Chapter 19 - PGP & PGP Mail

What is PGP?
Creating The PGP Mail Key
Using PGP Mail
Necessary PGP Form Fields
Optional PGP Form Fields
Additional Support For PGP Mail

PGP = Pretty Good Privacy^TM

PGP allows people to exchange email with both privacy and authentication.

Before using PGPMail, you will need to create a public key using your email software. If your email software does not have a built in PGP, you must get a plug in from pgp.com. After installing PGP read the instruction about how to create the key. Once the key is created, you enter the PGP option inside your control panel and paste the PGP Key text into the box provided and then click add.

The key code should look similar to the following:

-----BegiN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.0i for non-commercial use
mQGiBDZiwWERBADgftCC3ZrT1JHcK5gvSA7Tuw5Cm
U2c8NWrFzAywkARHh7niTFJsg1VfEi5ExsNDBVvmvr+v
ZD6Zq9eYtodkx1E41gJFZegGHzqya+WaiGknQ6zUVEm
gw9NGpIA2+iyR3FrGPG8Fq3MvF+8qNm9LGUVR6jjBwd
ERpRDkmnShg/QSQCg/87M
................................................................
tbzYRdmHzvGpR/Hvo7NKKhF0Z3Xu+5KeXsI8iQA+AwUY
NmLBgGAlch3jE84DEQLI
IgCg5wk8RciT6SL5/hdg5QMb6h/n8e0Ali0k3+TFSGtLwd
n+YOn6hkYnfSU=
=jZZO
-----END PGP PUBLIC KEY BLOCK-----

To use PGPMail, you need to create a form on one of your web pages.

The form action line should be:

<FORM ACTION = "/cgi-sys/pgpmail.pl" METHOD = "POST">

pgpmail.pl will do all the programming work for you. You alter the behavior of pgpmail by using hidden fields in your form.

There are three form fields that you must have in your form for PGPMail to work correctly. This is the recipient, username, and keyname fields.

Field: recipient

Description: This form field allows you to specify to whom you wish for your form results to be mailed. Most likely you will want to configure this option as a hidden form field with a value equal to that of your e-mail address.

Syntax:

<input type=hidden name="recipient" value="your_username@localnet.com">

Field: username

Description: This form field allows you to specify your username in the system. This allows PGPMail to look for the configuration files to encrypt the mail to be sent to you. You should replace "yourusername" with your main username on the system.

Syntax: 

<input type=hidden name="username" value="yourusername">

Field: keyname

Description: This form field allows you to specify the name of your public key. This will be the public key that PGPMail uses to encrypt your mail. You must possess the private key in order to decrypt the email that is sent. You can get your public key name by going to the PGP Manager. It is typically just your email address.

Syntax:

  <input type=hidden name="keyname" value="publickeyname">

Field: subject

Description: The subject field will allow you to specify the subject that you wish to appear in the e-mail that is sent to you after this form has been filled out. If you do not have this option turned on, then the script will default to a message subject: WWW Form Submission

Syntax:

If you wish to choose what the subject is:

<input type=hidden name="subject" value="Your Subject">

To allow the user to choose a subject:

<input type=text name="subject">

Field: email

Description: This form field will allow the user to specify their return e-mail address. If you want to be able to return e-mail to your user, I strongly suggest that you include this form field and allow them to fill it in. This will be put into t he From: field of the message you receive.

Syntax:

  <input type=text name="email">

Field: realname

Description: The realname form field will allow the user to input their real name. This field is useful for identification purposes and will also be put into the From: line of your message header.

Syntax: 

<input type=text name="realname">

Field: sort

Description: This field allows you to choose the order in which you wish for your variables to appear in the e-mail that PGPMail generates. You can choose to have the field sorted alphabetically or specify a set order in which you want the fields to appear in your mail message. By leaving this field out, the order will simply default to the order in which the browsers sends the information to the script (which isn't always the exact same order they appeared in the form.) When sorting by a set order of fields, you should include the phrase "order:" as the first part of your value for the sort field, and then follow that with the field names you want to be listed in the e-mail message, separated by commas.

Syntax:

To sort alphabetically:
<input type=hidden name="sort" value="alphabetic">

To sort by a set field order:
<input type=hidden name="sort" value="order:name1,name2,etc.">

Field: redirect

Description: If you wish to redirect the user to a different URL, rather than having them see the default response to the fill-out form, you can use this hidden variable to send them to a pre-made HTML page.

Syntax:

To choose the URL the user will end up at:

<input type=hidden name="redirect" value="http://your.address/to/file.html">

To allow the user to specify a URL he wishes to travel to once the form is filled out:

<input type=text name="redirect">

Field: required

Description: You can now require for certain fields in your form to be filled in before the user can successfully submit the form. Simply place all field names that you want to be mandatory into this field. If the required fields are not filled in, the user will be notified of what they need to fill in, and a link back to the form they just submitted will be provided.

Syntax:

If you want to require that the user fill in the email and phone fields in your form, so that you can reach them once you have received the mail, use a syntax like:

<input type=hidden name="required" value="email,phone">

Field: env_report

Description: Allows you to have Environment variables included in the e-mail message you receive after a user has filled out your form. Useful if you wish to know what browser they were using, what domain they were coming from or any other attribute is associated with environment variables.

The following is a short list of valid environment variables that might be useful:

REMOTE_HOST - Sends the hostname making a request.
REMOTE_ADDR - Sends the IP address of the remote host making the request.
HTTP_USER_AGENT - The browser the client is using to send the request. General format:
software/version
library/version

Syntax:

If you wanted to find the remote host and browser sending the request, you would put the following into your form:

<input type=hidden name="env_report" value="REMOTE_HOST,HTTP_USER_AGENT">

Field: title

Description: This form field allows you to specify the title and header that will appear on the resulting page if you do not specify a redirect URL.

Syntax:

If you wanted a title of 'Feedback Form Results':

<input type=hidden name="title" value="Feedback Form Results">

Field: return_link_url

Description: This field allows you to specify a URL that will appear as return_link_title, on the following report page. This field will not be used if you have the redirect field set, but it is useful if you allow the user to receive the report on the following page, but want to offer them a way to get back to your main page.

Syntax:

<input type=hidden name="return_link_url" value="http://your.host.xxx/main.html">

Field: return_link_title

Description: This is the title that will be used to link the user back to the page you specify with return_link_url. The two fields will be shown on the resulting form page as:

<ul> <li><a href="return_link_url">return_link_title</a> </ul>

Syntax: <input type=hidden name="return_link_title" value="Back to Main Page">

Field: background

Description: This form field allow you to specify a background image that will appear if you do not have the redirect field set. This image will appear as the background to the form results page.

Syntax:
<input type=hidden name="background" value="http://yourdomain.com/image.gif">

Field: bgcolor

Description: This form field allow you to specify a bgcolor for the form results page in much the way you specify a background image. This field should not be set if the redirect field is.

Syntax:

For a background color of White:

<input type=hidden name="bgcolor" value="#FFFFFF">

Field: text_color

Description: This field works in the same way as bgcolor, except that it will change the color of your text.

Syntax:

For a text color of Black:

<input type=hidden name="text_color" value="#000000">

Field: link_color

Description: Changes the color of links on the resulting page. Works in the same way as text_color. Should not be defined if redirect is.

Syntax:

For a link color of Red:

<input type=hidden name="link_color" value="#000000">

Field: vlink_color

Description: Changes the color of visited links on the resulting page. Works exactly the same as link_color. Should not be set if redirect is.

Syntax:

For a visited link color of Blue:

<input type=hidden name="vlink_color" value="#0000FF">

Field: alink_color

Description: Changes the color of active links on the resulting page. Works exactly the same as link_color. Should not be set if redirect is.

Syntax:

For a visited link color of Blue:

<input type=hidden name="alink_color" value="#0000FF">

Any other form fields that appear in your script will be mailed back to you and displayed on the resulting page if you do not have the redirect field set.