Quantcast

Creating PGP-Encrypted E-Mails Using ASP

Get the WebProNews Newsletter:
[ Business]

The Concept of PGP

For PGP-based communication both the sender and receiver should have public and private key pairs. The sender’s public key should be distributed to the receiver. Similarly, the receiver’s public key should be distributed to the sender. When sending a message or a file, the sender can sign using his private key. Also, the sender’s private key is never distributed.

Signing

Signing an e-mail message means the sender attaches a digital ID to it so that the recipient knows the sender. Signing authenticates a message, but it does not provide protection.

Encrypting

Encrypting a message means converting the information into a “scramble” format; only the true recipient can “unscramble” it. Encrypting a message requires that you have the recipient’s digital ID.

Installation and Configuration of PGP Command Line

The Massachusetts Institute of Technology (MIT) distributes PGP Freeware without cost for personal, noncommercial use at http://web.mit.edu/network/pgp.html. A commercial version of PGP is offered as a PGP E-Business server product. For the commercial version, contact PGP Security, a subsidiary of Network Associates Technology, Inc., at http://www.pgp.com/products/whatsnew/pgp-ebusiness-server-71.asp. If you have already installed and configured PGP Command Line, skip this section.

Installation of PGP Command Line
Run the setup and install in your preferred location.

Configuration of PGP Command Line
Before sending an encrypted mail, PGP needs to be configured. The steps for configuration are given below:

  • Generation of key pair
  • Extracting public key
  • Adding recipient’s public key

Generation of Key Pair

Key-pair generation can be invoked by command ‘pgp -kv’.
You will be prompted for the following steps during the key-pair generation process.

  • Key type
  • Key algorithm
  • Key size
  • Public ID for user key
  • Validity period of signing key
  • Pass phrase

Digital Signature Standard — Diffie-Hellman (DSS/DH) is a recommended key algorithm. RSA (Rivest-Shamir-Adleman), a cryptology method by RSA Data Security, Inc., that uses a two-part key, can also be used, and this is the only algorithm supported by the older versions (2.x or earlier) of PGP. During the process, select the key size and type that suits you.

Follow the screenshots that show the key-generation process.


Extracting the Public Key

A public key should be exchanged between the sender and recipient before starting communication. A public key can be extracted in a text file and distributed to the recipient. Keys can be extracted using the command ‘pgp -kx userid keyfile’. A screenshot of extracting the key appears below:

Adding Recipient’s Public Key

As a part of the key-exchange process, the recipient’s public key should be added to the sender’s key ring. The public key can be using the command ‘pgp -ka keyfilename’. A screenshot of adding the key appears below:

After confirming the authenticity of the public key, you can sign them. While encrypting a file using a recipient’s ID, you will be prompted with a warning about the trustworthiness of the public key. Signing will eliminate the prompting of warning during the encryption process of a message. A key can be signed using the command ‘pgp -ks userid’.

Generation of PGP-Encrypted E-mails from ASP

Earlier sections of this article have detailed the installation and configuration of PGP Command Line. How this process helps in sending encrypted mails from ASP will be discussed in this section. Generally the information that needs to be encrypted is first written as a text file. Then the file is signed, encrypted, and mailed. The following is the command used to encrypt a text file (refer to the PGP Command Line users guide, available at http://www.pgpi.org/doc/guide/6.5/en/cmdline/ for other option. The guide in pdf format is also packaged with the product.)

pgp -seat message_file recipient_email_id -u signer_email_id -z passphrase

The description of command-line options used:
s – sign
e – encrypt
a – creates an ASCII-armored output file with extension .asc when you sign or encrypt
t – input is a text file

An ActiveX control is created with the functionality to encrypt and sign a text file. This ActiveX can be invoked in an ASP page. After encrypting, the file can be sent as an e-mail using any mail component. The ASP and the control code are shown below.

ASP Code

 <%
Set xObj = Server.CreateObject("XCrypt.Crypt")
xObj.boolLogStatus="True"
xObj.strLogFilename="c:pgpcmdlog.log"
x=xObj.encrypt("c:PGPCmdPGP.exe","c:PGPCmdmessage.txt",
 "selva.kumar@xpedior.com", "unknown@xyz.com", "sel123")
Set xObj=nothing
%> 

Control Code

 Public Function encrypt(strPGPLocation As String, strFileLocation As String,
 strSender As String, strRecipient As String, strPassphrase As String) As String
'******************************************************
'Author:    Selva Kumar
'Purpose:   PGP Encryption
'******************************************************
'Variables:
'strPGPLocation   - Location of command line PGP. Ex:C:PGPpgp.exe
'strFileLocation  - Location of file to be encrypted
'strSender        - Sender's e-mail address
'strRecipient     - Recipient's e-mail address
'strPassPhrase    - Passphrase of signing key
'strCryptFileName - Encrypted file name
'strOptions       - By default, -seat. Refer PGPCommandLine manual for further options
'Variable declarations
Dim strCryptFilename As String
Dim strCommand As String
Dim boolExeStatus As Boolean
Dim strOptions As String
Dim ws
'Variables assignment
strOptions = "-seat"
strCryptFilename = strFileLocation & ".asc"
boolExeStatus = True
If boolLogStatus Then
  writeLog ("***** Entering encrypt function - initialization succeeded *****")
End If
'Check for the existence of pgp executable
If Dir$(strPGPLocation) = "" Then
        encrypt = "PGP executable not found"
        boolExeStatus = False
        If boolLogStatus Then
            writeLog ("----- Error: PGP executable not found -----")
        End If
        Exit Function
Else
        If boolLogStatus Then
        writeLog ("+++++ PGP executable found +++++")
        End If
End If
'Check for the existence of input file
If Dir$(strFileLocation) = "" Then
            encrypt = "Input file not found"
            boolExeStatus = False
            If boolLogStatus Then
            writeLog ("----- Error: Input file not found -----")
            End If
            Exit Function
Else
        If boolLogStatus Then
        writeLog ("+++++ Input file found +++++")
        End If
End If
'Check for the existence of encrypted output file.
'If the output file exists
'   the file will be deleted and the encryption command is executed
'else
'   The encryption command is executed
If boolExeStatus Then
    strCommand = strPGPLocation & " " & strOptions & " " & strFileLocation & " "
 & strRecipient & " -u " & strSender & " -z " & """" & strPassphrase & """"
    If Dir$(strCryptFilename) = "" Then
        Shell (strCommand)
        encrypt = strCommand
    Else
            If boolLogStatus Then
            writeLog ("+++++ The output file already exists +++++")
            End If
        Kill (strCryptFilename)
        If Dir$(strCryptFilename) = "" Then
            If boolLogStatus Then
            writeLog ("+++++ The output file was deleted +++++")
            End If
        Else
            If boolLogStatus Then
            writeLog ("----- Error: Deleting output file -----")
            End If
        End If
        Shell (strCommand)
        If boolLogStatus Then
            writeLog ("***** PGP encryption command executed *****")
        End If
        encrypt = strCommand
    End If
End If
End Function

 

The ActiveX control can be downloaded from http://www.appserp.com/xcrypt.

*Originally published by DevArticles

K.Selvakumar(Selva) is a member of the infrastructure team at W.W.Grainger’s e-business division . He has vast experience in the development/administration of Enterprise level Internet/Intranet/Extranet applications. Selva can be reached at wwgselva@yahoo.com

Creating PGP-Encrypted E-Mails Using ASP
Comments Off
About Selva Kumar
K.Selvakumar(Selva) is a member of the infrastructure team at W.W.Grainger's e-business division . He has vast experience in the development/administration of Enterprise level Internet/Intranet/Extranet applications. Selva can be reached at wwgselva@yahoo.com WebProNews Writer
Top Rated White Papers and Resources

Comments are closed.