Mailing List Archive

GPG WebMail
Hello Everyone--

I have written a web based mail application that uses PHP3. I would like
to be able to include encryption functionality into the system such that it
does the following:

1. Public and Private keys are held in a database for the user.
2. If the user sends mail to a user that he has a public key for, it
encrypts the mail.
3. The mail app will be able to import keys from email attachment.
4. A Key manager to deal with import/export/revoke, etc.
5. Private/Public key creation

I think I can do this, and it will be quite cool. There are only a couple
problems I cannot figure out:

1. How can I reliably generate key pairs without the randomness
requirements. As it stands now, if I just have the machine create the keys
it fails out saying there isn't enough randomness in the system -- and it
takes forever. (more so than creating keys with PGP).

2. Is the best way to do the encryption and decryption to set up a temp
directory on the fly and generate the keyring from the information in the
database and then run GPG? Can I forgo the keyrings and just supply the
keys at the command line?

Or should I just wait until someone writes a GPG PHP3 module?

Thanks for any input.

--Bryan
RE: GPG WebMail [ In reply to ]
any scarier than as a file in a filesystem?

Nothing would please me more than to develop a system that 'feels right' as
far as security goes. Obviously, storing private keys in a database would
require very tight security on said databse server.

It is dangerous at any point when a 3rd party (the web mail client, a.k.a
the webserver process) is given the ability to sign/encrypt data using
several different peoples private keys....but is there any way around this?

Thanks for the input....

--Bryan

-----Original Message-----
From: sen_ml@eccosys.com [mailto:sen_ml@eccosys.com]
Sent: Tuesday, October 05, 1999 2:41 AM
To: gnupg-users@gnupg.org
Subject: Re: GPG WebMail


bbatchel> 1. Public and Private keys are held in a database for the user.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

this sounds like a pretty scary idea.