Radical Hacks : PGP for NT sent in the following hack...

I found that the old pgp-lib wasn't working right for me under NT, and spent some time debugging it. I ended up just writing some custom code for a basic credit card processing form, but thought the following summary might be of use to someone else:

  1. Installed the latest PGP for windows (6.5.8) from: http://web.mit.edu/network/pgp.html

    I did this step on both the server itself (NT4 running IIS and ActivePerl) and on my home computer. I generated unique keys on both machines the first time I ran PGPKeys.

    I then verified PGP functionality by using the NT command line tool to encrypt a file and manually transferred it home where I decrypted the contents with my home private key.

  2. The next challenge was getting it to work under IIS. I created a very simple script that had variables hardcoded, but most importantly I printed out all of the environmental variables. By running the same script under the command line and via IIS and I was able to spot the crucial differences. The biggest one was either the TMP or TEMP variable, which was missing under IIS context and as a result, I couldn't encrypt with the -f option. Since this form processing script would be handling credit cards, I didn't want to write it to disk (although I could do that without defining TMP and it worked). Defining both variables solved the -f issue and I've verified that it's working well.

The relevant code snippet (still in progress but definitely functional) looks like this:

use CGI qw(:standard);
$append = int(rand(time));
$pgp_file = "C:\\Temp\\$append.pgp";
$stderr_tmp = "C:\\Temp\\$append.stderr";
$pgp_id = param('pgp_id');
$pgp_exe = "pgp -fea $pgp_id +VERBOSE=0 >$pgp_file";
$ENV{'PGPPATH'} = "C:\\Program Files\\Network Associates\\PGPNT\\PGP
$ENV{'TEMP'} = "C:\\Temp";
$ENV{'TMP'} = "C:\\Temp";
# Redirect stderr to a randomly named temp file
# otherwise license info appears in client output
open (STDERR, ">$stderr_tmp");
open (PGP, "|$pgp_exe");
print PGP $email_text;
close (PGP);
if (-e $pgp_file) {
    open(ASC, "<$pgp_file") || die ("Could't open $pgp_file message file
for reading");
    while () {
        $email_msg .= $_;
    close (ASC);
} else {
    print "

Fatal error encrypting message, please contact $responsible_party about this error. "; exit; }

Finally, at some step along the way I had to copy over a directory with the PGP keyfile from:

C:\WINNT\Profiles\Administrator\Application Data\PGP
C:\WINNT\Profiles\All Users\Application Data\PGP

I'm not 100% sure that the last step was necessary, and will be doing another clean installation soon so I can test and refine the procedure at that point.