|
Posted by rjvennes on March 10, 2007, 6:43 pm
Please log in for more thread options
I'm creating a CGI application where customers enter information in a
secure form... the server takes the data and encrypts it using a
public key, then saves it to MySQL.
All works fine, when testing, I can then get the encrypted chunk out
of MySQL, apply the private key and see the data just fine.
Here's the problem. I don't want the private key to live anywhere on
the server, but only on local machines. The idea is to have the
private key uploaded into memory and used to decrypt the data so it
can be viewed over a secure web page.
Here's the snippet that loads the key into memory using CGI upload.
This seems to work fine... Printing the value of PrivateKey looks
like the key supposed to...
my $SUP_PrivateKey = $cgi->param( 'SUP_PrivateKey' );
my $PrivateKey = '';
my $size = 0;
my $bytes_read = 0;
my $buffer = '';
while ($bytes_read=read($SUP_PrivateKey,$buffer,4096))
{
$size += $bytes_read;
$PrivateKey .= $buffer;
}
Here's where the problem is... Crypt::RSA::Key::Private, wants a
local file name... won't take the CGI upload name and I don't want to
store the private key on disk, not even for a nanosecond.
my $key = new Crypt::RSA::Key::Private (
# Filename => $SUP_PrivateKey, # this doesn't work
Password => $SUP_PassCode,
);
So I tried to take the PrivateKey string and deserialize it... Cuz
it's the only function that I could find that would take the key as a
string... but obviously there is something wrong with it's format.
$key->deserialize(String => $PrivateKey);
But I get this error: "Can't use string (" bless( {
Vers") as an ARRAY ref while 'strict refs' in use at /usr/lib/perl5/
site_perl/5.8.5/Crypt/RSA/Key/Private.pm line 211."
I created a local decrypt PERL script and then debugged it... when
Crypt::RSA::Key::Private->read loads the data from the local file,
from inside the read function, it seems to look exactly like the value
that I have in $PrivateKey.
Can anyone help the clueless?
Thanks ahead of time...
|
|
Posted by rjvennes on March 10, 2007, 6:49 pm
Please log in for more thread options
Here's what the printed value of my private key looks like after the
while/read..
PrivateKey: $VAR1 = bless( {
'Version' => '1.91',
'Checked' => 0,
'private_encrypted' => bless( {
'_phi' => 'Blowfish
qBCdVmWWOfeDYmFme7m4xA
53616c7465645f5fe66d3595ca170e2353c17ff291b3891678ab4020cfe1cac8e79a31b48faab1a2e739127455b1d5b20b9a569c6b58adb5dd99b335653e81a9fa74a0b8922324cc0c0fe0b92454353a054761922e2c114c3c596d1c53ff96155e2eab3046e3fd231d104da2e39532cf9e647ac4c07b87b5695dea36ad242639d797f344c2be2e62cd776f8bf7f8a1b658909a2bc4fd5f9d68299e935279d1ce02907bc80c388a9a235e6f80a89ab62450dd98c92c814790f123d8756570bf9bb7d370407a0e5e3fbcc1fb1717053ba14659e4b4b9ce29531a1b3dc92d2e0660112d41fc5948a0cf8288ce6f7cf34ca8ce059448a2807ad1e40df6a2f977b5fa135c7c5656919949ce33cfd10ce4ebb70ee49b8621ba17dcb53bff5066eeb6e58cbefaa20fc74bf8de42b81aeb42e370b06acab63eb1cd3e3aa04902f32630e45a8094aa3cc90a0e41c298d555b1a315a8776bef5c5b780e1d3b05e4a3a71bcad5467d5160b071cb30792395f9dac866cc220d40650c1ec6e4ac1ba09fb541b2e7d61fa228eeae22a0fbdbfaeec854c95a77c7c6e7890b356923fd7d7337ff2ca17c24c1e177cdae2da5dd12d1fdc3d82ed264f7de6744897aee90296ed6580c5604582fa3f476db5f40fb16fa02a1973f1b46e2620394983dc28c5431f0b686a2ff6eed71ea41f0628682d37077e4f2c2d31b751497d2101c6b8935db7951fd452fabe40fe3520bba104279835cfbf18bc06d5e2619a598d3ff8ddc05cad50f31ae3fa4312f00f196aa91c79c1adcdfba85474b16ebcf5ce64ef0c150a13adb5f1fe790664b0782ba7cbd892167583ff85419425cc587d45180d4e929f4c3fc2b088570a1b91fd8f68b8611f5c9108f8c3c090b140725a960194196ca14c0d0',
'_n' => 'Blowfish
Lheeecnie/AP0xWY5zfVFQ
53616c7465645f5f8097f164a237a6c732eaa0c72e05801bd1624d0679acd604d0afef9e27ad01aad0ac60042bd5951786e8b221ec64e49dee762dd4b98dc74cd9ef4b5d6109300ed9f957a1abbb8d808a4ebd59f9ea03a6ec3534ea26869406027ec617b57f311bbe1d87b43f57d5e29e13f9de399dc203a41ad8116ed8308ac490487d7acb2411f424f3dd54729ff9a0964ea8077abc994569ceebe07225c126d82b69ba5b454bab3a1edfb962eac397ad9287b8fab7d01b52dd6cbb4c85fbf0627225806dad70f9742fc7a7e693cef51d1f07a141e42d0d18a97b6c49f953c8f7783c569bd293aad127cd0280bbf80a3177dd51305da4711641a681d0e7854ff257d512d859bc0aff9e32f561f9ba80d0af5623f1bc7f97fb3dbb847dbffadd967aa5565a69c6e41e48b3ed7d2029162ba4b006f1b56862c5189f3728a5efb357aad24af9080d4b134b3c7197a36fe632e87c77f0c736e82b901d62e19001419c63e1b2e8016e34a50fe6547d658f6ea46e5991e79047858e02abd7ce2d86fc6f26092a79ab755e2508d2c763d96ce539e0076fa3c01bcb6f7eae6423e84e7aacde9785d67931079d006cf272997a00d074288946c6bd11262e109501b2690ca603351a5e2068e65ba1bc4d867a5e32d20c5f209cb9c9f1b1247c4466a2a86a043f3a2b7c624b1c923d58fc4eea79214106c2b0bc074792e167e7cda7ff0ce3ac9e4da7573e893926312c889e84a1b5dfa56cdde86041516ea0012232f2d78e7c44d1dd11975e4605bb3d39b68ba881449a32cef2e86447d259722abde5cfe55112a896be28a2ab635817968908a20a90b5a2fb43bca20ba5d8265214b5e6473015842d0fb2b37038cad45e24866261de93e90c90c970e67e30f36d794b08',
'_q' => 'Blowfish
rDzYg7pd6ch+vaZyAzeqJQ
53616c7465645f5f61685a02c1a25dfc4f201a7b31de85b8d62651d5bcdedc27448c02f58d214b8aeb1c703ea16e0cd19927f86e051327ea702cf4264d8d795879dea042dc2bae33402c495217a6a5f5fe117930feec1576e4ee17899526d5f4e0300c6b3b81df45f610050fbdb8a747e3b66aa6bdaade3ac18ff5eac640537c7887b47f7b8b3cb0742a1d204c337e0cd483d1e7647d800af7b42e8ed81d5d078dbfc84af9a09f6ccf4dae622b31968038a66edc5fdf2485c2028088068e8cc2777736e9b2ed5c97e2a334190cb5563e8804ad9c4fb822da430dba0b8ed83d6f11f984d955250164447525f6fa73bf874f7dfd9a9535964458d29cda9f34c47e2b4afa63f2547aefd199cf4670d2adecb63b463ca1a9464150f8d2c0756e29277c8848a6469cc5e3be70d42374da6061949fec2b340ebe65e067e8be2b8e6dc262ef06f4a5475e0c',
'_p' => 'Blowfish
4woN9Mt7D1cjDMVYnI1fOg
53616c7465645f5f21e23435816db75f5402ae43d820387568c684548947f45f5b6f4fc9b6de105a2b091a879e5dd0b69a3714782c56d72044cf306df8c3316cc1c90c7e9bdb313639c33d978494c5c4a9cfd4d9906279e51c9ddad3906b8a3cbf616f6b7f7d5e7e8b468da54e0a48465290bd5c1cbea86147c22c6c01ccd2a62786e91a5c38efa7d1ea7cab4c75e5206fdb9deafb15f5e228d2aa7bee764db21c56134a9e84f3cde041fa07bb5264e121dd50042e592291829cda40d3a07f19ea39e8d66af336f33abf849886566865ea0cf78f1cd5d25011f719c09d7ca1fe175f8450ec605e078a9b3fb226f785998f34a15eb634ff71a66cce95dbc01ad10e4162e3f6255ddffcaa925fece5ca0c7ad9a42f898122c80e3ef5ee76b05903c3e76cdf9bf89506346d17129d2d59996b2ce0a5b3b2ff218c1233bed4135bb68e7945aaaaa1050d',
'_dp' => 'Blowfish
zHS4OPgNMN9uXd0jGa8DEg
53616c7465645f5f04bb6f5fcbc99ba4c254847c3138310772432e4b5753926688d1199529a96241701ef5670b3fcf158194463aef01c0ab7b3940efcef4ee78f4a8fafc65b994783fdbed9d16520391db9c6f578c913212d5a96c3ccc073aab9619b64376d025941350f665805e8972bb909ba23b6cdb84ff4693ea4ef634325df7db692eef62cf13da64c41774c3b2dea0fde1d7db6da7d2ff0e98d520093b2e5585b6deba9964b3db4f70260ececd9052208e01474f3f75df81cfda9c7e185a96404cbb707caf923cbaa04ef5ccf50583958b82bae570917c9801071be845729c01e891be18b32db120cb024ccdcc6cc1f9f326565ed3799965047c30df8c0059055947b033f069fd08e5d5a4b1001d4b91331e7ade93be511976a95f378bd53ab26c06baad66f85fa4aa3ec131b54a493a265019b2bc87e5a0adb27b56f6471c73426baa90d4',
'_u' => 'Blowfish
aAcJZQ6ZIZoDENGBEINZXQ
53616c7465645f5ff2c86e4cf15fda712a164b7386c85519880c50e99512dbfd123c6d756b75907b169dce32c2dfb0c85b80fdf47f7db1231de919c73872a5919df450a14c9b56dbe114e2b4f9d75eb6390e01aa0b490ac9631742c585dd32c8d974eb64519648a40306e229b78dc9b6955a94a12954e23a3667db4f0ca866ec01f59d58568638be756a4909a0b9acdf9085bd9ab871f69cee60dcf597d1c6cbeefe2acd9e660c4ef50e49f037013854701a6707fc8173f5ccfb1ca74b639bc0b6f05880af25b2871f2d6f86d1cd2ce3124c8b0fec61a8a3c82d259fb5c6d7a9b9bff46e73234e752c8cd4001658769cd4c1805ff224688c1dff9a44018c0e993bf17ac0a1ea51fae8721d256ef0661a6cddbfe3c4bc44df97fb559889ea30e32ef22233ca34ccc2c85c1696edf3d9b6c59a8aa70a282dcc5595315e659982297111a042fed38905',
'_dq' => 'Blowfish /
jiqdDIqK+zq+7OyZGgEYA
53616c7465645f5f05b7b755f9ab12796e30c7004d71328377853eec1515dda10c9f428cca3b609a4d279c631fe5acdfb2dbfbb491544b8be455e9ec990c194d58994972f537390e6e933b036e50cd7f775ae2df61a1e18a563b8cb39a93c4a91d37463b1636c728598ad09f9a1311abd3613b016a8ac61d146083a0294bb8ee99dba1ac8cba501998c842c38d349eb7de74a34380f424a49206374772cc4302f0eb21e2b7a1ab4dbde7df19e742cdc278ce70a5d49c6da8a3d11ed8fdeb27244fd280fada266d638544c91655a7ddd83e335fcc2dfddaf2307e6520268dcd4a2134b6188f52d6751f0a6614cb8e76515a0173900ab6c890491fd3d72dd999f051c954aabc1746d5ca1ed436f51277c2a3565d2ae327406f8b23bb1e3bd05ac2f35aa2fe9189872dc8842fd0d80150de845f7d5c2c9f9e987debeeffa2056ac89ba66e0f0bcfc5d0',
'_d' => 'Blowfish
e2+Jzgo5n3+ny6oEyXaj9A
53616c7465645f5fc6eacd058e7a124741f436a7e546b817add112892b2d37c18f0516f0a76efaeac01f1d59bcf3bc743a352ecd3ed009715d1f691105c79814bc736a370e70fdd495bd2e113d94f3a9ebf2fd377cf3914a75e0541ce6c44bd37a4b3308f75f10b4535ec78b3857b4931cf29c51d16faf0b24e1e52539848b54aa5915a10172adb18dab000c9ad11bae7f60b8ae0cb9aea4386cf4a749c42bc6be895f908ebebb3d31ef4086b8411b5ae3aceb8cd281ddf92fd24ed9c8b4f182619f8c07a18502a502bb6b609f7454265e80de8d5323d5f2a99ee3cd04c7d6e815dd72a73705658ab5601757ee65dbfcf1e33e960c3e7050c5a9cf542068ff0f3083e8416d4610e36a992d2d4302358fce839db12a28c8b11f33984f44b2caed93e5bce5055145ba3a01af37ad921d32ef99c736c8dedd981aee66b4dee24b67bba2a0378305571e99c5dd6249d1a6011684dbe565a03610aab23063d731a3d36145af33b9b46b4a4f4d4c45b250bd7cd1f2dda87c0a43e03f1b4da0af56a8336374c08c75d1af72d66a6418e463ebfa11ea52dc327c2ddfe0fe5e696c871ad19ed177fb1140e83d4c62cbe0665a7457765a9598ccdd9ba19b694bf318fcec0d1d6f4d251ddcd2d5db50501f171acb6c70b896a845018b1dce48498f9658bb0e688acbb34dc1e7e83fde4b47e9a9b703732aaf97db203577bfdb30519cf8a0eae890fe159678895990dda00726549911d41a0cbc02bb9d8f7a4a34e022e383ea847665c7dff9a0f4f1b082de60240e7879e86283a2f0239b7b31935993f41c9604c2784fc673cb070106273f6bcc975cab2f38f8bd274536d327ca710304b2e544552f469ea7c67901593ef39570920d2a1815b77a795f933a8cb4298ac60067',
'_e' => 'Blowfish
EzK9HcfPA2zj4wouO9lMww
53616c7465645f5f8530bd4e995bc2354b5ab0e90d5eb91b'
},
'Tie::EncryptedHash' ),
'Cipher' => 'Blowfish'
}, 'Crypt::RSA::Key::Private' );
And yes, before moving this project to production, I plan on changing
the keys... ; - )
|
|
Posted by Mumia W. on March 11, 2007, 3:39 am
Please log in for more thread options
On 03/10/2007 05:43 PM, rjvennes@hotmail.com wrote:
> I'm creating a CGI application [...]
>
> Here's where the problem is... Crypt::RSA::Key::Private, wants a
> local file name... won't take the CGI upload name and I don't want to
> store the private key on disk, not even for a nanosecond.
> [...]
>
> $key->deserialize(String => $PrivateKey);
>
> But I get this error: "Can't use string (" bless( {
> Vers") as an ARRAY ref while 'strict refs' in use at /usr/lib/perl5/
> site_perl/5.8.5/Crypt/RSA/Key/Private.pm line 211."
>
> [...]
A quick look at the documentation at
<http://search.cpan.org/~vipul/Crypt-RSA-1.58/lib/Crypt/RSA/Key/Private.pm>
suggests this to me:
use Data::Dumper;
$key->deserialize(String => Dumper($PrivateKey));
Another possible, non-Perl option would be to use a ramdisk to store the
private key (momentarily).
|
|
Posted by Peter J. Holzer on March 11, 2007, 9:21 am
Please log in for more thread options
> I'm creating a CGI application where customers enter information in a
^^^^^^^^^^^^^^^^^
> Here's the problem. I don't want the private key to live anywhere on
> the server, but only on local machines. The idea is to have the
> private key uploaded into memory and used to decrypt the data so it
> can be viewed over a secure web page.
If you are really writing a CGI application (as opposed to, e.g., a
mod_perl or FastCGI application) that can't work. Every invokation of a
CGI script is a separate process, so you can't keep any information "in
memory" between them, you have to use some kind of storage which is
accessible to multiple processes. You could use shared memory or a RAM
disk, but for a server which typically runs many months between reboots
that's about the same as a hard disk from a security point of view.
hp
--
_ | Peter J. Holzer | Blaming Perl for the inability of programmers
|_|_) | Sysadmin WSR | to write clearly is like blaming English for
| | | hjp@hjp.at | the circumlocutions of bureaucrats.
__/ | http://www.hjp.at/ | -- Charlton Wilbur in clpm
|
|
Posted by rjvennes on March 12, 2007, 12:28 pm
Please log in for more thread options
The CGI script only need to exist for a single process... nothing
needs to be passed to another process.
Using Mumia suggestion of:
use Data::Dumper;
$key->deserialize(String => Dumper($PrivateKey));
didn't seem to work either. But I included it in the test program
below... Much easier to debug this than a CGI...
#!/usr/bin/perl
use strict;
use warnings;
use Data::Dumper;
use Crypt::RSA;
use Crypt::RSA::Key::Private;
my $passphrase = "my secret passphrase";
my $DIR_PrivateKey = "/develop/Projects/Decrypt/key.private";
# Load the cyphertext
my $infile = $ARGV[0];
if (! -r $infile)
{
die "Can't read input $infile\n";
}
open(INPUT,"<$infile") ||
die "Can't input $infile $!";
my $cypher = join(qq{}, <INPUT>);
close INPUT;
print "The cyphertext is:\n$cypher\n\n";
# Load the private key into memory
my $PrivateKey = '';
open (INPUT, $DIR_PrivateKey) || die "can't open $DIR_PrivateKey:
$!";
while (<INPUT>)
{
chomp;
$PrivateKey .= $_;
}
close(INPUT) || die "can't close $DIR_PrivateKey: $!";
print "Key loaded... Read size " . length($PrivateKey) . "\n";
print "$PrivateKey\n\n";
# set private key object (passphrase)
my $key = new Crypt::RSA::Key::Private (
Password => $passphrase,
);
# set private key object (key)
$key->deserialize(String => Dumper($PrivateKey));
# decrypt message
my $rsa = Crypt::RSA->new();
my $message =
$rsa->decrypt(
Cyphertext => $cypher,
Key => $key,
Armour => 1,
)
or die "Unable to decrypt cypher! - ".$rsa->errstr();
print "The message reads:\n$message\n";
|
| Similar Threads | Posted | | Crypt::DH Crypt::Random install problem | May 9, 2005, 5:25 am |
| Crypt::Tea becomes Crypt::Tea_JS | January 17, 2005, 1:14 pm |
| Crypt::RC5 128 | April 5, 2006, 10:31 am |
| RFC: Crypt::Skip32 [try 3] | September 24, 2007, 12:51 am |
| (ANNOUNCE) Crypt::FileHandle | October 24, 2004, 12:08 am |
| Des::Crypt Will not Compile On Solaris 8 Using GCC | December 7, 2005, 2:58 pm |
| Crypt::SSLeay + OpenSSL 0.9.8 | July 21, 2006, 5:31 am |
| Crypt::SSLEay for Windows | March 7, 2007, 1:08 am |
| Crypt:DES make problem on Solaris 9 | March 10, 2005, 12:39 pm |
| Crypt:DES make problem on Solaris 9 | March 10, 2005, 12:52 pm |
|
XML Sitemap