Mission this week: a web form that can securely accept data via a website and deliver it by email. The solutions was secure communications with SSL, gnuPG and PHP. Let me walk you though it.
“Throw up a form on the website and we’re done”, said the people involved who didn’t know any better. It’s true, you could throw up a form and be done with it; and have your sensitive data floating around the net for anybody who wanted to listen.
Websites and Email are not secure
There are two major weaknesses when it comes to online communications: one is between your computer and the website you are surfing, and the other is between the website that took your information and where ever it’s being sent or stored.
Ensuring security of the data I wanted to collect was thus two fold:
- Secure information traveling between website visitor and website; and
- once the data is collected, deliver the information securely, in this case, via email.
SSL: Secure Socket Layer
If you’ve ever visited a site that started with https, then you’ve used a Secure Socket Layer. Yahoo mail for instance, your online banking, or Ebay all use SSL to scramble information as it travels from your computer to their server – lots of juicy stuff and virtual money needs to be kept safe.
In essence, when you’re filling in a web form, you’re doing so on your computer – or client side as it’s called. The moment you press submit, whatever you’ve filled in travels over the Internet, from computer to computer on it’s way to the server. While it’s in transit, it’s possible to catch that info and read it.
With a Secure Socket Layer, once you hit submit, the information is encoded. This scrambled information then travels over the Internet and is deciphered when it reaches the other computer. If somebody catches it mid-air, depending on the power of their computer(s), it could take a really, really long time to decode your message.
At work, we use a reseller account with HostGator, the host I use for all of my websites. They provide a free, but shared SSL. It’s a bit ugly, as it uses the name of the shared server, but it’s free. They have a paid-for private SSL which allows you to host the SSL under your own domain.
PGP: Pretty Good Privacy
The same thing above happens to your email as well. When you send an email, it floats across the Internet to the intended recipient and leaves a copy of itself where ever it rests. Somebody can come and read it not only while it’s traveling, but also if they catch it before it’s deleted from the mail relay – depending on the relay it could stay there ages.
PGP (Pretty Good Privacy) is an encrypting system for email, based on the openPGP standard and in principle similar to SSL. On your side you scramble the message with a public key and on the other side somebody unscrambles it with a private key. In between, nobody can read it, as it’s a jumble of letters and numbers that makes no sense – the public key cannot unscramble, only scramble.
Through Cpanel, the control panel in the back office of my websites, HostGator provides an openPGP system that uses gnuPG (Gnu Privacy Gateway), which is essentially the same as PGP, except it’s totally free. This will generate a public and private key for you.
Other Implications
So the public key is used the encode the message, which is then sent to you. On your end, you use to private key to unlock the code and read your mail. Receiving sensitive information in scrambled form and storing it that way, has advantages and disadvantages.
A major advantage is that the email is always secure. It’s a great way to ensure that annoying, sneaky viruses that help themselves to information in your inbox doesn’t send the entire world your clients’ credit card, or worse, the result of that pregnancy test your boss’ wife who you had a fling with sent you.
On the downside, if you lose your key, your emails become as useless as it does to those annoying viruses. Therefore, make several backups of your key and store them in trusted places. Your emails are also only as safe as your computer, so if somebody can get to your computer, they could read it as you would. Secure your computer, use Linux.