Flashes of Panic

Sometimes, the stuff keeping your latest project from working has nothing to do with misunderstanding the technology; sometimes you just reversed a few characters in an environment variable, leading to a bad path, leading to an encryption key not being available, leading the whole thing to fail.

With that path corrected, it works. I can put a message in a quick form on our secure server, and it will be encrypted by the user’s browser, decrypted by the server, re-encrypted by the server using my (work) GPG key, and emailed to me. I can then decrypt here. It’s not fully secure, of course, since the steps taken on the server involve writing the plaintext to disk, then unlinking that plaintext file, so a determined cracker could still recover the data from the disk, given enough time. That should be fixable if I can figure out how to keep the plaintext only in RAM, and direct it to gpg as a stream. GnuPG is also warning that the memory used is insecure, and I suspect that the memory used to encrypt the message (both the registers where PHP stores the plaintext variables when they’re initialized, and possibly the ones gpg uses) could be read when it’s deallocated, but that would require a live tap into our system; one crack wouldn’t reveal ATM-drive levels of sensitive data.

Still, I suppose those are the parts to work on next. That, and working out a fairly simple method of decrypting such messages on a Windows box.

Update: Yes, I can pipe the message directly from a variable into gpg as a stream and avoid writing anything to disk. There’s just that “insecure memory” issue, and Windows decryption.