In Part 3 it’s just a question of getting it to work.

To get gnuGP working in Thunderbird is a simple matter of installing gpg4win, and the Enigmail plugin. But Thunderbird is an opensource community project and everything is easier.  I’m doing all this for an Outlook user - Outlook 2007 no less.  According to gpg4win.org, it’s only been tested up to Outlook 2003 SP2.

I have to confess, at first, I thought it didn’t work in Outlook 2007, but turns out I kept on trying to decode an empty message. I didn’t put a value in the body variable of the PHP code I published in Part 2 and kept on sending myself encoded, but empty messages.

But, the default install of gpg4win does in fact work with Outlook 2007. Here’s how it worked for me - I have all the latest service packs for Office installed, in case it makes a difference:

1. Download gpg4win from gpg4win.org;
2. Install everything except Claws Mail, a mail client in itself (GPGol is what’s going to do it for Outlook);
3. Run GPA and either create a key pair, or import a key pair your already have;
4. If you generated a key pair, upload the public key to your server before you send yourself a test message;
5. Close everything and restart your computer;
6. Send yourself a message using the PHP script above after you’ve uploaded the key you’ve imported into GPA;
7. When you next run Outlook 2007, you’ll see an new GPG option at the bottom under the Tools menu. This is good news. There are also new tabs in your mail options, but the defaults should work;
8. When you receive the message you sent yourself in 6, open it.  If everything worked on the server side, you should see a message with several lines of meaningless characters and numbers;
9. You will notice a new tab at the top of your received message window, called extras. In this tab will be one lonely unmarked icon.  If you click this, a prompt box will ask you to type your secret phrase, and if you get it correct, your message will miraculously be decoded.
10. Depending on the settings, the key will be valid for 5 or 10 minutes, meaning you can decode more messages in that time by just clicking that icon (not having to type your pass phrase again).  If you don’t save the message when you close it, it will be encoded again when you close and relaunch Outlook.  If you do save it, the message in your inbox will stay decoded.

If this method didn’t work for you, try launching WinPT.  A key will appear on your taskbar next to the time.  Copy the entire encrypted message out of your email message (CTRL+C will do the trick), right click on the key and choose clipboard -> decypter/verify. A window with the decoded message should appear.

If that still didn’t work, check that you have the public key on the server that generated the message, that matches the private key you have in your GPA that you’re trying to decode it with.  They work in pairs and being the powerful encryption security that it is, it’s kind of strict.

And there you have it.  A closed security system using SSL, PHP and gnuPG through which people can send you all sorts of sensitive information in complete safety.

If you enjoyed this post, do subscribe to the 1Earth RSS feed!

In Part 2 of the mission of the week, we look at how to set it all up on HostGator.  The chosen host, because that’s where I host my websites, you see.

HostGator SSL, gnuPG (GPG) and PHP how-to

As it took me the entire day to piece all of this together, I thought I would share the love and spare somebody else (maybe you) a lot of trouble.  It’s kind of HostGator specific (especially the paths) as they are my host.  I found other how-to’s didn’t work for me, because of different paths.

I’m assuming you’re going to use all the free features, like I did, so that’s what I’m explaining.

• To get a SSL going, determine the name of your server: open a terminal window on Linux or a command prompt in Windows and type telnet yourdomain.com 25. You can also use the IP address instead of yourdomain.com.  It will log on with some text and also reveal the name of your server - something like mohawk.websitewelcome.com.  Your secure files can thus be called by going to https://mohawk.websitewelcome.com/~username/thefile.php - where username is the name of your HostGator account user name.

I couldn’t Telnet from work.  They block the Telnet port, but leave LimeWire and MSN wide open.  Why? This I do not know. Anyway, from home on my private ADSL it worked a charm.  That’s all you need to do to enable the SSL - just call your web-form through https and you’re secure - you’ll see a little lock icon in the bottom righthand corner of your browser, and if you click on it you can get more information about the certificate issuer.

• You can generate a key pair through Cpanel under Manager openPGP key. Just fill in all the fields and click generate.  It can take a moment.  However, if you’re using Windows, you’ll have to download gpg4win, which as the name suggests, is GPG for Windows.  You can also generate the key pair here, and only upload the public key to Cpanel. The advantage is that your private key is not on the server, ensuring an extra step of security.
  

• The public key is what your PHP script will use to encode your form data and that’s why it needs to be on the server.  At first, HostGator said GPG is not installed by default, but I could see a .gnupg directory in my home directory, so I thought they might be wrong.  They emailed me some time later and said that it is in fact installed, and that it can be accessed through ‘usr/bin/gpg’.  I also had call the directory above, which was at ‘home/yourusername/.gnupg’.

• This little snippet of PHP, which I got from 1and1.com) will take whatever you feed it, user you public key which you loaded / created in Cpanel, run it through gnuPG and send an encrypted email to the address of your liking:

// replace this with the user name or e-mail address that you used for your PGP key pair
$pgpuser = “email.used@inyourkey.com” ; // The email used to generate your public key

// Recipient of the email
$testemail = “any.old@emailaddress.com”;

// Replace with your subject
$emailsubject = “Encrypted Email Subject”;

// The from field
$emailfrom = “From: yourwebsite@sentit.com”;

// Feed your text in here
$body = “To test if your decryption work, put some text here or feed in the variables from your submitted forms”;

// Tell gnupg where the public key is that is should use to encode your message
// This is usually in your home directory, below the public_html (mine is .gnupg)
// change this to the correct path of your web space. One hostgator: home/username/.gnupg
putenv(”GNUPGHOME=/home/username/.gnupg”);

// create a temporary, unique file name to work from
$infile = tempnam(”/tmp”, “PGP.asc”);
$outfile = $infile.”.asc”;

// we write the various bits and bobs into the temp file
$fp = fopen($infile, “w”);
fwrite($fp, $body);
fclose($fp);

// Call the other directory of gnuGP (this will work on hostgator) and run the command
// When you call this line, it will do set off the actuall encoding process
$command = “/usr/bin/gpg -a –always-trust –batch –no-secmem-warning -e -r $pgpuser -o $outfile $infile”;

// Call the line that will encrypt your temporary file
system($command, $result);

// The encryption is now loaded in the system, so delete the temp file
unlink($infile);

if ($result == 0) {
$fp = fopen($outfile, “r”);

if (!$fp || filesize($outfile) == 0) {
$result = -1;

} else {

// read the encrypted file
$contents = fread ($fp, filesize ($outfile));

// delete the encrypted file
unlink($outfile);

// send the email and write something nice if it was a success
// otherwise moan bitterly and wonder what went wrong
// Errors are usually either your username, or more like the paths to your gnuGP
// contact your Tech Support for your paths - the ones shown here works for hostgator.
mail ($testemail, $emailsubject, $contents, $emailfrom);

print “Thank you!! Your encrypted booking information has been sent.”;

}
}

if ( $result != 0) {

print “There was a problem processing the information.”;

}

}

When you call this script as is above, it will encode the hard coded text in the $body variable and send it to the email address specified in $testemail.  You will then have a lovely gnuPG encrypted email that you can do nothing with… unless you read on and complete the mission.

If you enjoyed this post, do subscribe to the 1Earth RSS feed!

Mission this week: a web form that can securely accept data via a website and deliver it by email.  The solutions was secure communications with SSL, gnuPG and PHP. Let me walk you though it.

“Throw up a form on the website and we’re done”, said the people involved who didn’t know any better.

It’s true, you could throw up a form and be done with it; and have your sensitive data floating around the net for anybody who wanted to listen.

Websites and Email are not secure

There are two major weaknesses when it comes to online communications: one is between your computer and the website you are surfing, and the other is between the website that took your information and where ever it’s being sent or stored.

Ensuring security of the data I wanted to collect was thus two fold:

1. Secure information traveling between website visitor and website; and
2. once the data is collected, deliver the information securely, in this case, via email.

SSL: Secure Socket Layer

If you’ve ever visited a site that started with https, then you’ve used a Secure Socket Layer. Yahoo mail for instance, your online banking, or Ebay all use SSL to scramble information as it travels from your computer to their server - lots of juicy stuff and virtual money needs to be kept safe.

In essence, when you’re filling in a web form, you’re doing so on your computer - or client side as it’s called.  The moment you press submit, whatever you’ve filled in travels over the Internet, from computer to computer on it’s way to the server. While it’s in transit, it’s possible to catch that info and read it.

With a Secure Socket Layer, once you hit submit, the information is encoded. This scrambled information then travels over the Internet and is deciphered when it reaches the other computer.  If somebody catches it mid-air, depending on the power of their computer(s), it could take a really, really long time to decode your message.

At work, we use a reseller account with HostGator, the host I use for all of my websites. They provide a free, but shared SSL. It’s a bit ugly, as it uses the name of the shared server, but it’s free. They have a paid-for private SSL which allows you to host the SSL under your own domain.

PGP: Pretty Good Privacy

The same thing above happens to your email as well.  When you send an email, it floats across the Internet to the intended recipient and leaves a copy of itself where ever it rests.  Somebody can come and read it not only while it’s traveling, but also if they catch it before it’s deleted from the mail relay - depending on the relay it could stay there ages.

PGP (Pretty Good Privacy) is an encrypting system for email, based on the openPGP standard and in principle similar to SSL.  On your side you scramble the message with a public key and on the other side somebody unscrambles it with a private key. In between, nobody can read it, as it’s a jumble of letters and numbers that makes no sense - the public key cannot unscramble, only scramble.

Through Cpanel, the control panel in the back office of my websites, HostGator provides an openPGP system that uses gnuPG (Gnu Privacy Gateway), which is essentially the same as PGP, except it’s totally free.  This will generate a public and private key for you.

Other Implications

So the public key is used the encode the message, which is then sent to you. On your end, you use to private key to unlock the code and read your mail.  Receiving sensitive information in scrambled form and storing it that way, has advantages and disadvantages.

A major advantage is that the email is always secure.  It’s a great way to ensure that annoying, sneaky viruses that help themselves to information in your inbox doesn’t send the entire world your clients’ credit card, or worse, the result of that pregnancy test your boss’ wife who you had a fling with sent you.

On the downside, if you lose your key, your emails become as useless as it does to those annoying viruses.  Therefore, make several backups of your key and store them in trusted places.  Your emails are also only as safe as your computer, so if somebody can get to your computer, they could read it as you would. Secure your computer, use Linux.

If you enjoyed this post, do subscribe to the 1Earth RSS feed!

I just got back from Bali, which would explain the lack of updates of 1Earth.

Actually, I got back on Thursday night late, but my clock has been running on Bali time until this afternoon’s Frisbee session, so hopefully things are back to normal now.

I’ll update from the bottom up, so if you’re interested in some Bali adventures, start reading from April 30th, which is when this adventure started.

Bali is a place full of character and history and the people are possibly some of the friendliest I’ve met anywhere.  It’s overrun with tourists, but the culture is strong enough to shine through.

That said, it’s quite difficult to find true Balinese culture and food, unless you know where to look.  I’m not sure I know where to look, which might warrant a return visit.  I certainly have enough Rupiah left, because it really is cheap.

And I didn’t get to surf.  So another thing left on the to-do list.

If you enjoyed this post, do subscribe to the 1Earth RSS feed!

Ubud is a spiritual place, full of painted art, wood carved art, revered monkeys and yoga.

Yoga Barn in Ubud

Our on-tour yoga guru, Phyllis, had been waiting for Ubud for exactly this reason.  The yoga scene in Ubud is big and Phyllis is big on yoga, so it was a perfect match.  I got up early with John and Pip this morning and drove out to the Yoga Barn.

The Yoga Barn is just off Ubud’s circular road at the dead end of a quiet street that overlooks serene paddy fields.  I might have to get Pip to write a bit about the rest, because we dropped her off and went back.  I really just did want to drive the bike and I love getting up early.

Back at our accommodations Julia had awoken and our breakfast was waiting. Banana omelet and a side-dish of various fruits, which turned out to be surprisingly filling.

Ubud Market

After that we were off to the Ubud Market where all sorts of trinkets, carvings, shirts and textiles awaited us at whatever bargain price we good negotiate.  The morning at the market is apparently the best time to be there, as everybody desperately want to make a sale to bless their wares with good luck for the rest of the day.  Wield that to your advantage.

The only thing I bought was cute, hand painted works of art for TLG’s bedroom. Let me just say, to make the first sale of the day is a big deal, and I only paid as much for it as I initially wanted to.  Julia bargained for many things, but in the end came away with only a bag.

Across the road was Pura Agong, the Presidential Palace and, as a tourist attraction, John’s attraction too.  The temple is an ancient, relatively well preserved structure and the architecture is immaculate.  The significance of the structure escaped us a little.

Just before check-out time we went back and picked-up Phyllis. We needed accommodation again, but as it turned out we walked 3 doors down and found the perfect place.

Ubud-Sensasi - new, clean accommodation in Ubud

Ubud-Sensasi is a private residence with 4 new accommodation units.  It’s set in about 20m back from the road and overlooks a beautiful padi field with with a strip of tropical jungle.

Ducks worked their way up and don the padi field, clearly contributing in a significant way.  The rooms were very clean and tidy and we knew we had found a gem.  The initial offer of Rp 120,000 was negotiated down to Rp 100,000 and we were set.

Babi Guling in Ubud at Warung Ibu Oka Babi Guling

Lunch was next, and our gracious new hosts directed us to Warung Ibu Oka Babi Guling, right opposite the Presidential Palace, where Bali’s famous traditional dish, Babi Guling, was served.  Babi, meaning pig, and gugling - literally translated as rolling, but probably meaning spit-roasted - is one of the must-try dishes in Bali.

Rp 35.000 each later, we had a large bowl of spit roasted pig on a bed of rice, some pickled veggies, fried pork skin and what resembled a blood sausage.  Not one for innards of any kind and defo not a fan of pork skin, never mind fried, I enjoyed the meat, veggies and rice tremendously.  The restaurant was constantly brimming and the turnover was fast.

Monkey Forrest

On our full stomachs we went to face Julia’s fears - long tailed Macaque monkeys - in the Monkey Forrest.  Monkey Forrest is a forest enclave where there are loads of monkeys.  The monkeys are revered and they walk around fat, playful, naughty and content.  “Beware of your classes, keys, money and jewelry. And don’t hide food from the monkeys - they’ll find it” warned the sign as we went inside.

After a short walk we found loads of monkeys hanging about, eating loads, feeding their young, playing in the water and conducting monkey foreplay in a very colourful way.  Julia got assaulted by monkeys when she was young and now has a phobia, but she controlled it beautifully whilst we were there.

A text from work requested some urgent help with something on our website.  We easily found an Internet cafe not too far from the enchanting Monkey Forest. I must have picked the slowest Internet cafe in Bali and after trying fruitlessly to log onto my work website, I gave up.  In the end couldn’t get onto any websites.

Skype worked fine however, so I spoke to my colleagues and walked them through what they needed to do.  I think the Internet connection in Kuta are quite decent.

Mas Village for Wood-carvings

Next was some giraffe shopping in Mas village, a precinct of Ubud, known for their wood cavers.  Actually, it’s easy to find wood carvings all over Ubud, but we were looking for something at a good price, so we thought going directly to the suppliers would be cheaper.

We didn’t shop too much, as we’ve been gunning for giraffes from the moment we arrived in Ubud.  We found a nice tall one and wondered how we’d get it back to Kota Kinabalu.

Jelatik Spa & Beauty Treatment Centre

Earlier in the pay Pip and John had booked a proper spa treatment for us, and the time had arrived.  Jelatik is on Monkey Forrest Road (as is a great deal of Ubud) and is a decent Spa and Hair Care centre, which, judging by the Guest Register, is hugely popular amongst Japanese and Koreans.

I opted for a short Balinese Massage whilst John and girls went for a 90 and 120 minute treatment.  To my own spite I fell asleep during the treatment.  Such a waste of money when that happens.

Two hours later we were all as relaxed as gum on a hot tar road.  John and Julia were positively radiant, and Phyllis stayed behind to continued her prolonged relaxation.

Cecak Fire Dance in Ubud

The rest of us were of to the Cecak (monkey) Dance for some cultural education.

Several vendors wanted to offer us their show, but all the prices were Rp 50,000. It includes transport to what the guy told us was a venue 1km away.  Turns out the venue is more like 10km away and it took us about 15 minutes to reach it.

The Cecak Dance is an epic about a local fairy tail that involves monkeys. Cecak, named for the sound of a chattering monkey, is the main character in a traditional story of good vs. evil.  About 20 toursts witness the spectacle performed by the members of a local village - a worthwhile experience.

Following the dance we looked for Phyllis who we couldn’t find.  We went to the Jazz Cafe, hoping to try them for dinner.  It was Monday, however, and much to our dissapointment, they were closed.

Dirty Duck Restaurant

We went to an Ubud ikon, Dirty Duck Restaurant, instead.

We tried their signature dish, Crispy Duck, as well as Bali roasted chicken and the house special fish.  A large bottle of Bintang was also spotted.

The Dirty Duck is a restaurant sprawled out across what must have been a padi field.  Along the massive grass area that is Dirty Duck, there’s several individual, raised huts with sit-on-the-ground tables and lots of pillows.  The waiter seemed to be giving us a guided tour of the restaurant, because we walked all the way to the back before he told us it was full.

We walked back to the front of the restaurant and sat at a vacant table there.  We ate loads of food for a rediculously low price.

On the way home we collected Phyllis from Kafe, a cafe belonging to yoga barn located right opposite Ubud-Sensasi.  Bed was our destiny and we met it shortly after.

If you enjoyed this post, do subscribe to the 1Earth RSS feed!