The Concept of PGP
For PGP-based communication both the sender and receiver should have public and private key pairs. The sender’s public key should be distributed to the receiver. Similarly, the receiver’s public key should be distributed to the sender. When sending a message or a file, the sender can sign using his private key. Also, the sender’s private key is never distributed.
Signing
Signing an e-mail message means the sender attaches a digital ID to it so that the recipient knows the sender. Signing authenticates a message, but it does not provide protection.
Encrypting
Encrypting a message means converting the information into a “scramble” format; only the true recipient can “unscramble” it. Encrypting a message requires that you have the recipient’s digital ID.
Installation and Configuration of PGP Command Line
The Massachusetts Institute of Technology (MIT) distributes PGP Freeware without cost for personal, noncommercial use at http://web.mit.edu/network/pgp.html. A commercial version of PGP is offered as a PGP E-Business server product. For the commercial version, contact PGP Security, a subsidiary of Network Associates Technology, Inc., at http://www.pgp.com/products/whatsnew/pgp-ebusiness-server-71.asp. If you have already installed and configured PGP Command Line, skip this section.
Installation of PGP Command Line
Run the setup and install in your preferred location.
Configuration of PGP Command Line
Before sending an encrypted mail, PGP needs to be configured. The steps for configuration are given below:
- Generation of key pair
- Extracting public key
- Adding recipient’s public key
Generation of Key Pair
Key-pair generation can be invoked by command ‘pgp -kv’.
You will be prompted for the following steps during the key-pair generation process.
- Key type
- Key algorithm
- Key size
- Public ID for user key
- Validity period of signing key
- Pass phrase
Digital Signature Standard — Diffie-Hellman (DSS/DH) is a recommended key algorithm. RSA (Rivest-Shamir-Adleman), a cryptology method by RSA Data Security, Inc., that uses a two-part key, can also be used, and this is the only algorithm supported by the older versions (2.x or earlier) of PGP. During the process, select the key size and type that suits you.
Follow the screenshots that show the key-generation process.
Extracting the Public Key
A public key should be exchanged between the sender and recipient before starting communication. A public key can be extracted in a text file and distributed to the recipient. Keys can be extracted using the command ‘pgp -kx userid keyfile’. A screenshot of extracting the key appears below:
Adding Recipient’s Public Key
As a part of the key-exchange process, the recipient’s public key should be added to the sender’s key ring. The public key can be using the command ‘pgp -ka keyfilename’. A screenshot of adding the key appears below:
After confirming the authenticity of the public key, you can sign them. While encrypting a file using a recipient’s ID, you will be prompted with a warning about the trustworthiness of the public key. Signing will eliminate the prompting of warning during the encryption process of a message. A key can be signed using the command ‘pgp -ks userid’.
Generation of PGP-Encrypted E-mails from ASP
Earlier sections of this article have detailed the installation and configuration of PGP Command Line. How this process helps in sending encrypted mails from ASP will be discussed in this section. Generally the information that needs to be encrypted is first written as a text file. Then the file is signed, encrypted, and mailed. The following is the command used to encrypt a text file (refer to the PGP Command Line users guide, available at http://www.pgpi.org/doc/guide/6.5/en/cmdline/ for other option. The guide in pdf format is also packaged with the product.)
pgp -seat message_file recipient_email_id -u signer_email_id -z passphrase
The description of command-line options used:
s – sign
e – encrypt
a – creates an ASCII-armored output file with extension .asc when you sign or encrypt
t – input is a text file
An ActiveX control is created with the functionality to encrypt and sign a text file. This ActiveX can be invoked in an ASP page. After encrypting, the file can be sent as an e-mail using any mail component. The ASP and the control code are shown below.
ASP Code
<%
Set xObj = Server.CreateObject("XCrypt.Crypt")
xObj.boolLogStatus="True"
xObj.strLogFilename="c:pgpcmdlog.log"
x=xObj.encrypt("c:PGPCmdPGP.exe","c:PGPCmdmessage.txt",
"selva.kumar@xpedior.com", "unknown@xyz.com", "sel123")
Set xObj=nothing
%>
Control Code
Public Function encrypt(strPGPLocation As String, strFileLocation As String,
strSender As String, strRecipient As String, strPassphrase As String) As String
'******************************************************
'Author: Selva Kumar
'Purpose: PGP Encryption
'******************************************************
'Variables:
'strPGPLocation - Location of command line PGP. Ex:C:PGPpgp.exe
'strFileLocation - Location of file to be encrypted
'strSender - Sender's e-mail address
'strRecipient - Recipient's e-mail address
'strPassPhrase - Passphrase of signing key
'strCryptFileName - Encrypted file name
'strOptions - By default, -seat. Refer PGPCommandLine manual for further options
'Variable declarations
Dim strCryptFilename As String
Dim strCommand As String
Dim boolExeStatus As Boolean
Dim strOptions As String
Dim ws
'Variables assignment
strOptions = "-seat"
strCryptFilename = strFileLocation & ".asc"
boolExeStatus = True
If boolLogStatus Then
writeLog ("***** Entering encrypt function - initialization succeeded *****")
End If
'Check for the existence of pgp executable
If Dir$(strPGPLocation) = "" Then
encrypt = "PGP executable not found"
boolExeStatus = False
If boolLogStatus Then
writeLog ("----- Error: PGP executable not found -----")
End If
Exit Function
Else
If boolLogStatus Then
writeLog ("+++++ PGP executable found +++++")
End If
End If
'Check for the existence of input file
If Dir$(strFileLocation) = "" Then
encrypt = "Input file not found"
boolExeStatus = False
If boolLogStatus Then
writeLog ("----- Error: Input file not found -----")
End If
Exit Function
Else
If boolLogStatus Then
writeLog ("+++++ Input file found +++++")
End If
End If
'Check for the existence of encrypted output file.
'If the output file exists
' the file will be deleted and the encryption command is executed
'else
' The encryption command is executed
If boolExeStatus Then
strCommand = strPGPLocation & " " & strOptions & " " & strFileLocation & " "
& strRecipient & " -u " & strSender & " -z " & """" & strPassphrase & """"
If Dir$(strCryptFilename) = "" Then
Shell (strCommand)
encrypt = strCommand
Else
If boolLogStatus Then
writeLog ("+++++ The output file already exists +++++")
End If
Kill (strCryptFilename)
If Dir$(strCryptFilename) = "" Then
If boolLogStatus Then
writeLog ("+++++ The output file was deleted +++++")
End If
Else
If boolLogStatus Then
writeLog ("----- Error: Deleting output file -----")
End If
End If
Shell (strCommand)
If boolLogStatus Then
writeLog ("***** PGP encryption command executed *****")
End If
encrypt = strCommand
End If
End If
End Function
The ActiveX control can be downloaded from http://www.appserp.com/xcrypt.
*Originally published by DevArticles
K.Selvakumar(Selva) is a member of the infrastructure team at W.W.Grainger’s e-business division . He has vast experience in the development/administration of Enterprise level Internet/Intranet/Extranet applications. Selva can be reached at wwgselva@yahoo.com
