markjugg has asked for the wisdom of the Perl Monks concerning the following question:

Hello! I'm shopping around for a PGP module to standardize on. My primary use is sending secure emails from web-forms so that clients can decrypt from Mac and PC. I noticed on CPAN there are a number of options:
http://search.cpan.org/search?mode=module&query=PGP
What your favorite modules for this and why? Thanks!

-mark

  • Comment on Favorite PGP module for web-to-email forms?

Replies are listed 'Best First'.
RE: Favorite PGP module for web-to-email forms?
by ferrency (Deacon) on Aug 16, 2000 at 22:10 UTC
    You might also want to check out GPG and the GPG modules associated with it. GPG, or GnuPG, is an open source version of PGP that works with non-encumbered encryption algorithms.

    It looks like the GPG modules now live in the GnuPG:: namespace.

    Alan

      If you get stuck installing GnuPG.pm on FreeBSD because the 'make test' hangs on generating the key, here's what to do:

      * As root: # vmstat -i make note of the irqs that have nonzero rates and are not clk* or rtc* Issue the command: # rndcontrol -s n for 2 or 3 of these irqs where "n" is the irq number What you are doing here is telling the OS to use these devices to coll +ect randomness from.

      For a longer term solution you can add these irqs to your rc.conf file so they are saved through reboot:

      rand_irqs={some good irq numbers here}
      I'm interested in supporting GPG as an open source alternative. Are there solutions available for decrypting it on Mac & Windows? (ie, will PGP encryption tools work?). Or asked another way: Is there any reason _not_ to use GPG in favor of PGP? Thanks, -mark
        I am not entirely familiar with GPG on Mac and Windows platforms. Your best bet would be to go to www.gnupg.org and check it out there.

        As for GPG/PGP compatability... The big difference between the two packages is, PGP supports encryption algorithms with license restrictions such as RSA, while GPG does not (yet?). It uses algorithms which are at least as secure as PGP's, but which are not under patent or license protection, such as Diffie-Hellman. Recent versions of PGP can handle D-H keys, and GPG and newer versions of PGP are compatable with these keys. GPG can't encrypt and decrypt with RSA PGP keys, however.

        If you're starting from scratch, and the keys don't already exist, GPG would be a great alternative, especially because "personal" versions of PGP which can be used for free (under the correct circumstances) can be used to decrypt the GPG messages even if GPG doesn't have good Mac/Windows support.

        But, if you're going to be collecting foreign public keys from the Real World, where PGP has been in use for a lot longer than GPG has, you may run into problems with too many RSA keys that you can't use with GPG.

        In the past, the PGP people have at times been quite aggressive in pursuing license violations (such as using a non-batch PGP license for batch processing encryption/decryptions). And, for small companies, their licensing can be quite expensive for setting up small batch processing systems (where "batch processing" pretty much means anything done by a script instead of a human). For that reason, we've been using GPG instead of PGP wherever possible. The only tricky part has been getting the customers to create Diffie-Hellman, and Not RSA keys with their personal PGP packages...

        Alan

Re: Favorite PGP module for web-to-email forms?
by bliz (Acolyte) on Aug 16, 2000 at 22:45 UTC
    not that I know of.. I've had no problems with users using the PGP clients with my GnuPG messaging that does exactly what you are describing... encrypting web based messages into email... -- bliz
markjugg - Anyone tried GPG.pm?
by markjugg (Curate) on Oct 20, 2000 at 00:44 UTC
    Since the above question was asked about the best PGP style modules to use, a new contender has appeared on the scene, GPG.pm. This looks like it has a nice clean interface. (better than GnuPG::TIE IMHO). Would anyone whosse tried using it like to give a quick review of it, especially in comparision to GnuPG::Tie. Thanks! -mark
Example GnuPG code (working with STDOUT AND STDIN)
by markjugg (Curate) on Aug 17, 2000 at 00:28 UTC
    Thanks for the tips on GnuPG. Now I've read the docs and I have a followup question on how to use it. :)
      It looks like it usually works with either files or STDIN and STDOUT. What I'd like to do is to pass in a scalar variable to encrypt and get back the results in another scalar variable. Does someone have an example of how to work with STDIN and STDOUT to do this? Or, asked another way, what do you find is the easiest way to pass text back and forth from GnuPG.pm?
        ..except the example code is failing for me. Here's what I have so far. It's dying when I try to read $ciphertext back from the filehandle. Can you offer suggestions or example code? Thanks! -mark
        sub encrypt_text { use GnuPG::Tie::Encrypt; tie *CIPHER, 'GnuPG::Tie::Encrypt', armor => 1, recipient => $PUBL +IC_KEY_USER_ID || die; print CIPHER shift || die; local $/ = undef; my $ciphertext = <CIPHER> || croak "died here: $!"; close CIPHER; untie *CIPHER; return $ciphertext; }
Re: Favorite PGP module for web-to-email forms?
by btrott (Parson) on Sep 01, 2001 at 01:24 UTC
    You might want to take a look at Crypt::OpenPGP. It's a pure Perl implementation of the OpenPGP standard and is compatible with PGP2, PGP5, GnuPG, etc.

    Sample usage:

    use Crypt::OpenPGP; my $pgp = Crypt::OpenPGP->new( PubRing => $pubring); my $ciphertext = $pgp->encrypt( Data => $data, Recipients => $key_id, Armour => 1, );