GPG

From The AgoraCart Project

Copied from previous user forum posts:

This is not necessary, but recommended if you are using the Offline (manual) payment gateway. Other gatesway such as iTransact, AgoraPay, and NiftyPay will also support some PGP/GPG type functions as well, but this tutorial is geared towards the needs of the Offline gateway.


The main thing is to add the public key that is generated on your home computer with the gnupg to the agora mananger.

Open it with a txt editor(the public key on your home computer) and copy the PGP PUBLIC KEY BLOCK and enter in the agora manager under the gnupg/pgp section at the bottom. Also when you output the public key on your computer you need to enter an email adress. Use this same email address in the gnupg/pgp section of the agora manager.

Using GPG To Send Encrypted Data Over Email (Advanced and Optional) Although the method of sending half of the order information to your email account and retrieving the other half from your account via FTP should be enough security for most, the ability to use GPG (Gnu Privacy Guard) is supported by most cpanel servers and the AgoraCart software.

If you wish to send customer order data using GPG, you must have the ability to generate a key pair on your local machine. Once you've generated the key pair, you may add the ascii-armored public_key to the keyring via the Store Manager. Below are the steps for setting up your store to encrypt form data via GPG. Note: Using this method all of the order data is sent to you via email.

1. Create a directory on your local computer as follows: C:\gnupg\
2. Download GPG from http://www.pgpi.org/download/gnupg/ and unzip/extract
3. GPG and it's associated files to your C:\gnupg\ directory.
4. Generate a key pair for yourself i.e. generate a private_key and a
5. public_key on your local machine for the person that the order data will be sent to. To start the interactive key generation session type XXXXnote below there is a gap after gpg then (two -- )gen(one -)key "gpg ?-gen-key" from a DOS command prompt while in your C:\gnupg\ directory.
6. Below is what the GPG interactive key generation session will look like. Note: The GPG handbook describes this and everything else you need to know about GPG, and can be found at http://www.gnupg.org/gph/en/manual.html

gpg ?-gen-key

Please select what kind of key you want: (1)DSA and ElGamal

What keysize do you want? 768

Please specify how long the key should be valid. 0

Key does not expire at all? Is this correct? y

Real name: Jon Doe
Email address: support@ipowerweb.com (type the email address that your orders are being sent to)
Comment: Change (N)ame,(C)omment,(E)mail, or (O)kay/(Q)uit? O

You need a Passphrase to protect your secret key. XXXXXXXXXXXXXXXXXXX (type a Passphrase here and remember it because you'll need it to decrypt order data)

Public and secret key created and signed.

7. To confirm that the key pair that you just created was added type "gpg ?-list-keys" from the DOS command prompt while in your C:\gnupg\ directory as follows:

gpg --list-keys

c:/gnupg/pubring.gpg

pub 1024D/BB7576AC 1999-06-04 Jon Doe support@propellerheadhosting.com

sub 1024g/78E9A8FA 1999-06-04

8. Output the public key that you just created to a text file as follows: Note: In the example below, the output text file is named "support.gpg". Additionally, in the example below replace "support@propellerheadhosting" with the email address of the person to whom your order data is going to be sent to.

gpg --output support.gpg --armor --export support@propellerheadhosting.com

9. Open the text file that contains the public key in a text editor such as Notepad. The example above would have ouput the public key data to a file located at C:\gnupg\support.gpg 10. Highlight and copy the file contents. Below is an example of what a public key looks like. When highlighting and copying the file contents be sure to copy the whole thing including the "-----BEGIN" line and the "-----END" line.

Version: GnuPG v1.0.6 (MingW32)

Comment: For info see http://www.gnupg.org

mQGiBDyo4FMRBAC2nUH+HZwg0SG2qjMDBQcSwjWG5aktJ3KTbO1OWsZPkvABmcaq

h/jDlilyHJqh5Ai1NMY0WibjFVdZ3gXdGIoYjEEg6XFUoHXO4Ao3DMbquM1k7PQW

KDXZ8hnOUk9CumfoTDadLLbzkBN2KW2ET/5+ryUuokn0hXoj0TRfV8U0mwCg0vt7

GuCotp6BzmWyIR3yaG1+Eo0EAKO3IgSp8lkoJkDAi//dktZXeRxIex8uUCuvccoq

MbETI5tbS0mH9ke4BT2F0UYy/6qRoakRnij7qB/IVlrHbHZzrnTMAy6EcJFmd9TJ

CC63jHWXn+KDG5kvIOkUWJLxIuN8CYUr8wjZIY6Pmp9M98s7b+gL3fQz0ZuRr/CK

OAegA/9/H1ZrOHNy0EGayXD13QisF6L0vpCEsq4N4aMsLzIU4GrjqpWqumJkHc8X

CXaxFHPTg2gB1Mk1Lrbpd/WV7ym3sEIp4cNGW7i8KTEsJEjO7NVV5/qSbYYcp1kl

YrDAayGCegtojm9hdPDrc46itCy8gxpkYsA4agl4cGH2nyHcq7QhU2VhbiBDb3J6

byA8c2NvcnpvQGlwb3dlcndlYi5jb20+iFcEExECABcFAjyo4FMFCwcKAwQDFQMC

AxYCAQIXgAAKCRAJzalal/SyhjfOAJ0ZAlYtH7Ph3msinxKqFg+wi2bvrgCgri6G

0PukGBt4phhRRAWG5ppAQYG4zQQ8qOBUEAMA5wBOTjg1xiprTvvocgOKrCxzl4re

RQxAqiwL5MhOugNuHkx4880tJpd+K5ZUTWeFj/myN/6LJcXODnhz2kbe5atxZiKB

0W5k7A1tFk9QdmELQwe2hEwE43JvdlZ7MmCnAAMHAv9oJJiG7KFo8vl/kdmBgAiv

d3TQ57QpAbdyey05mnr7ajJ4zBAym1vp0B6ft75U2mZL6Gc/YeMxQJ5c9T0oHWgU

llAGwusIyg2CV4uuuDFqFkkc+GHdrz0Fy4Hu7gPBHGKIRgQYEQIABgUCPKjgVAAK

CRAJzalal/Syhq3yAJsGT+My+qAmU3+pZe1q1w5OjSgSdwCeLmL+rd9i8TXQeM/2

ElgECYxZMKs=

=2bYz

11. From your Store Manager i.e. http://<yourdomain.com>/<store_name>/protected/manager.cgi click on the GnuPG/PGP link at the top. Note: In the path above, replace <yourdomain.com> with your account domain name and replace <store_name> with your store's name.

12. Fill out the settings as specified in the following steps (Note: leave the settings as they are unless specified otherwise).

Do you wish to have orders encrypted in the log file and email? Select "Yes"

Please choose how to encrypt and/or verify orders on your host server: Select "GPG"

Path to GPG: /usr/bin/gpg

E-mail address to use to lookup an encryption key on the keyring: Use the email address that you used to generate the key pair. Note: This should be the same address that you opted to have order data sent to.

Convert Newlines to anything? Leave Alone

Paste an "ascii-armored" public key to add to the keyring here: Here is where you paste the public_key that you generated in step 2 above. Note: There is no need to join the newlines at the end of each line i.e. just copy and paste the public key and don't alter it in any way.

Hit "Submit"

Congratulations! Now when order data is sent to you, you will receive it in a GPG encrypted format. To decrypt the data that is sent to you:

1. Copy the contents of the email that you receive to a text file, and when you save it, give it a ".gpg" file extension. For this example we'll name the file "order1.gpg".
2. Put the "order1.gpg" file in your C:\gnupg\ directory.
3. From a DOS prompt while in the gnupg directory type the following:

gpg --output order1.txt --decrypt order1.gpg

4. Open order1.txt in a text editor to view the order data in a human readable format.