PGP Command Line. How this process helps in sending encrypted mails from ASP will be discussed in this section.
Generally the information that needs to be encrypted is first written as a text file. Then the file is signed, encrypted, and mailed. The following is the command used to encrypt a text file (refer to the PGP Command Line users guide, available at http://www.pgpi.org/doc/guide/6.5/en/cmdline/ for other option. The guide in pdf format is also packaged with the product.)
pgp -seat message_file recipient_email_id -u signer_email_id -z passphrase
The description of command-line options used:
s - sign
e - encrypt
a - creates an ASCII-armored output file with extension .asc when you sign or encrypt
t - input is a text file
An ActiveX control is created with the functionality to encrypt and sign a text file. This ActiveX can be invoked in an ASP page. After encrypting, the file can be sent as an e-mail using any mail component. The ASP and the control code are shown below.
ASP Code
<%
Set xObj = Server.CreateObject("XCrypt.Crypt")
xObj.boolLogStatus="True"
xObj.strLogFilename="c:\pgpcmd\log.log"
x=xObj.encrypt("c:\PGPCmd\PGP.exe","c:\PGPCmd\message.txt",
"selva.kumar@xpedior.com", "unknown@xyz.com", "sel123")
Set xObj=nothing
%>
Control Code
Public Function encrypt(strPGPLocation As String, strFileLocation As String,
strSender As String, strRecipient As String, strPassphrase As String) As String
'******************************************************
'Author: Selva Kumar
'Purpose: PGP Encryption
'******************************************************
'Variables:
'strPGPLocation - Location of command line PGP. Ex:C:\PGP\pgp.exe
'strFileLocation - Location of file to be encrypted
'strSender - Sender's e-mail address
'strRecipient - Recipient's e-mail address
'strPassPhrase - Passphrase of signing key
'strCryptFileName - Encrypted file name
'strOptions - By default, -seat. Refer PGPCommandLine manual for further options
'Variable declarations
Dim strCryptFilename As String
Dim strCommand As String
Dim boolExeStatus As Boolean
Dim strOptions As String
Dim ws
'Variables assignment
strOptions = "-seat"
strCryptFilename = strFileLocation & ".asc"
boolExeStatus = True
If boolLogStatus Then
writeLog ("***** Entering encrypt function - initialization succeeded *****")
End If
'Check for the existence of pgp executable
If Dir$(strPGPLocation) = "" Then
encrypt = "PGP executable not found"
boolExeStatus = False
If boolLogStatus Then
writeLog ("----- Error: PGP executable not found -----")
End If
Exit Function
Else
If boolLogStatus Then
writeLog ("+++++ PGP executable found +++++")
End If
End If
'Check for the existence of input file
If Dir$(strFileLocation) = "" Then
encrypt = "Input file not found"
boolExeStatus = False
If boolLogStatus Then
writeLog ("----- Error: Input file not found -----")
End If
Exit Function
Else
If boolLogStatus Then
writeLog ("+++++ Input file found +++++")
End If
End If
'Check for the existence of encrypted output file.
'If the output file exists
' the file will be deleted and the encryption command is executed
'else
' The encryption command is executed
If boolExeStatus Then
strCommand = strPGPLocation & " " & strOptions & " " & strFileLocation & " "
& strRecipient & " -u " & strSender & " -z " & """" & strPassphrase & """"
If Dir$(strCryptFilename) = "" Then
Shell (strCommand)
encrypt = strCommand
Else
If boolLogStatus Then
writeLog ("+++++ The output file already exists +++++")
End If
Kill (strCryptFilename)
If Dir$(strCryptFilename) = "" Then
If boolLogStatus Then
writeLog ("+++++ The output file was deleted +++++")
End If
Else
If boolLogStatus Then
writeLog ("----- Error: Deleting output file -----")
End If
End If
Shell (strCommand)
If boolLogStatus Then
writeLog ("***** PGP encryption command executed *****")
End If
encrypt = strCommand
End If
End If
End Function
The ActiveX control can be downloaded from http://www.appserp.com/xcrypt.
About the Author
Selva Kumar is a member of the infrastructure team at Grainger.com. Grainger is a provider of maintenance, repair, and operating (MRO) supplies, services, and related information to businesses and institutions. E-mail him at wwgselva@yahoo.com.
|
|
|
|
|
Supporting Products/Tools
|
|
AspEmail
|
|
Free SMTP component that supports multiple file attachments, unlimited recipients, CC's, BCC's and REPLY-TO's. Sends messages as plain text or in the HTML format. Premium features include message queuing and deferred processing for high mail volumes. When used with AspEncrypt, generates S/MIME-enabled secure mail.
|
[Top]
|
|
|
|
AspMail
|
|
AspMail supports multiple file attachments (MIME and UUE), US ASCII and ISO-8859-1 character sets, 8bit subject lines, custom message content headers, custom message headers, MS Exchange priority headers, PGP and more.
|
[Top]
|
|
|
|
DevMailer 1.0
|
|
DevMailer adds SMTP email sending abilities to ASP or Perl programs. Features include: attachments, failsafe queueing, redundant servers, standard message file support, and advanced activity logging. Also verify email addresses and send multiple messages on a single connection.
|
[Top]
|
|
|
|
JangoMail
|
|
JangoMail, located at JangoMail.com, is a web-based service that sends mass
e-mails by connecting to data from your SQL Server or ODBC compliant
database. Unlike traditional ASP e-mail components, the JangoMail service
can also handle unsubscribes and bounces automatically and synchronize these
with your original web database. The only setup that is required is the
placement of one ASP file on your web server. Other features include
message open tracking and click tracking.
|
[Top]
|
|
|
|
JMail
|
|
Send Email directly from you web page via your webserver. jMail will not start up any annoying email clients, just smoothly send the mail via the mailserver. Implement it with easy ASP code.
|
[Top]
|
|
|
|
Mail for .NET
|
|
Mail for .NET is the first product for the NetToolworks.NET framework. Together they provide methods that send, receive, compose, edit, encode and decode e-mail messages. SMTP, POP, complex MIME messages, HTML messages, and file/memory streaming are also supported.
|
[Top]
|
|
|
|
OCXMail
|
|
A single component that is limited in scope to five methods. The OCXMail ASP component allows you to send mail using the standard SMTP protocol from any program that can use ActiveX/OLE components.
|
[Top]
|
|
|
|
ocxQMail
|
|
The ocxQmail ASP component allows you to send mail using the standard SMTP protocol from any program that can use ActiveX/OLE components. ocxQmail queues up messages for batch delivery by a companion NT Service at intervals you specify in the Administration Windows GUI.
Your ASP pages do not have to wait for the mail message to be physically sent before continuing.
|
[Top]
|
|
|
|
RobustPop3
|
|
RobustPOP3 component allows you to retrieve mail using POP3 protocol. Features include: Retrieve Messages
Multiple File Attachments, File Attachments support MIME and UUEncode.
|
[Top]
|
|
|
|
SA-SmtpMail
|
|
A full-featured SMTP e-mail client component that allows developers to send e-mail from any client. This award-winning control offers significantly better performance than other popular SMTP components. SoftArtisans SMTPmail is written in high-performance C++ and supports all threading models, file attachments and multiple encoding schemes. New features in version 2.0 include login authentication and mass mail. The new version also supports PGP encryption.
|
[Top]
|
|
|
|
Other Articles
|
|
|
|
|
|
|
|
|
|
|
|
|
Jan 20, 2000 - Accessing Outlook 98 Contacts in ASP Pages
|
|
|
Dennis Adams explains how accessing Outlook 98 Contacts via a Public Folder from ASP pages is possible if attention is paid to properly installing the necessary components, and configuring the IIS and Exchange Server components. Adams offers some prerequisites, a detailed list of sample code segments, and a complete list of reference materials and related Technet articles.
[Read This Article] [Top]
|
|
|
|
Dec 17, 1999 - How to Send Secure Mail in ASP-Based E-Commerce Applications
|
|
|
Peter Persits' article explains how Secure Multipurpose Internet Mail Extensions, or S/MIME, has come to rescue of e-commerce Web sites that need some order information to be contained in encrypted E-mail. Customers don't want to use automatic on-line credit card authorization, so order information instead is sent over an SSL-protected HTML form and credit card numbers are sent via encrypted E-mail for manual processing.
[Read This Article] [Top]
|
|
|
|
Oct 7, 1999 - Using the WSH on the Desktop
|
|
|
In this article Shahriar Moosavizadeh uses a script to report each day's sales data via E-mail to the sales manager. The Windows Scripting Host allows scripts to be executed directly on the desktop and create a report without having to run the script within the HTML document or ASP page. Included is a sample script that both builds the report and E-mails it to the sales manager,
and step-by-step screenshots and instructions.
[Read This Article] [Top]
|
|
|
|
|
|
Apr 6, 1997 - Creating a List Server with ASP
|
|
|
This issue describes how to make a list server using Active Server, SQL Server, and Stephen Genusa's ASPMail Component. Included are source and instructions for adding the user to the list from a Active Server page, removing the user from the list via a Active Server page, and sending mail to the whole list.
[Read This Article] [Top]
|
|
|
Mailing List
Want to receive email when the next article is published? Just Click Here to sign up.
|
|
