!! Please help with PGP Script!! 
Author Message
 !! Please help with PGP Script!!

Hi all!

I recently installed Simple Scripts Simple Secure and am getting the
following errors.  The script is processing fine, but on my end, where I
should be getting the secured e-mail, I get the following message:

This message was encrypted using SimpleSecure 1.2.
http://www.*-*-*.com/

Script Error: PGP produced no output when processing this message.
The most likely cause for this is that the PGP key you submitted
is invalid.  (pgp_key submitted: PGP Key) A less likely
cause is that you did not specify the correct location of pubring.pgp
when setting up the script (PGP Config Details).

I have double & triple-checked both of these items.  I have left out the
actual file locations and the PGP key name just for simplification purposes,
but I don't know why the program won't work.

Any help would be greatly appreciated.

I've pasted the entire script into this e-mail:

Thanks in advance,

Tim

PS I've added a few functions, but have not changed the PGP code.

#!/usr/bin/perl
# ------------------------------------------------------------------------
# simplesecure.cgi version 1.2 is a modified version of
# Matt Wrights FormMail Version 1.6  (copyright notice at bottom)
# For support, please see http://www.*-*-*.com/
# ------------------------------------------------------------------------

############################################################################
##
# CONFIGURATION VARIABLES
#
# Detailed Information Found In README File.
#

# $mailprog defines the location of your sendmail program on your unix
#
# system.
#

$mailprog = '/usr/lib/sendmail';

#
# in this field.  This security fix from the last version which allowed
#
# anyone on any server to use your FormMail script on their web site.
#

# Define PGP Variables

# $pgp_path defines the location of the PGP program on your unix server
#
$pgp_path = "/usr/local/bin/pgp";

# $pgp_options defines command line options for PGP.  They don't need to be
#
# changed
#
$pgp_options = "-feat +VERBOSE=0";

# pgp_config_files is the location of pubring.pgp, randseed.bin and
#
# config.txt
#
$pgp_config_files = "./simplepgp";

# $pgp_temp_file_path is the location of a folder that PGP can use to write
#
# Temporary files.  The file permissions on this folder must allow the
#
# web browser to write in it.
#
$pgp_temp_file_path ="./simpletemp";

# END CONFIGURATION VARIABLES
#
############################################################################
##

# Check Referring URL
&check_url;

# Retrieve Date
&get_date;

# Parse Form Contents
&parse_form;

# Check the script setup
&check_setup;

# Check Required Fields
&check_required;

# Return HTML Page or Redirect User
&return_html;

#BSS
# Courtesy E-Mail to Visitor
&send_courtesy;

#Append Database
&append_database;

# Send E-Mail
&send_mail;

# ------------------------------------------------------------------------
# check_setup subroutine
# ------------------------------------------------------------------------
sub check_setup {
local ($error_message) = "";
local ($pubring_pgp) = $pgp_config_files . "/pubring.pgp";
local ($randseed_bin) = $pgp_config_files . "/randseed.bin";

    # checks to make sure everything is setup properly.

    unless (-x "$pgp_path") {
       $error_message .= "Setup Error: The script does not have permission
to execute PGP.<br>";
    }

    unless (-w $pgp_temp_file_path) {
        $error_message .= "Setup Error: The script does not have permission
to write to the PGP temp directory.<br>";
    }

    unless (-x $mailprog) {
        $error_message .= "Setup Error: The script does not have permission
to execute sendmail (mailprog).<br>";
    }

    unless ($Config{'pgp_key'}) {
        $error_message .= "Setup Error: No PGP key (pgp_key) was
submitted.<br>";
    }

    unless (-r $pubring_pgp) {
        $error_message .= "Setup Error: The script cannot read pubring.pgp
(in your pgp_config_files directory).<br>";
    }

    unless (-r $randseed_bin) {
        $error_message .= "Setup Error: The script cannot read randseed.bin
(in your pgp_config_files directory).<br>";
    }

    # If any of the checks did not pass, send a message to the browser and
exit.
    if ($error_message) {
        $error_message .= "<p>\n";
        $error_message .= "<b>Below is SimpleSecure setup information to
help you find the problem:</b>\n";
        $error_message .= "<p>\n";
        $error_message .= "script is executing as (web server user ID):
<b>$></b><br>\n";
        $error_message .= "pgp_path is: <b>$pgp_path</b><br>\n";
        $error_message .= "pgp_temp_file_path is:
<b>$pgp_temp_file_path</b><br>\n";
        $error_message .= "mailprog is: <b>$mailprog</b><br>\n";
        $error_message .= "pgp_config_files directory is:
<b>$pgp_config_files</b><br>\n";
        $error_message .= "PGP key submitted:
<b>$Config{'pgp_key'}</b><br>\n";
        $error_message .= "<br>\n";
        $error_message .= "<p>\n";
        $error_message .= "<i>If you are having problems getting PGP to
execute, it is possible that\n";
        $error_message .= "the web server's user ID does not have permission
to execute PGP on your\n";
        $error_message .= "server.  If you are able to execute PGP from the
command line, this is\n";
        $error_message .= "likely the case.  You should contact your system
administrator about either\n";
        $error_message .= "allowing the web server to execute PGP, or you
should investigate CGIwrap,\n";
        $error_message .= "a program that allows you to execute scripts
using your user ID instead of the generic web server ID.</i>\n";
        print "Content-type: text/html\n\n";
        print "<html><body>\n";
        print "<b>SimpleSecure encountered error(s) while executing.
Details are below:</b>\n";
        print "<p>\n";
        print "$error_message\n";
        print "</body></html>\n";
        exit;
    }

Quote:
}

# ------------------------------------------------------------------------
# check_url subroutine
# ------------------------------------------------------------------------
sub check_url {

    # Localize the check_referer flag which determines if user is valid.
#
    local($check_referer) = 0;

    # If a referring URL was specified, for each valid referer, make sure
#
    # that a valid referring URL was passed to SecureFormMail.
#

    if ($ENV{'HTTP_REFERER'}) {

            if ($ENV{'HTTP_REFERER'} =~ m|https?://([^/]*)$referer|i) {
                $check_referer = 1;
                last;
            }
        }
    }
    else {
        $check_referer = 1;
    }

    # If the HTTP_REFERER was invalid, send back an error.
#
    if ($check_referer != 1) { &error('bad_referer') }

Quote:
}

sub get_date {

    # Define arrays for the day of the week and month of the year.
#

               'Thursday','Friday','Saturday');

             'August','September','October','November','December');

    # Get the current time and format the hour, minutes and seconds.  Add
#
    # 1900 to the year to get the full 4 digit year.
#
    ($sec,$min,$hour,$mday,$mon,$year,$wday) =
(localtime(time))[0,1,2,3,4,5,6];
    $time = sprintf("%02d:%02d:%02d",$hour,$min,$sec);
    $year += 1900;

    # Format the date.
#
    $date = "$days[$wday], $months[$mon] $mday, $year at $time";

Quote:
}

sub parse_form {

    # Define the configuration associative array.
#
    %Config = ('recipient','',          'subject','',
               'email','',              'realname','',
               'redirect','',           'bgcolor','',
               'background','',         'link_color','',
               'vlink_color','',        'text_color','',
               'alink_color','',        'title','',
               'sort','',               'print_config','',
               'required','',           'env_report','',
               'return_link_title','',  'return_link_url','',
               'print_blank_fields','', 'missing_fields_redirect','',
               'pgp_key','');

    # Determine the form's REQUEST_METHOD (GET or POST) and split the form
#
    # fields up into their name-value pairs.  If the REQUEST_METHOD was
#
    # not GET or POST, send an error.
#
    if ($ENV{'REQUEST_METHOD'} eq 'GET') {
        # Split the name-value pairs

    }
    elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
        # Get the input
        read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});

        # Split the name-value pairs

    }
    else {
        &error('request_method');
    }

    # For each name-value pair:
#

        # Split the pair up into individual variables.
#
        local($name, $value) = split(/=/, $pair);

        # Decode the form encoding on the name and value variables.
#
        $name =~ tr/+/ /;
        $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

        $value =~ tr/+/ /;
        $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

        # If they try to include server side includes, erase them, so they
        # aren't a security risk if the html gets returned.  Another
        # security hole plugged up.
        $value =~ s/<!--(.|\n)*-->//g;

        # If the field name has been specified in the %Config array, it will
#
        # return a 1 for defined($Config{$name}}) and we should associate
#
        # this value with the appropriate configuration variable.  If this
#
        # is not a configuration form field, put it into the associative
#
        # array %Form, appending the value with a ', ' if there is already a
#
        # value present.  We also save the order of the form fields in the
#

...

read more »



Mon, 24 Jun 2002 03:00:00 GMT  
 !! Please help with PGP Script!!
Tony--

Quote:
> > $pgp_config_files = "./simplepgp";

> Eh... hmmm... without looking much at the script... Are you sure this
> one is set right?

We do have the correct pgp files in the simplepgp directory and it is
located as a subdirectory on the cgi-bin directory.

Thanks,

Tim

Quote:

>      /Tony
> --
>      /\___/\ Who would you like to read your messages today? /\___/\

>  --oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
>  DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82  78A6 647F F247 9363 F1DB
>  ---???---???-----------------------------------------------???---???---
>     \O/   \O/  ?1999  <http://www.svanstrom.com/?ref=news>  \O/   \O/



Mon, 24 Jun 2002 03:00:00 GMT  
 
 [ 2 post ] 

 Relevant Pages 

1. !! Please help with PGP Script!!

2. !! Please help with PGP Script!!

3. PGP::Sign - Help needed please

4. PGP library for Perl (No PGP executable needed)

5. ANNOUNCE: PGPHTML 3.0: a perl script to make PGP signed web-pages

6. PGP and CGI E-mail script

7. Problem with PGP::Sign in a CGI script

8. PGP encryt script that does NOT USE A TEMP FILE

9. How to call PGP from Perl Script?

10. PGP encryt script that does NOT USE A TEMP FILE

11. Perl Scripts for use with PGP/solaris

12. ANNOUNCE: PGPHTML 1.3: a perl script to make PGP signed web-pages

 

 
Powered by phpBB® Forum Software