Re: Using Asymmetric keys for Encryption

I want the passphrase to be kept secret, not available in the source code.

Only way around this is to put the passphrase in a seperate file which you read out of each time your program runs. The file should be only be readable by the username your software runs under. You can run the passphrase through SHA1 first and set that value as the passphrase, so at least the passphrase wouldn't be in plaintext.

I know, this isn't the best solution. It's mearly the only solution. In a perfect world, a human would manually enter the passphrase every time. This doesn't sound like an option for you, so I present this flawed but useable solution instead.

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

Note: All code is untested, unless otherwise stated

Comment on Re: Using Asymmetric keys for Encryption

Replies are listed 'Best First'.

Re: Re: Using Asymmetric keys for Encryption
by fuzzyping (Chaplain) on May 11, 2003 at 22:53 UTC

#!/usr/bin/perl
# gpg.pl

use Crypt::OpenPGP;
 
my $string = $ARGV[0];
my $pgp = Crypt::OpenPGP->new;
my $ciphertext = $pgp->encrypt(
                        Data => $string,
                        Recipients => 'Test User',
                        Armour => 1,
);
 
open(OUT, ">testfile");
print OUT $ciphertext, "\n";
close(OUT);
[download]

#!/usr/bin/perl
# gupg.pl

use Crypt::OpenPGP;
 
my $pgp = Crypt::OpenPGP->new;
my ($plaintext) = $pgp->decrypt(
                        Filename => 'testfile',
                        Passphrase => 'password',
);
 
die "Decryption failed: ", $pgp->errstr unless $plaintext;
print $plaintext, "\n";
[download]

Update:

Data

#!/usr/bin/perl
# gpg.pl

use Crypt::OpenPGP;
use DBI;
 
my $string = $ARGV[0];
my $dbh = DBI->connect("DBI:mysql:pgpdb:localhost","user","password");
my $insert_stmt = 'insert into pgptable (card) values (?)';
my $sth = $dbh->prepare($insert_stmt);
 
my $pgp = Crypt::OpenPGP->new;
my $ciphertext = $pgp->encrypt(
                        Data => $string,
                        Recipients => 'Test User',
                        Armour => 1,
);
 
$sth->execute($ciphertext) || die $dbh->stderr;
[download]

#!/usr/bin/perl
# gupg.pl

use Crypt::OpenPGP;
use DBI;
 
my $dbh = DBI->connect("DBI:mysql:pgpdb:localhost","user","password");
my $select_query = 'select card from pgptable where id=?';
my $sth = $dbh->prepare($select_query);
 
my $pgp = Crypt::OpenPGP->new;
$sth->execute('1') || die $dbh->stderr;
my $data = ($sth->fetchrow_hashref)->{'card'};
my ($plaintext) = $pgp->decrypt(
                        Data => $data,
                        Passphrase => 'passphrase',
);
 
die "Decryption failed: ", $pgp->errstr unless $plaintext;
print $plaintext, "\n";
[download]

[reply]
[d/l]
[select]


There's more than one way to do things
	PerlMonks