WebStore 400CS Shopping Cart - RDC Software

Previous | Next Main Index: Frames | No Frames Document: Frames | No Frames


WebStore PGP Encrypted E-mail Online Demo

General Information
Creating and Distributing PGP Files: Create PGP Files on your Server; Distribute PGP Files
Configure WebStore for PGP: $pgp; $pgp_directory; $pgp_user_id





General Information


PGP must be installed on your server.
If your server does not provide PGP, set $pgp = '' in ws_global.setup, disabling the use of PGP in WebStore.

Review the following PGP documents:
PGP PGP 2.6.2 User's Guide, Volume I: Essential Topics
PGP PGP 2.6.2 User's Guide, Volume I: Special Topics
PGP 2.6 Man Page

PGP 5.0 Man Page
PGPE 5.0 Man Page Encrypts and signs messages

PGPK 5.0 Man Page Public and Private key management

PGPS 5.0 Man Page Signs messages

PGPV 5.0 Man Page Decrypts and Verifies messages

PGP.CFG 5.0 Man Page Format of the configuration file used by pgp

Check your server's PGP FAQ, Consult with your server's administrator
To gain access to the server's PGP program, you may be required to provide your server's administrator with proof that you are a resident of the United States.

Purchase and install PGP on your local PC
A license to use PGP commercially may be purchased from McAfee's Store.

You will be creating RSA key files on your server.

REFER TO YOUR SERVER'S MAN PAGE FOR pgp.
Do not assume the instructions for pgp in this file accurately describes your server's pgp installation or that you can execute pgp commands on your server.


Top of Page


Creating and Distributing PGP Files


Create PGP Files on your Server:

Create a folder in your domain's root directory named .pgp (starting with a dot).
The directory accessed with the URL http://www.YourDomain.xxx is your domain's root.

To generate a public/secret key pair, telnet to your site and issue one of the following commands based on the version of PGP installed on your server:

PGP 2.6

pgp -kg
PGP creates the following files in the .pgp directory:

pubring.pgp - Public key ring file secring.pgp - Secret key ring file randseed.bin - Random number seed file

The RSA Key Generation section of the PGP User's Guide, Volume I describes the process of generating a public/secret key pair.
PGP 5.0

pgpk -g
PGP creates the following files in the .pgp directory:

pubring.pkr - Public key ring file secring.skr - Secret key ring file randseed.bin - Random number seed file

With the exception of the PGP command, the RSA Key Generation section of the PGP User's Guide, Volume I describes the process of generating a public/secret key pair. Refer to the PGPK 5.0 Man Page as well.

Make a note of the user ID and pass phrase you use to create this public/secret key pair.
Store the user ID of the public key in $pgp_user_id in ws_global.setup.

Enter the pass phrase when decrypting a file or e-mail message on your local PC. PGP will prompt you to enter the pass phrase.

Do not loose the pass phrase
Loosing the pass phrase renders the secret key useless. You will need to create a new public/secret key pair.
WebStore is distributed with a copy of PGP's config.txt in WebStore's /Pgp directory for use with PGP 2.6.


Distribute PGP Files:
: Using FTP, transfer the public key (pubring.pgp or pubring.pkr), the secret key (secring.pgp or secring.skr), and randseed.bin to your local PC as BINARY files.; Place a copy of pubring.pgp (or pubring.pkr) and randseed.bin in WebStore's /Pgp directory on your server.; Import the secret key (secring.pgp or secring.skr) into the PGP program installed on your local PC.; Messages encrypted on your server using the public key (pubring.pgp or pubring.pkr) may now be decrypted on your PC using the secret key (secring.pgp or secring.skr).


Top of Page


Configure WebStore for PGP


Variables controlling PGP encrypytion are located in WebStore's global setup file, /Web_store/ws_global.setup.


$pgp = '/usr/local/bin/pgp'; PGP 2.6 $pgp = '/usr/local/bin/pgpe'; PGP 5.0
$pgp is the UNIX path to your system's PGP program.

If the path defined in $pgp does not point to your server's PGP program, all scripts generate a System Files not Found message.

If your server does not provide PGP, set $pgp = ''.

Setting $pgp = '' disables PGP encryption of administrative order e-mail messages in WebStore.


Index

$pgp_directory = $basedir.'/'.'Pgp';
$pgp_directory is the UNIX path to WebStore's Ppg directory. $pgp_directory can point to the .pgp directory where you created the PGP files.

Place copies of pubring.pgp (or pubring.pkr) and randseed.bin in this directory. These are the PGP files you created on your server.

WebStore is distributed with a copy of PGP's config.txt in the /Pgp directory for PGP 2.6.


Index

$pgp_user_id = "Your Name <username\@YourDomain.xxx>";
$pgp_user_id is the user id of the public key used for encrypting order e-mail messages delivered to the store's administrator. The user id was assigned to the public key when you created the PGP files on your server.


Index


PGP, Pretty Good Privacy, and the Pretty Good label for computer software and hardware products are all trademarks of Philip R. Zimmermann. PGP is (c) Copyright Philip R. Zimmermann, 1990-1994. All rights reserved.


Top of Page

Previous \| Next	Main Index: Frames \| No Frames
Document: Frames \| No Frames

PGP 5.0 Man Page
PGPE 5.0 Man Page		Encrypts and signs messages
PGPK 5.0 Man Page		Public and Private key management
PGPS 5.0 Man Page		Signs messages
PGPV 5.0 Man Page		Decrypts and Verifies messages
PGP.CFG 5.0 Man Page		Format of the configuration file used by pgp

WebStore PGP Encrypted E-mail Online Demo

WebStore PGP Encrypted E-mail
Online Demo