Discussion:
Simple Secure 3.33
(too old to reply)
Al Moodie
2008-09-23 15:27:58 UTC
Permalink
Hi,

I'm trying to set up Simple Secure 3.33 to send encrypted emails to me
from a form. I'm on Unix.

The form works if emails are unencrypted but when I it to encrypt
using PGP 262, I get the following in the body of the receivd email:

------------------------------

<COMMAND>/usr/local/bin/pgp262 -feat +batchmode +force vp-order >
/usr/www/users/myaccountname/tigervitamins/cgi-bin/ssecure/temp/69714.pgp</COMMAND>
<RESULT>Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the
masses.
(c) 1990-1994 Philip Zimmermann, Phil's Pretty Good Software. 11 Oct
94
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security,
Inc.
Distributed by the Massachusetts Institute of Technology.
Export of this software may be restricted by the U.S. government.
Current time: 2008/09/23 15:11 GMT
Preparing random session key...
We need to generate 192 random bits. This is done by measuring the
time intervals between your keystrokes. Please enter some random text
on your keyboard until you hear the beep:
cannot open tty, using stdin

Unable to get terminal characteristics: ioctl: Inappropriate ioctl for
device
</RESULT>

--------------------------------

pubring.pgp is in place and has been used in previous pgp set up,
contains correct key, has correct permissions.

randseed.bin is in place and has correct permissions

Any help appreciated.

Al Moodie.
1PW
2008-09-23 17:49:05 UTC
Permalink
Post by Al Moodie
Hi,
I'm trying to set up Simple Secure 3.33 to send encrypted emails to me
from a form. I'm on Unix.
The form works if emails are unencrypted but when I it to encrypt
------------------------------
<COMMAND>/usr/local/bin/pgp262 -feat +batchmode +force vp-order >
/usr/www/users/myaccountname/tigervitamins/cgi-bin/ssecure/temp/69714.pgp</COMMAND>
<RESULT>Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the
masses.
(c) 1990-1994 Philip Zimmermann, Phil's Pretty Good Software. 11 Oct
94
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security,
Inc.
Distributed by the Massachusetts Institute of Technology.
Export of this software may be restricted by the U.S. government.
Current time: 2008/09/23 15:11 GMT
Preparing random session key...
We need to generate 192 random bits. This is done by measuring the
time intervals between your keystrokes. Please enter some random text
cannot open tty, using stdin
Unable to get terminal characteristics: ioctl: Inappropriate ioctl for
device
</RESULT>
--------------------------------
pubring.pgp is in place and has been used in previous pgp set up,
contains correct key, has correct permissions.
randseed.bin is in place and has correct permissions
Any help appreciated.
Al Moodie.
Hello Al:

Are you logged into the Unix system remotely through a PC? If so, and
if you have no dumb terminals attached to the Unix system, you may need
to temporarily get/install PGP 2.6.2 on any Windows/Linux based PC first
to generate the content for the two rings. Or...

I believe you probably aren't establishing the correct "terminfo"
through "setterm". As an alternative you might try using a legacy
terminal emulator application program from where you're trying to
initially set up your passphrase.

Are you using telnet, ssh or the like?

I believe you want to try to emulate a terminal such as a DEC VT100
(just an example).

Try giving us more detail on how you're logging into the Unix system and
which Unix distribution it is.
--
1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
Al Moodie
2008-09-23 20:15:48 UTC
Permalink
Post by 1PW
Are you logged into the Unix system remotely through a PC? If so, and
if you have no dumb terminals attached to the Unix system, you may need
to temporarily get/install PGP 2.6.2 on any Windows/Linux based PC first
to generate the content for the two rings. Or...
I'm running Free BSD Unix Apache on a remote server which I rent and
have exclusive use of.

This is a web application

I have the form at:
http://www.tigervitamins.com/starter_specials/starter_specials_form.htm
only the "text" field is relevant at the moment.

I post the form to a Perl script on my server and it sends an email to
me. The Perl script runs and sends the email OK but the PGP encryption
fails. Have added "print" statements to the script so you can see
results without seeing the resulting email. Here's part of the script:

----------------------------------------------

sub pgp_encrypt {
local($output_text, $output_file) = @_;
local($pgp_output);

print "\$output_text = $output_text <br><br>\n";

$ENV{"PGPPATH"} = $pgp_config_files;
$pgp_public_key_user_id = $Config{'pgp_key'};

if ($pgp_version eq "2.6.2") {
$pgp_command = "$pgp_path -feat +VERBOSE=0
$pgp_public_key_user_id >$output_file";
} else {
# $pgp_command = "$pgp_path -r \"$pgp_public_key_user_id\" -afq
+batchmode=1 -o $output_file >/dev/null";
$pgp_command = "$pgp_path -r \"$pgp_public_key_user_id\" -af -o
$output_file > /dev/null";
}

print "\$pgp_command = $pgp_command <br><br>\n";

eval 'use vsPGP';

my ($objPGP) = new vsPGP;
$objPGP->Version(2.6.2);
$objPGP->PgpExePath($pgp_path);
$objPGP->PgpKeyPath($pgp_config_files);
$objPGP->PgpTempDir($pgp_temp_file_path);

$objPGP->PublicKey($pgp_public_key_user_id);
$objPGP->PlainText($output_text);

if ($objPGP->Encrypt) {
return $objPGP->EncryptedText;
} else {
return $objPGP->Result;
}


return($pgp_output);

}

----------------------------------------

PGP 262 is installed on my server, I have another application which
uses it every day.

I uploaded the pubring.pgp file from my existing application to the
appropriate directory on the server together with randseed.bin

The Perl script is set to use the key from the other application I
have working.

I have also tried generating and using new key pairs using a "PGP
Keys" plugin I have with Eudora but problem remains.
Post by 1PW
I believe you probably aren't establishing the correct "terminfo"
through "setterm". As an alternative you might try using a legacy
terminal emulator application program from where you're trying to
initially set up your passphrase.
Are you using telnet, ssh or the like?
I believe you want to try to emulate a terminal such as a DEC VT100
(just an example).
Try giving us more detail on how you're logging into the Unix system and
which Unix distribution it is.
Can't think of ay other info you might need.

Why does PGP ask for random keystrokes when it is run from a script.
Makes me think "randseed.bin" is not working, whatever it does.

Thanks,
Al Moodie,
1PW
2008-09-24 01:22:43 UTC
Permalink
Post by Al Moodie
Post by 1PW
Are you logged into the Unix system remotely through a PC? If so, and
if you have no dumb terminals attached to the Unix system, you may need
to temporarily get/install PGP 2.6.2 on any Windows/Linux based PC first
to generate the content for the two rings. Or...
I'm running Free BSD Unix Apache on a remote server which I rent and
have exclusive use of.
This is a web application
http://www.tigervitamins.com/starter_specials/starter_specials_form.htm
only the "text" field is relevant at the moment.
I post the form to a Perl script on my server and it sends an email to
me. The Perl script runs and sends the email OK but the PGP encryption
fails. Have added "print" statements to the script so you can see
----------------------------------------------
sub pgp_encrypt {
local($pgp_output);
print "\$output_text = $output_text <br><br>\n";
$ENV{"PGPPATH"} = $pgp_config_files;
$pgp_public_key_user_id = $Config{'pgp_key'};
if ($pgp_version eq "2.6.2") {
$pgp_command = "$pgp_path -feat +VERBOSE=0
$pgp_public_key_user_id >$output_file";
} else {
# $pgp_command = "$pgp_path -r \"$pgp_public_key_user_id\" -afq
+batchmode=1 -o $output_file >/dev/null";
$pgp_command = "$pgp_path -r \"$pgp_public_key_user_id\" -af -o
$output_file > /dev/null";
}
print "\$pgp_command = $pgp_command <br><br>\n";
eval 'use vsPGP';
my ($objPGP) = new vsPGP;
$objPGP->Version(2.6.2);
$objPGP->PgpExePath($pgp_path);
$objPGP->PgpKeyPath($pgp_config_files);
$objPGP->PgpTempDir($pgp_temp_file_path);
$objPGP->PublicKey($pgp_public_key_user_id);
$objPGP->PlainText($output_text);
if ($objPGP->Encrypt) {
return $objPGP->EncryptedText;
} else {
return $objPGP->Result;
}
return($pgp_output);
}
----------------------------------------
PGP 262 is installed on my server, I have another application which
uses it every day.
I uploaded the pubring.pgp file from my existing application to the
appropriate directory on the server together with randseed.bin
The Perl script is set to use the key from the other application I
have working.
I have also tried generating and using new key pairs using a "PGP
Keys" plugin I have with Eudora but problem remains.
Post by 1PW
I believe you probably aren't establishing the correct "terminfo"
through "setterm". As an alternative you might try using a legacy
terminal emulator application program from where you're trying to
initially set up your passphrase.
Are you using telnet, ssh or the like?
I believe you want to try to emulate a terminal such as a DEC VT100
(just an example).
Try giving us more detail on how you're logging into the Unix system and
which Unix distribution it is.
Can't think of ay other info you might need.
Why does PGP ask for random keystrokes when it is run from a script.
Makes me think "randseed.bin" is not working, whatever it does.
Thanks,
Al Moodie,
Hello Al:

Perhaps more clues have come to light. Although the pubring.pgp file
was needed on the server, me thinks you also need the secring.pgp file
in the same ".pgp" directory. Unless, you also meant to say the secret
ring file is there too. If the secret ring wasn't there, it might lead
me to theorize that PGP fails to explicitly find the secret ring file
and therefore it attempts to generate a passphrase and keypair. But,
I'm purely guessing here.

I looked for a definition of the options you are using in the command
line. I believe what's being asked is to 'filter', 'encode', 'ascii',
and 'text'. Used with '+batchmode' and '+force', they seem ok.
At some point, it may be prudent to know if vp-order is indeed the
recipient. Plus I see where the owner of the secret ring has to not
only sign their own key as usual, but they must also sign the
recipient's entry in the public ring file too. Also I'm not sure if
"69714.pgp" would be entirely acceptable as an input text file.

Perhaps you could go over that command line field by field for your
your understandings and detail it here.

Best regards to you.

Pete
--
1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
Al Moodie
2008-09-24 03:00:52 UTC
Permalink
Post by 1PW
Perhaps more clues have come to light. Although the pubring.pgp file
was needed on the server, me thinks you also need the secring.pgp file
in the same ".pgp" directory.
I have tried puting the secring.pgp file in the pgp directory but it
makes no difference to the output. Surely also this would not make
sense from a security point of view exposing secring.pgp on the
server.
Post by 1PW
Unless, you also meant to say the secret
ring file is there too. If the secret ring wasn't there, it might lead
me to theorize that PGP fails to explicitly find the secret ring file
and therefore it attempts to generate a passphrase and keypair. But,
I'm purely guessing here.
I looked for a definition of the options you are using in the command
line. I believe what's being asked is to 'filter', 'encode', 'ascii',
and 'text'. Used with '+batchmode' and '+force', they seem ok.
At some point, it may be prudent to know if vp-order is indeed the
recipient.
vp-order is the name of the public key to be used in the encryption.
Post by 1PW
Plus I see where the owner of the secret ring has to not
only sign their own key as usual, but they must also sign the
recipient's entry in the public ring file too.
Sorry but I do not understand.
Post by 1PW
Also I'm not sure if
"69714.pgp" would be entirely acceptable as an input text file.
69714.pgp was a name, randomly assigned by either PGP or Perl.
Post by 1PW
Perhaps you could go over that command line field by field for your
your understandings and detail it here.
I don't have an understanding of the command line switches, I just
copied the command withe rest of the script.

Here's the body of the email message which I receive:

----------------------------------------
This message was encrypted using SimpleSecure 1.5.
http://www.verysimple.com/scripts/

Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses.
(c) 1990-1994 Philip Zimmermann, Phil's Pretty Good Software. 11 Oct
94
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security,
Inc.
Distributed by the Massachusetts Institute of Technology.
Export of this software may be restricted by the U.S. government.
Current time: 2008/09/24 02:44 GMT
Preparing random session key...
We need to generate 192 random bits. This is done by measuring the
time intervals between your keystrokes. Please enter some random text
on your keyboard until you hear the beep:
cannot open tty, using stdin

Unable to get terminal characteristics: ioctl: Inappropriate ioctl for
device
-------------------------------------

Thanks for your efforts,
Al Moodie.
Post by 1PW
Best regards to you.
Pete
Otto Sykora
2008-09-23 20:14:23 UTC
Permalink
Post by Al Moodie
We need to generate 192 random bits. This is done by measuring the
time intervals between your keystrokes. Please enter some random text
cannot open tty, using stdin
hmm, but such text normally appears when creating new key pair, a secret
key and public key.
I am now not 100percent sure, have not used pgp262 in deep details for
longer time, but somehow I think some kind of key pair, that means
inclusive a secret key should be present to make all operations go smoothly.
OK, one should not need the private key, but if there is a situation
where no private key ring exist at all, pgp might try to create one.

otto
Al Moodie
2008-09-24 03:19:43 UTC
Permalink
On Tue, 23 Sep 2008 22:14:23 +0200, Otto Sykora
Post by Otto Sykora
hmm, but such text normally appears when creating new key pair, a secret
key and public key.
I am now not 100percent sure, have not used pgp262 in deep details for
longer time, but somehow I think some kind of key pair, that means
inclusive a secret key should be present to make all operations go smoothly.
OK, one should not need the private key, but if there is a situation
where no private key ring exist at all, pgp might try to create one.
I have tried uploading the secring.pgp file to the server but it makes
no difference.

Al Moodie.
1PW
2008-09-24 10:07:43 UTC
Permalink
Post by Al Moodie
On Tue, 23 Sep 2008 22:14:23 +0200, Otto Sykora
Post by Otto Sykora
hmm, but such text normally appears when creating new key pair, a secret
key and public key.
I am now not 100percent sure, have not used pgp262 in deep details for
longer time, but somehow I think some kind of key pair, that means
inclusive a secret key should be present to make all operations go smoothly.
OK, one should not need the private key, but if there is a situation
where no private key ring exist at all, pgp might try to create one.
I have tried uploading the secring.pgp file to the server but it makes
no difference.
Al Moodie.
Hello again Al:

Something about the command line was erroneously being interpreted as a
request to generate a PGP passphrase and keypair. You stated you copied
the information, for your command line, from the script of another. We
need to determine if your command line syntax is compatible with your
undefined Unix OS.

Explicitly, the keyring(s) must reside in ~/.pgp and /your/ user account
must be the owner of that ~/.pgp directory. Your command line
explicitly makes "vp-order" the recipient. The character following the
white space character, after the recipient, is a right angle bracket,
">". Is this a requirement for your undefined Unix OS?

The next field is <inputfile> and it appears to be: /usr/.../69714.pgp
and I'm hoping this doesn't need to be a text file defined as 69714.txt

The next field would be the cipherfile and is inexplicably not defined.

The recipient "vp-order" must be present in your ~/.pgp/pubring.pgp file
*and* be signed by you.

The security of a secring.pgp file is protected by its own passphrase.
The presence of the secring.pgp file, in your ~/.pgp directory, /may/ be
required.

Best regards to you.
--
1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
Loading...