I'm creating a CGI application where customers enter information in a
secure form... the server takes the data and encrypts it using a
public key, then saves it to MySQL.
All works fine, when testing, I can then get the encrypted chunk out
of MySQL, apply the private key and see the data just fine.
Here's the problem. I don't want the private key to live anywhere on
the server, but only on local machines. The idea is to have the
private key uploaded into memory and used to decrypt the data so it
can be viewed over a secure web page.
Here's the snippet that loads the key into memory using CGI upload.
This seems to work fine... Printing the value of PrivateKey looks
like the key supposed to...
my $SUP_PrivateKey = $cgi->param( 'SUP_PrivateKey' );
my $PrivateKey = '';
my $size = 0;
my $bytes_read = 0;
my $buffer = '';
while ($bytes_read=read($SUP_PrivateKey,$buffer,4096))
{
$size += $bytes_read;
$PrivateKey .= $buffer;
}
Here's where the problem is... Crypt::RSA::Key::Private, wants a
local file name... won't take the CGI upload name and I don't want to
store the private key on disk, not even for a nanosecond.
my $key = new Crypt::RSA::Key::Private (
# Filename => $SUP_PrivateKey, # this doesn't work
Password => $SUP_PassCode,
);
So I tried to take the PrivateKey string and deserialize it... Cuz
it's the only function that I could find that would take the key as a
string... but obviously there is something wrong with it's format.
$key->deserialize(String => $PrivateKey);
But I get this error: "Can't use string (" bless( {
Vers") as an ARRAY ref while 'strict refs' in use at /usr/lib/perl5/
site_perl/5.8.5/Crypt/RSA/Key/Private.pm line 211."
I created a local decrypt PERL script and then debugged it... when
Crypt::RSA::Key::Private->read loads the data from the local file,
from inside the read function, it seems to look exactly like the value
that I have in $PrivateKey.
Can anyone help the clueless?
Thanks ahead of time...
Re: Crypt::RSA
am 11.03.2007 00:49:58 von rjvennes
Here's what the printed value of my private key looks like after the
while/read..
And yes, before moving this project to production, I plan on changing
the keys... ; - )
Re: Crypt::RSA
am 11.03.2007 08:39:39 von paduille.4060.mumia.w+nospam
On 03/10/2007 05:43 PM, rjvennes@hotmail.com wrote:
> I'm creating a CGI application [...]
>
> Here's where the problem is... Crypt::RSA::Key::Private, wants a
> local file name... won't take the CGI upload name and I don't want to
> store the private key on disk, not even for a nanosecond.
> [...]
>
> $key->deserialize(String => $PrivateKey);
>
> But I get this error: "Can't use string (" bless( {
> Vers") as an ARRAY ref while 'strict refs' in use at /usr/lib/perl5/
> site_perl/5.8.5/Crypt/RSA/Key/Private.pm line 211."
>
> [...]
A quick look at the documentation at
suggests this to me:
use Data::Dumper;
$key->deserialize(String => Dumper($PrivateKey));
Another possible, non-Perl option would be to use a ramdisk to store the
private key (momentarily).
Re: Crypt::RSA
am 11.03.2007 14:21:24 von hjp-usenet2
On 2007-03-10 23:43, rjvennes@hotmail.com wrote:
> I'm creating a CGI application where customers enter information in a
^^^^^^^^^^^^^^^^^
> Here's the problem. I don't want the private key to live anywhere on
> the server, but only on local machines. The idea is to have the
> private key uploaded into memory and used to decrypt the data so it
> can be viewed over a secure web page.
If you are really writing a CGI application (as opposed to, e.g., a
mod_perl or FastCGI application) that can't work. Every invokation of a
CGI script is a separate process, so you can't keep any information "in
memory" between them, you have to use some kind of storage which is
accessible to multiple processes. You could use shared memory or a RAM
disk, but for a server which typically runs many months between reboots
that's about the same as a hard disk from a security point of view.
hp
--
_ | Peter J. Holzer | Blaming Perl for the inability of programmers
|_|_) | Sysadmin WSR | to write clearly is like blaming English for
| | | hjp@hjp.at | the circumlocutions of bureaucrats.
__/ | http://www.hjp.at/ | -- Charlton Wilbur in clpm
Re: Crypt::RSA
am 12.03.2007 17:28:15 von rjvennes
The CGI script only need to exist for a single process... nothing
needs to be passed to another process.
Using Mumia suggestion of:
use Data::Dumper;
$key->deserialize(String => Dumper($PrivateKey));
didn't seem to work either. But I included it in the test program
below... Much easier to debug this than a CGI...
#!/usr/bin/perl
use strict;
use warnings;
use Data::Dumper;
use Crypt::RSA;
use Crypt::RSA::Key::Private;
my $passphrase = "my secret passphrase";
my $DIR_PrivateKey = "/develop/Projects/Decrypt/key.private";
# Load the cyphertext
my $infile = $ARGV[0];
if (! -r $infile)
{
die "Can't read input $infile\n";
}
open(INPUT,"<$infile") ||
die "Can't input $infile $!";
my $cypher = join(qq{}, );
close INPUT;
print "The cyphertext is:\n$cypher\n\n";
# Load the private key into memory
my $PrivateKey = '';
open (INPUT, $DIR_PrivateKey) || die "can't open $DIR_PrivateKey:
$!";
while ()
{
chomp;
$PrivateKey .= $_;
}
close(INPUT) || die "can't close $DIR_PrivateKey: $!";
# set private key object (passphrase)
my $key = new Crypt::RSA::Key::Private (
Password => $passphrase,
);
# set private key object (key)
$key->deserialize(String => Dumper($PrivateKey));
# decrypt message
my $rsa = Crypt::RSA->new();
my $message =
$rsa->decrypt(
Cyphertext => $cypher,
Key => $key,
Armour => 1,
)
or die "Unable to decrypt cypher! - ".$rsa->errstr();
print "The message reads:\n$message\n";
Re: Crypt::RSA
am 13.03.2007 11:04:10 von paduille.4060.mumia.w+nospam
On 03/12/2007 11:28 AM, rjvennes@hotmail.com wrote:
> The CGI script only need to exist for a single process... nothing
> needs to be passed to another process.
>
> Using Mumia suggestion of:
>
> use Data::Dumper;
> $key->deserialize(String => Dumper($PrivateKey));
>
> didn't seem to work either. [...]
After looking at the source, I see that the deserialize method *returns*
a new key object that contains the required data:
my $newkey = $key->deserialize(String => [ $PrivateKey ] );
# use $newkey to decrypt the message.
The code above assumes that $PrivateKey is a string created with
$key->write(). Notice that the $PrivateKey must be enclosed within an
anonymous array. Notice that the documentation does not say this.
Here is a program that doesn't demonstrate using
Crypt::RSA::Key::Private very well. I get an error, "n is not a number,"
from this program, but I still hope it helps you some:
#!/usr/bin/perl
use strict;
use warnings;
use Data::Dumper;
use Crypt::RSA;
use Crypt::RSA::Key::Private;
use File::Slurp;
my $PrivateKey = read_file('key.private');
my $message = read_file('cypher.data');
my $rsa = new Crypt::RSA;
my $nokey = Crypt::RSA::Key::Private->new;
my $privkey = $nokey->deserialize(String => [$PrivateKey]);
my $plaintext;
$plaintext = $rsa->decrypt(
Cyphertext => $message,
Key => $privkey,
Armour => 1,
) or die $rsa->errstr;