Home arrow ASP arrow Page 2 - Creating PGP-Encrypted E-Mails Using ASP
ASP

Creating PGP-Encrypted E-Mails Using ASP


Pretty Good Privacy (i.e. PGP) Encrypted emails are secured using private key encryption. Read how Selva secures email transmissions with ASP.

Author Info:
By: Selva Kumar
Rating: 5 stars5 stars5 stars5 stars5 stars / 45
August 05, 2003
TABLE OF CONTENTS:
  1. · Creating PGP-Encrypted E-Mails Using ASP
  2. · Article

print this article
SEARCH DEVARTICLES

Creating PGP-Encrypted E-Mails Using ASP - Article
(Page 2 of 2 )

The Concept of PGP

For PGP-based communication both the sender and receiver should have public and private key pairs. The sender's public key should be distributed to the receiver. Similarly, the receiver's public key should be distributed to the sender. When sending a message or a file, the sender can sign using his private key. Also, the sender's private key is never distributed.

Signing

Signing an e-mail message means the sender attaches a digital ID to it so that the recipient knows the sender. Signing authenticates a message, but it does not provide protection.

Encrypting

Encrypting a message means converting the information into a "scramble" format; only the true recipient can "unscramble" it. Encrypting a message requires that you have the recipient's digital ID.

Installation and Configuration of PGP Command Line

The Massachusetts Institute of Technology (MIT) distributes PGP Freeware without cost for personal, noncommercial use at http://web.mit.edu/network/pgp.html. A commercial version of PGP is offered as a PGP E-Business server product. For the commercial version, contact PGP Security, a subsidiary of Network Associates Technology, Inc., at http://www.pgp.com/products/whatsnew/pgp-ebusiness-server-71.asp. If you have already installed and configured PGP Command Line, skip this section.

Installation of PGP Command Line
Run the setup and install in your preferred location.

Configuration of PGP Command Line
Before sending an encrypted mail, PGP needs to be configured. The steps for configuration are given below:

  • Generation of key pair
  • Extracting public key
  • Adding recipient's public key

Generation of Key Pair

Key-pair generation can be invoked by command 'pgp -kv'.
You will be prompted for the following steps during the key-pair generation process.

  • Key type
  • Key algorithm
  • Key size
  • Public ID for user key
  • Validity period of signing key
  • Pass phrase

Digital Signature Standard -- Diffie-Hellman (DSS/DH) is a recommended key algorithm. RSA (Rivest-Shamir-Adleman), a cryptology method by RSA Data Security, Inc., that uses a two-part key, can also be used, and this is the only algorithm supported by the older versions (2.x or earlier) of PGP. During the process, select the key size and type that suits you.

Follow the screenshots that show the key-generation process.

 

 

 

Extracting the Public Key

A public key should be exchanged between the sender and recipient before starting communication. A public key can be extracted in a text file and distributed to the recipient. Keys can be extracted using the command 'pgp -kx userid keyfile'. A screenshot of extracting the key appears below:

Adding Recipient's Public Key

As a part of the key-exchange process, the recipient's public key should be added to the sender's key ring. The public key can be using the command 'pgp -ka keyfilename'. A screenshot of adding the key appears below:

 

After confirming the authenticity of the public key, you can sign them. While encrypting a file using a recipient's ID, you will be prompted with a warning about the trustworthiness of the public key. Signing will eliminate the prompting of warning during the encryption process of a message. A key can be signed using the command 'pgp -ks userid'.

Generation of PGP-Encrypted E-mails from ASP

Earlier sections of this article have detailed the installation and configuration of PGP Command Line. How this process helps in sending encrypted mails from ASP will be discussed in this section. Generally the information that needs to be encrypted is first written as a text file. Then the file is signed, encrypted, and mailed. The following is the command used to encrypt a text file (refer to the PGP Command Line users guide, available at http://www.pgpi.org/doc/guide/6.5/en/cmdline/ for other option. The guide in pdf format is also packaged with the product.)

pgp -seat message_file recipient_email_id -u signer_email_id -z passphrase

The description of command-line options used:
   s - sign
   e - encrypt
   a - creates an ASCII-armored output file with extension .asc when you sign or encrypt
   t - input is a text file

An ActiveX control is created with the functionality to encrypt and sign a text file. This ActiveX can be invoked in an ASP page. After encrypting, the file can be sent as an e-mail using any mail component. The ASP and the control code are shown below.

ASP Code

<%
Set xObj = Server.CreateObject("XCrypt.Crypt")
xObj.boolLogStatus="True"
xObj.strLogFilename="c:\pgpcmd\log.log"
x=xObj.encrypt("c:\PGPCmd\PGP.exe","c:\PGPCmd\message.txt",
 "selva.kumar@xpedior.com", "unknown@xyz.com", "sel123")
Set xObj=nothing
%>

Control Code

Public Function encrypt(strPGPLocation As String, strFileLocation As String,
 strSender As String, strRecipient As String, strPassphrase As String) As String
'******************************************************
'Author:    Selva Kumar
'Purpose:   PGP Encryption
'******************************************************
'Variables:
'strPGPLocation   - Location of command line PGP. Ex:C:\PGP\pgp.exe
'strFileLocation  - Location of file to be encrypted
'strSender        - Sender's e-mail address
'strRecipient     - Recipient's e-mail address
'strPassPhrase    - Passphrase of signing key
'strCryptFileName - Encrypted file name
'strOptions       - By default, -seat. Refer PGPCommandLine manual for further options
'Variable declarations
Dim strCryptFilename As String
Dim strCommand As String
Dim boolExeStatus As Boolean
Dim strOptions As String
Dim ws
'Variables assignment
strOptions = "-seat"
strCryptFilename = strFileLocation & ".asc"
boolExeStatus = True
If boolLogStatus Then
  writeLog ("***** Entering encrypt function - initialization succeeded *****")
End If
'Check for the existence of pgp executable
If Dir$(strPGPLocation) = "" Then
        encrypt = "PGP executable not found"
        boolExeStatus = False
        If boolLogStatus Then
            writeLog ("----- Error: PGP executable not found -----")
        End If
        Exit Function
Else
        If boolLogStatus Then
        writeLog ("+++++ PGP executable found +++++")
        End If
End If
'Check for the existence of input file
If Dir$(strFileLocation) = "" Then
            encrypt = "Input file not found"
            boolExeStatus = False
            If boolLogStatus Then
            writeLog ("----- Error: Input file not found -----")
            End If
            Exit Function
Else
        If boolLogStatus Then
        writeLog ("+++++ Input file found +++++")
        End If
End If
'Check for the existence of encrypted output file.
'If the output file exists
'   the file will be deleted and the encryption command is executed
'else
'   The encryption command is executed
If boolExeStatus Then
    strCommand = strPGPLocation & " " & strOptions & " " & strFileLocation & " "
 & strRecipient & " -u " & strSender & " -z " & """" & strPassphrase & """"
    If Dir$(strCryptFilename) = "" Then
        Shell (strCommand)
        encrypt = strCommand
    Else
            If boolLogStatus Then
            writeLog ("+++++ The output file already exists +++++")
            End If
        Kill (strCryptFilename)
        If Dir$(strCryptFilename) = "" Then
            If boolLogStatus Then
            writeLog ("+++++ The output file was deleted +++++")
            End If
        Else
            If boolLogStatus Then
            writeLog ("----- Error: Deleting output file -----")
            End If
        End If
        Shell (strCommand)
        If boolLogStatus Then
            writeLog ("***** PGP encryption command executed *****")
        End If
        encrypt = strCommand
    End If
End If
End Function


DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

blog comments powered by Disqus
ASP ARTICLES

- Central Scoreboard with Flash and ASP
- Calorie Counter Using WAP and ASP
- Creating PGP-Encrypted E-Mails Using ASP
- Be My Guest in ASP
- Session Replacement in ASP
- Securing ASP Data Access Credentials Using t...
- The Not So Ordinary Address Book
- Adding and Displaying Data Easily via ASP an...
- Sending Email From a Form in ASP
- Adding Member Services in ASP
- Removing Unconfirmed Members
- Trapping HTTP 500.100 - Internal Server Error
- So Many Rows, So Little Time! - Case Study
- XDO: An XML Engine Class for Classic ASP
- Credit Card Fraud Prevention Using ASP and C...

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials