Monthly Archives: januari 2008

gnupg / pgp for forums

Usage and disclaimer:

Prevent that paranoid admins reads your users private messages. Observe that reading data directly from the database isn’t normally a thing that’s is easily made. There are tools for this, mainly used by account owners with more or less physical access to database, but in case of hacking or stealth this might make it more difficult for thieves to get access to areas they should keep their hands away from. Just remember that this plugin isn’t 100% safe. If there is a key, there is always workarounds. Besides, if a thief gets the key, this plugin may also lose it’s purpose.

Warnings:

Uninstalling this plugin, or changing keys or passphrases may cause loss of old encrypted data on your forum.

Requirements:

Physical access to a webserver or a webhotel that support gnupg if it’s not already installed.
If you run your own server or want to install gnupg support for your webserver, you may look at the links below (this part of the installation is unsupported, but you may look here for some details). You also need a key that supports key signing (e.g. created with gpg –gen-key)

gnupg (http://www.gnupg.org/)
gpgme (http://www.gnupg.org/gpgme.html)
php gnupg (http://pecl.php.net/package/gnupg)

libs and addons that might be needed
libgpg-error (http://www.gnupg.org/related_software/libgpg-error/)
re2c (http://sourceforge.net/projects/re2c)

Screens:

vBulletin 3.6.x AdminCP

A private message in it’s encrypted state (when wrong passphrase/key is used)

Template to edit for private messages (Since I run 4.x those days I’ve lost the name of the correct template)

Find:

PHP-kod:

$disablesmiliesoption


After, add:

PHP-kod:

<if condition="$show[gpg_encrypt_pm]">
<!-- GPG PM Addon -->
<div><input type="checkbox" name="gpg_encrypt_message" value="1" id="gpg_encrypt_message" $checked[gpg_encrypt_pm] />$vbphrase[gpg_encrypt_message]</div>
<!-- GPG PM Addon /-->
</if>


Läs även andra bloggares åsikter om gnupg, gpgme, pgp, vbulletin