Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Problem with module using Crypt::OpenPGP

by DamnDirtyApe (Curate)
on Aug 17, 2003 at 04:37 UTC ( [id://284388]=perlquestion: print w/replies, xml ) Need Help??

DamnDirtyApe has asked for the wisdom of the Perl Monks concerning the following question:

G'day fellow monks,

I've got a module I've written that's giving me quite a headache. When I run the CGI script that calls the module from the command line, it runs properly. When I try to call the CGI script from a web browser, I get the following error:

Software error: Cannot encrypt text: No known recipients for encryption For help, please send mail to the webmaster (root@localhost), giving t +his error message and the time and date of the error.

Here's the module I've written:

package TRIWeb::CCHandler; use strict; use Crypt::OpenPGP; our $VERSION = '$rev$'; our $PUBKEY = './trikey.pub'; sub new { my $class = shift; my $self = { cc_type => '', cc_number => '', cc_name => '', cc_expiry => '', cc_amount => 0, }; return bless $self, $class; } sub cc_set { my $self = shift; $self->{"cc_$_[0]"} = $_[1]; } sub ciphertext { my $self = shift; my $gpg = Crypt::OpenPGP->new or die "Cannot create Crypt::OpenPGP object: $!"; my $ring = Crypt::OpenPGP::KeyRing->new( Recipients => $PUBKEY ) or die "Cannot create keyring."; my $plaintext = <<"EOD"; ---------------------------------------- CC Type: $self->{cc_type} CC Number: $self->{cc_number} CC Name: $self->{cc_name} CC Expiry: $self->{cc_expiry} CC Amount: $self->{cc_amount} ---------------------------------------- EOD my $cipher = $gpg->encrypt( Compat => 'GnuPG', PubRing => $ring, Data => $plaintext, Armour => 1, Recipients => 'doug@tri' ) or die "Cannot encrypt text: " . $gpg->errstr; return $cipher; } 1;

And here's the portion of the CGI script that uses the module:

my $cc = new TRIWeb::CCHandler; $cc->cc_set( 'type', $form_vars{cc_type} ); $cc->cc_set( 'number', $form_vars{cc_number} ); + $cc->cc_set( 'name', $form_vars{cc_name} ); $cc->cc_set( 'expiry', $form_vars{exp_mo} . '/' . $form_vars{exp_yr} ) +; $cc->cc_set( 'amount', $form_vars{fee} ); $sth->execute( $form_vars{first_name}, $form_vars{last_name}, $form_va +rs{address_1}, $form_vars{address_2}, $form_vars{city}, $form_vars{pro +vince}, $form_vars{country}, $form_vars{postal_code}, $form_var +s{phone_work}, $form_vars{ext_work}, $form_vars{phone_work2}, $form_va +rs{ext_work2}, $form_vars{phone_home}, $form_vars{fax}, $form_vars{ema +il}, $form_vars{email2}, $cc->ciphertext ) ;

Any help would be greatly appreciated.

Thanks,


_______________
DamnDirtyApe
Those who know that they are profound strive for clarity. Those who
would like to seem profound to the crowd strive for obscurity.
            --Friedrich Nietzsche

Replies are listed 'Best First'.
Re: Problem with module using Crypt::OpenPGP
by Chmrr (Vicar) on Aug 17, 2003 at 06:04 UTC

    My guess is that the working directory when run from the webserver is not what you are expecting -- thus, when it goes to load the "./trikey.pub" file, it fails to find it. Try giving the full path to the keyring.

    perl -pe '"I lo*`+$^X$\"$]!$/"=~m%(.*)%s;$_=$1;y^`+*^e v^#$&V"+@( NO CARRIER'

      Thanks, I thought that too, but that's not it. I changed $PUBKEY to the full path to the file, and the behaviour is the same; works from the command line, fails from the web server.


      _______________
      DamnDirtyApe
      Those who know that they are profound strive for clarity. Those who
      would like to seem profound to the crowd strive for obscurity.
                  --Friedrich Nietzsche
Re: Problem with module using Crypt::OpenPGP
by DamnDirtyApe (Curate) on Aug 18, 2003 at 04:56 UTC

    I think I've isolated the problem: when I ran the script as myself, the script was using my personal keyring, not the one I'm passing it. For some reason, the keyring I'm trying to create in the program isn't working. I've reduced the problem to this script; if I can get this to work, I believe I can make the larger program run as well.

    #! /usr/bin/perl use strict; use Crypt::OpenPGP; my $gpg = Crypt::OpenPGP->new or die "Cannot create Crypt object: $!"; my $ring = Crypt::OpenPGP::KeyRing->new( Data => \*DATA ) or die "Cannot create keyring: $!"; my $plaintext = 'Foobar!'; my $cipher = $gpg->encrypt( Compat => 'GnuPG', PubRing => $ring, Data => $plaintext, Armour => 1, Recipients => 'douggorley@shaw.ca' ) or die "Cannot encrypt text: " . $gpg->errstr; print "$cipher"; __DATA__ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.2 (GNU/Linux) mQGiBDwTwfQRBADH+C+xkm3V3rFywQJw9IwkbNKifRxn47GSZEOOTxNn6IupqqGi lO7BndliHsBQEqqalQchv6Ly8Djxl0aeS5MweCT1qrlrtkMtbqYtDcyp10x2iTcC 4MA5dU1/P/TdhEQQSAgSFbt3qE2ZnK3wsai2CdEFR47xAKG6NKwmMPeUAwCg+61C gaMddxI+5/kzoCGomqGmcI8D/2qculnwGTeNyDH5EKJnb0w2Cjb7jmxe8RtAOKEx 3hApV18Ng5dWiEuId8TmAYoQiHyC09vv9L0lADysTNrzfH8ozXZwXJlcIYFg/Doi jtUleX0mmZVSUkrJJ+rybT8jcfcWso2wa/igLjTyWHwXqPdkLf3zDOM8V1KJO1zj Og3BBAC5j0iM3vKvkU0KXt9A2i+0Pz+xPIrUc3XUVVHntq9nhOPOhbckHF81tfTu UnKFPQhiHmYFSoqhwMuPvMGvq3URs29WsCUGjX1gcoMkinOkAeOLQwwNh3MxMAri d0GFaeQPUK0V4uG5HDRG6Ggs95mfF3TjO3bcjikR+xzEd+cIv7QgRG91ZyBHb3Js ZXkgPGRvdWdnb3JsZXlAc2hhdy5jYT6IWgQTEQIAGgULBwoDBAMVAwIDFgIBAheA AhkBBQI8E8H1AAoJEMWpVBWiIVWb8OcAoPQ+2Rz3aQ6nsVBNFGRbN6XBHhoOAJ4v TWlEp4vz3/seWpJu8Eusd9eH0ohGBBARAgAGBQI+XGA+AAoJEIIiaBYBnUdP6X8A ni7yhBPc37MatJad9tKO1m/FKXv/AKCHC0hIIr0rSPl5oWt265Cit228KrkBDQQ8 E8H6EAQAhSB8LOS83dcRvxpq8k3y9SfzthnQyDtJRi/6qaE7+LCSPzx4SDfxP1Sn r/ScPceqTP54GR51nYLTv9abm75SIbcgkwUQx2U0q5XM3UjZB2ZJxLQ1bOxhFJpn F8PX9PtDm77e3zitCRdoBlXyKcKCnDKSAhp2B9hhD9eOj6i9ah8AAwcD/itF9KhK sUr/SD33ToPJ216aTx9aQ2iyWMcQ4hEaTq0bLN8UOBLvwFYglUdA1wUjrEUKK9QC ptfb5+/CibNvjTuP6M+087OmX/BFKLIhfO9oQlp3RV1u9futp1tzTlRo2F0uI1YV mAIHNuildXCSCuTEkctQlujqMSJ5E1B1dYr3iEYEGBECAAYFAjwTwfoACgkQxalU FaIhVZsCNgCfWHmXo/me0717bsT38c55Uqfrng0AoLTOcDzWdHln4MhLBOQ+RVN6 u0sd =NtKC -----END PGP PUBLIC KEY BLOCK-----

    _______________
    DamnDirtyApe
    Those who know that they are profound strive for clarity. Those who
    would like to seem profound to the crowd strive for obscurity.
                --Friedrich Nietzsche
      This sounds similar to some things I have wrestled with in the past but I looked over some of my notes and could not find the exact reference due to having way too many notes and also trying both PGP and GPG, it's been several months.. Anyway one thing you may want to try is consider that the bug message may be wrong, it is not having trouble understanding the recipient but rather the sender. I seem to remember something like that..

      Also it may be that if this happens to be on a shared server (if so be real careful with your secrets..) it may be using a different ring.

      In my case I also had trouble with tons of dependencies in other modules, I had an old perl. I ended up rolling my own module using Storable, IO::Handle, and GnuPG::Interface, and Class::MethodMaker. Perl libs were built with a local prefix.

      First I made a keyring on the command line and imported a public key into it. The key has to be trusted, which can be done without any secret keys being installed by editting .gnupg/options (reading the comments is essential). The encrypted text is ascii armored and can be copied or downloaded for decryption with a GPG client like WinPT / GPG.

      Note it is not very secure to encrypt things on a shared server, however since it was not an extremely heavy situation I did a couple things like chmod my own gpg binary -rwsr-xr-x to attempt to secure memory, plus filling strings with zeroes before they went out of scope to try to keep data from remaining in the swap partition.

      Anyway I'm guessing you have a much better environment available to you. It does sound however that PGP is fighting you because it thinks you have a different identity than you really do; this is the main reason I have found PGP/GPG to fight when it works on the command line. If you can figure out who it thinks you are (very hard I think) you are there.

      I've found the problem here; the key ring needs to be provided as an argument to the new() function. This worked for me:

      my $gpg = Crypt::OpenPGP->new( PubRing => './trikey.pub' ) or die "Cannot create Crypt::OpenPGP object: $!";

      _______________
      DamnDirtyApe
      Those who know that they are profound strive for clarity. Those who
      would like to seem profound to the crowd strive for obscurity.
                  --Friedrich Nietzsche
Re: Problem with module using Crypt::OpenPGP
by CountZero (Bishop) on Aug 17, 2003 at 18:55 UTC

    If the "full path" is not the solution, then the next (standard) answer is: did you check the file permissions? The webserver runs not under your user id and has its own permissions.

    CountZero

    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

      Thanks, I tried that too; I set the permissions to 0666, but no luck. :-(


      _______________
      DamnDirtyApe
      Those who know that they are profound strive for clarity. Those who
      would like to seem profound to the crowd strive for obscurity.
                  --Friedrich Nietzsche

        ...0666? Doesn't that mean world readable and writable, but not executable? Shouldn't you try 0755?

        Hope this helps.

        antirice    
        The first rule of Perl club is - use Perl
        The
        ith rule of Perl club is - follow rule i - 1 for i > 1

Re: Problem with module using Crypt::OpenPGP
by DamnDirtyApe (Curate) on Aug 17, 2003 at 21:15 UTC

    Hmm... just discovered that if I su to the apache user, the script doesn't work from the command line either. Still working on it...


    _______________
    DamnDirtyApe
    Those who know that they are profound strive for clarity. Those who
    would like to seem profound to the crowd strive for obscurity.
                --Friedrich Nietzsche
      I'll bet the problem is with the environment variables available to the apache user...
        Try setting up sudo. doing things with ssh autologin also gives a problem too.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://284388]
Approved by naChoZ
Front-paged by hsmyers
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (4)
As of 2024-12-07 15:36 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Which IDE have you been most impressed by?













    Results (50 votes). Check out past polls.