Re: Using Asymmetric keys for Encryption

I want the passphrase to be kept secret, not available in the source code.

Only way around this is to put the passphrase in a seperate file which you read out of each time your program runs. The file should be only be readable by the username your software runs under. You can run the passphrase through SHA1 first and set that value as the passphrase, so at least the passphrase wouldn't be in plaintext.

I know, this isn't the best solution. It's mearly the only solution. In a perfect world, a human would manually enter the passphrase every time. This doesn't sound like an option for you, so I present this flawed but useable solution instead.

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

Note: All code is untested, unless otherwise stated

Comment on Re: Using Asymmetric keys for Encryption

Replies are listed 'Best First'.
Re: Re: Using Asymmetric keys for Encryption by fuzzyping (Chaplain) on May 11, 2003 at 22:53 UTC
Actually, you're referring to symmetric keys. I'm talking about asymmetric keys where the passphrase is embedded in the private key. I've since managed to get it working properly, although the ciphertext has to be directed into a file, and that file read back in to decrypt. I expect this is due to some incompatibility (or my ignorance of) the formatting types between the terminal and Perl's handling of scalars. I don't think this will be a problem once I output the data to a db table. For archival sakes, here are the scripts I've used for testing of encrypt() and decrypt(): `#!/usr/bin/perl # gpg.pl use Crypt::OpenPGP; my $string = $ARGV[0]; my $pgp = Crypt::OpenPGP->new; my $ciphertext = $pgp->encrypt( Data => $string, Recipients => 'Test User', Armour => 1, ); open(OUT, ">testfile"); print OUT $ciphertext, "\n"; close(OUT);` [download] ------------------------ `#!/usr/bin/perl # gupg.pl use Crypt::OpenPGP; my $pgp = Crypt::OpenPGP->new; my ($plaintext) = $pgp->decrypt( Filename => 'testfile', Passphrase => 'password', ); die "Decryption failed: ", $pgp->errstr unless $plaintext; print $plaintext, "\n";` [download] Update: I've managed to test and verify that writes/reads to database also work. Here is the updated code using Data to read in the ciphertext: `#!/usr/bin/perl # gpg.pl use Crypt::OpenPGP; use DBI; my $string = $ARGV[0]; my $dbh = DBI->connect("DBI:mysql:pgpdb:localhost","user","password"); my $insert_stmt = 'insert into pgptable (card) values (?)'; my $sth = $dbh->prepare($insert_stmt); my $pgp = Crypt::OpenPGP->new; my $ciphertext = $pgp->encrypt( Data => $string, Recipients => 'Test User', Armour => 1, ); $sth->execute($ciphertext) \|\| die $dbh->stderr;` [download] ------------------------- #!/usr/bin/perl # gupg.pl use Crypt::OpenPGP; use DBI; my $dbh = DBI->connect("DBI:mysql:pgpdb:localhost","user","password"); my $select_query = 'select card from pgptable where id=?'; my $sth = $dbh->prepare($select_query); my $pgp = Crypt::OpenPGP->new; $sth->execute('1') \|\| die $dbh->stderr; my $data = ($sth->fetchrow_hashref)->{'card'}; my ($plaintext) = $pgp->decrypt( Data => $data, Passphrase => 'passphrase', ); die "Decryption failed: ", $pgp->errstr unless $plaintext; print $plaintext, "\n"; [download]	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re: Re: Using Asymmetric keys for Encryption
by fuzzyping (Chaplain) on May 11, 2003 at 22:53 UTC

#!/usr/bin/perl
# gpg.pl

use Crypt::OpenPGP;
 
my $string = $ARGV[0];
my $pgp = Crypt::OpenPGP->new;
my $ciphertext = $pgp->encrypt(
                        Data => $string,
                        Recipients => 'Test User',
                        Armour => 1,
);
 
open(OUT, ">testfile");
print OUT $ciphertext, "\n";
close(OUT);
[download]

#!/usr/bin/perl
# gupg.pl

use Crypt::OpenPGP;
 
my $pgp = Crypt::OpenPGP->new;
my ($plaintext) = $pgp->decrypt(
                        Filename => 'testfile',
                        Passphrase => 'password',
);
 
die "Decryption failed: ", $pgp->errstr unless $plaintext;
print $plaintext, "\n";
[download]

Update:

Data

#!/usr/bin/perl
# gpg.pl

use Crypt::OpenPGP;
use DBI;
 
my $string = $ARGV[0];
my $dbh = DBI->connect("DBI:mysql:pgpdb:localhost","user","password");
my $insert_stmt = 'insert into pgptable (card) values (?)';
my $sth = $dbh->prepare($insert_stmt);
 
my $pgp = Crypt::OpenPGP->new;
my $ciphertext = $pgp->encrypt(
                        Data => $string,
                        Recipients => 'Test User',
                        Armour => 1,
);
 
$sth->execute($ciphertext) || die $dbh->stderr;
[download]

#!/usr/bin/perl
# gupg.pl

use Crypt::OpenPGP;
use DBI;
 
my $dbh = DBI->connect("DBI:mysql:pgpdb:localhost","user","password");
my $select_query = 'select card from pgptable where id=?';
my $sth = $dbh->prepare($select_query);
 
my $pgp = Crypt::OpenPGP->new;
$sth->execute('1') || die $dbh->stderr;
my $data = ($sth->fetchrow_hashref)->{'card'};
my ($plaintext) = $pgp->decrypt(
                        Data => $data,
                        Passphrase => 'passphrase',
);
 
die "Decryption failed: ", $pgp->errstr unless $plaintext;
print $plaintext, "\n";
[download]

[reply]
[d/l]
[select]