Encrypting Emails
Introduction
Encryption protects the contents of an email while the email
is in transit from the web server to the email recipient. MGI
performs encryption with a "passphase". MGI encrypts
the email with the "passphrase" (from the passPhrase
parameter or from a passPhrase located in a text file) as a key
for the encryption. The recipient decrypts the email with the
same "passphrase" using a PGP utility.
Free PGP utilities for personal use can be found at http://web.mit.edu/network/pgp.html. Commercial
PGP utilities can be found at http://www.pgp.com.
This example illustrates the encryption of a payment email.
MGI Tags
Steps
- Create a payment form and payment processing page.
- Open the payment processing page in a text editor.
- Insert the mgiPGP tag.
- Save the payment processing page.
- FTP the payment form and payment processing page to the web
server running MGI.
- Install a PGP utility on the recipient's computer.
- Complete and submit the payment form.
Step 1: Create a payment form and payment processing page.
- Create a payment form and payment processing page. On the
payment processing page, enter an mgiSendMail tag to format and
send the payment email. For instructions regarding the construction
of a form and email to process the form, please review the Processing Forms to Email tutorial.
Step 2: Open the payment processing page in a text editor.
- Open the payment processing page in a text editing program
that allows you to modify the HTML and code of the page.
Step 3: Insert the mgiPGP tag.
- The mgiPGP tag encrypts the contents of the email, therefore
the beginning and ending mgiPGP tags should enclose the content
of the email. Insert a beginning mgiPGP tag and passPhrase parameter
after the beginning mgiSendMail tag. In the passPhrase parameter,
enter the case-sensitve passphrase to encrypt the email. Insert
an ending mgiPGP tag before the ending mgiSendMail tag.
-
- Note: if you choose to use a passphrase from a text file
(via the fileLocation parameter), make sure the file is password protected. The server administrator can set the realm for
a specific file name.
-
- The following code is an example email from a payment processing
form.
<mgiSendMail to="accounting@domain.com"
from="webmaster@domain.com"
subject="Payment" mailserver="mail.domain.com">
<mgiPGP passPhrase="encryptWithPhrase">
Acct: <mgiPostArgument name="Account">
Type: <mgiPostArgument name="CreditCardType">
Number: <mgiPostArgument name="CreditCardNumber">
Exp Month: <mgiPostArgument name="ExpireMonth">
Exp Year: <mgiPostArgument name="ExpireYear">
</mgiPGP>
</mgiSendMail>
Step 4: Save the payment processing page.
- Save the changes you have made to the payment processing
page.
Step 5: FTP the payment form and payment processing page
to the web server running MGI.
- Upload the payment form and payment processing page from
your local computer to the web server using an FTP program.
Step 6: Install a PGP utility on the recipient's computer.
- In order to read an ecrypted email the email recipient must
install a PGP utility on their computer to decrypt the email.
Step 7: Complete and submit the payment form.
- Access the payment form in a browser. Complete and submit
the form. Upon submission, an encrypted email is sent and the
payment processing page is displayed. When the email is received,
decrypt it with the passphrase specified in the mgiPGP tag.
|