LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   encrypting message using only a public key (http://www.linuxquestions.org/questions/linux-security-4/encrypting-message-using-only-a-public-key-4175452918/)

sneakyimp 03-06-2013 02:47 AM

encrypting message using only a public key
 
Sorry to bother, but I was wondering if a mod might move my topic into this forum:
http://www.linuxquestions.org/questi...il-4175452903/

The basic idea is that I want to determine how to take a simple text message (possibly containing sensitive information) and encrypt it using someone's public key.

Noway2 03-06-2013 09:07 AM

From reading the thread you linked to, it looks like your still looking for a solution?

Here is a simple example using gpg, which in my opinion is much easier than SSL and Mime. I used the example of sending an email to "slackbuilds" since I have their public (only) key
Code:

$ echo 'Hello, World!' > hello.txt
$ cat hello.txt
Hello, World!
$ gpg -e -a hello.txt
You did not specify a user ID. (you may use "-r")

Current recipients:

Enter the user ID.  End with an empty line: slackbuilds
gpg: C575D49B: There is no assurance this key belongs to the named user

pub  2048g/C575D49B 2007-01-27 SlackBuilds.org Development Team <slackbuilds-devel@slackbuilds.org>
 Primary key fingerprint: D307 6BC3 E783 EE74 7F09  B8B7 0368 EF57 9C7B A3B6
      Subkey fingerprint: 2415 DC27 B7A0 F5D6 5806  E4C4 91E4 645F C575 D49B

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y

Current recipients:
2048g/C575D49B 2007-01-27 "SlackBuilds.org Development Team <slackbuilds-devel@slackbuilds.org>"

Enter the user ID.  End with an empty line:
$ ls hello.txt*
hello.txt  hello.txt.asc
$ head -n 10 hello.txt.asc
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)

hQIOA5HkZF/FddSbEAgAkWt2wM1MZhI6DaDIF1G8FPRFZrFOMavA6G4TR/VE2fhf
c32YKbwReKS4clNxdbhlhPT+GnS73dV3fFE4/LAY1fiSq9MNDi+O5sSE5MEUYZjH
rRblLeZZeZOq7mGThL6f3q7vUnGKW1M/n4c44ZuhyIyJBu0nDmoSpfK55ecGU6ym
6FUi7W5z3SvXKRiVbSR6ynn25BRi7H+qXSduLJpO1CbG4fnNst4E+xGxknUgo0Aj
iC/ii3oXZqkijXY0lXomjp4r3W2V1SWkC5zXcp+sWVrNqiql2FWX2ht0y5YX3iR5
0H/S84w1dyLtetPxgxr/wqcr+kjGeI5liiZ8G8btWgf+JuhE0ys0mFLmQ5WE8YOU
osqabZfo0XfkIk8rGOGhTfRy1dn1J7Kajwo575WKDC8C4dQpt3Brt2l1T64/TSGa


Habitual 03-06-2013 01:40 PM

http://www.madboa.com/geek/gpg-quickstart/#tosomeone

sneakyimp 03-06-2013 01:49 PM

I appreciate the responses, but the goal here is not to login via SSH and use gpg vid command line. I have some facility with gpg and have seen that madboa page before.

What I'm trying to do is concoct a PHP script which will provide a way for a developer to email potentially sensitive information securely to one or more intended recipients by encrypting it with their public key. I believe this is communicated in the other thread. The main issue is that gpg requires interaction and you have to maintain a keyring, etc. I was much rather hoping to skip all the keyring maintenance, all the prompts, etc., and just encrypt a text message using a public key.

BlackRider 03-06-2013 05:07 PM

There is no way I know of to skip the keyring maintenance you want to avoid with GPG, other than using symmetric encryption only.

cjturner 03-06-2013 05:32 PM

PKI might not be the solution you are seeking here. Perhaps you could explain your security requirement in a little more detail.

sneakyimp 03-06-2013 05:59 PM

Quote:

Originally Posted by cjturner (Post 4906301)
PKI might not be the solution you are seeking here. Perhaps you could explain your security requirement in a little more detail.

The primary motivation for wanting this is that I'm working on a PHP script that handles Instant Payment Notifications. While this page is securely hosted (and only makes secure HTTPS connections to verify that any posts are valid) and furthermore does not ever traffic in sensitive payment information such as account numbers, etc., I would like to be able to notify a developer when an unexpected error occurs by emailing the POST data to the developer's email address. It seems a simple enough affair to set up one's mail client to send and receive encrypted messages, it seems that simply using somebody's public key to encrypt a message is unexpectedly difficult.

I'd like to use public-key cryptography so that a server compromise would not necessarily reveal any important keys (such as might be used in symmetric encryption). The basic idea is that the server would be able to send an encrypted message to the developer (or someone else) without needing any especially sensitive data.

I'd like to avoid manipulating a keyring so that deployment of such an emailing script is easier. It would be ideal if the PHP script that sends this message would be configurable with just a few bits of information:
1) the recipient's email address
2) the recipient's public key
3) maybe some SMTP credentials to send the mail via SMTP gateway.

sneakyimp 03-08-2013 12:57 AM

OK so I pulled out my copy of Bruce Schneier's Applied Cryptography (an really good book) and has a very helpful section on Privacy-Enhanced Mail(PEM) which I've been looking at. Turns out PEM is not just way to encrypt things but it describes a variety of privacy-related protocols. To summarize Schneier:
Quote:

PEM is the Internet Privacy-Enhanced Mail standard adopted by the Internet Architecture Board (IAB) to provide secure electronic mail over the Internet...The PEM protocols provide for encryption, authentication, and key management.
The basic idea is that it describes protocols for sending encrypted and/or signed messages while also describing what has gone into encrypting and/or signing them. It supports both symmetric and public key encryption. The Wikipedia link above says that it was not widely adopted due to its reliance on a centralized root CA.

I think this cocktail of encryption-plus-protocol is what I'm after. Schneier also has a section on PGP (which uses web-of-trust rather than centralized CA) but details about the protocol look pretty light.

Seems to me that if I want to have PHP sending these messages, I will probably have two choices:
1) concoct awkward CLI stuff in PHP and use exec to manipulate key rings and such to get gpg to encrypt my messages (and then take care to shred and/or cleanup the file system to make sure my sensitive messages don't hang around
2) use mcrypt or some other PHP extension to encrypt my messages and then write PHP code to build out the appropriate email-friendly protocol aspects described by PEM and/or PGP such that the message, when it arrives at somebody's mail client, will be decipherable by something like Enigmail or some other secure mail client/plugin.

Surely someone has done this before?

sneakyimp 03-08-2013 01:02 AM

For option 1 above, these functions look pretty useful:
http://www.php.net/manual/en/function.gnupg-encrypt.php

Noway2 03-08-2013 08:45 AM

You might also be able to use the PHP execute function to call GPG to perform the encryption. I don't see anyway around maintaining a keyring, at least a public one as you will need the public key for each recipient that you want to send to.

A while back, I was working on a similar project for a payment system that I wanted to submit the information for processing via an encrypted mail. One of the problems I ran into was the need for temporary files to work the encryption on. This was a weak spot in the system that could be potentially exploited and I abandoned the idea. However you go about it, the best idea is to not store sensitive information on your system at all, and what little of it you do have to not write to disk.

sneakyimp 03-08-2013 01:31 PM

Quote:

Originally Posted by Noway2 (Post 4907420)
You might also be able to use the PHP execute function to call GPG to perform the encryption.

I'm inclined to use the PHP extension for the simple reason that it would be easier than concocting all the exec commands myself.

Quote:

Originally Posted by Noway2 (Post 4907420)
I don't see anyway around maintaining a keyring, at least a public one as you will need the public key for each recipient that you want to send to.

This is disappointing as I was hoping to merely provide the location of a file containing a public key and have my routine encrypt away, but I think I can live with the idea of a keyring. I expect it might be feasible to maintain a keyring for each application.

Quote:

Originally Posted by Noway2 (Post 4907420)
One of the problems I ran into was the need for temporary files to work the encryption on. This was a weak spot in the system that could be potentially exploited and I abandoned the idea. However you go about it, the best idea is to not store sensitive information on your system at all, and what little of it you do have to not write to disk.

Agreed! And thanks for pointing that out. In reading Schneier, I happened across a discussion about scrubbing a file system -- a lengthy process. Schneier quotes a passage from the National Computer Security Center:
Quote:

Originally Posted by NCSC
Overwriting is a process by which unclassified data are written to storage locations that previously held sensitive data....To purge the ...storage media, the DoD requires overwriting with a pattern, then its complement, and finally with another pattern; e.g., overwrite first with 0011 0101, followed by 1100 1010, then 1001 0111. The number of times an overwrite must be accomplished depends on the storage media, sometimes on its sensitivity, and sometimes on different DoD component requirements. In any case, a purge is not complete until a final overwrite is made using unclassified data.

I think all those multiple overwrites are intended if you are worried about someone actually physically obtaining your storage media. I wonder if the linux shred command would be sufficient?

Noway2 03-08-2013 02:03 PM

Quote:

Originally Posted by sneakyimp (Post 4907568)
I think all those multiple overwrites are intended if you are worried about someone actually physically obtaining your storage media. I wonder if the linux shred command would be sufficient?

If your using traditional magnetic media, the shred and overwrite commands will do an excellent job of making data practically irretrievable, even with a simple overwrite or two. By practically I mean without special and expensive forensic tools to where the common criminal is not a concern. If you have an SSD or other flash based material, these tools can be spotty at best because of things like the wear mechanisms.

You mentioned reading Schneier. I have been reading his latest book, Liars and Outliers and really enjoying it. It has been out long enough to be available via inter-library loan now too.

chrism01 03-10-2013 09:29 PM

Re the keyring, I think you may be worrying over nothing. You're only storing Public(!) keys, so there's no problem with having it sit on the disk, or even be exposed to the world; that's what they are for.
Its only Private keys that require protection.
The keyring is just the equivalent of a big file with all the Public keys stored in it; not that different from your file-per-key.

Note that each user can have their own keyring, so you can do it that way if you want to keep them physically separate.
You'd have to allow your PHP to suexec to each required user (or maybe put them all in the same group and use group perms for php access).

sundialsvcs 03-11-2013 11:29 AM

I'm quite confused by this thread. To send a message to someone, you need to know their public key. Only they, with their private key, can decrypt it.

Message-signing requires knowledge of the signer's public key. Successful decryption of the message signature indicates that the possessor of the corresponding private key must have created that signature.

However ... the concept of what you are wanting to do is not a good one, and I daresay that PayPal would put the kabosh on your account if they caught wind of it. The notification should, yes, be encrypted (so that eavesdroppers can't detect whether a notification succeeded or failed), but it should not contain detailed information. The technician should have to log-in himself to see details.

Software support for Privacy-Enhanced Mail (PEM) is not hard to come by, e.g. in Perl or any other "real" programming-language tool. If you're for example trying to pony something up with bash-scripting, you're going about this the wrong way.

sneakyimp 03-11-2013 12:06 PM

I appreciate the input here. I'm a bit over extended at the moment and so I've not been able to get into this as much as I would like.

Quote:

Originally Posted by chrism01 (Post 4908894)
Re the keyring, I think you may be worrying over nothing. You're only storing Public(!) keys, so there's no problem with having it sit on the disk, or even be exposed to the world; that's what they are for.
Its only Private keys that require protection.
The keyring is just the equivalent of a big file with all the Public keys stored in it; not that different from your file-per-key.

I'm aware of all this and have tinkered with using GPG in a variety of ways. What I'm moaning about really is the need to maintain a keyring in a server context -- it makes deployment more involved if I'm trying to do this in a PHP script. It would be ideal if my PHP script could just refer to a text file for the public key of the intended recipient. If I must also take steps to import this public key into yet another file and possibly take other configuration steps (like setting a level of trust, etc.) then it gets more involved.

I'm also somewhat confused about formats for public keys. It would appear that the public key I exported using gpg4win (the more-or-less official distro of gpg for windows AFAIK) is not a *certificate* which is what gpg seems to want. I'm still trying to sort out the difference between x.509, PEM, and SSL certs.

Quote:

Originally Posted by chrism01 (Post 4908894)
Note that each user can have their own keyring, so you can do it that way if you want to keep them physically separate.
You'd have to allow your PHP to suexec to each required user (or maybe put them all in the same group and use group perms for php access).

Again, this is server config I'd like to avoid. Ideally I would just have a script that refers to a key file and takes care of using it to encrypt something. It's bad enough that I'll probably have to install the GNUPG PECL extension. That each use would then need to maintain their keyring somehow seems like still more configuration blah-blah.

I realize that maintaining a keyring has in large part to do with scrutinizing the trust levels and legitimacy of recipients (a big part of security to be sure!) but would like to reiterate that this encryption thing for me is largely motivated by a desire to email *myself* or *close associates* an encrypted message such that a) any sensitive information would be encrypted end-to-end while in transit and b) there would be no need for any sensitive keys or anything on the server -- just my public key.


All times are GMT -5. The time now is 01:19 PM.