At 14.21 7/10/97, Dick Karpinski wrote: >>Even public-key doesn't seem safe...the whole problem is that anyone who >>sniffs packets sees everything that gets sent, in whatever for it's sent. > >THat is exactly the circumstance where public key is safe. THe key is >public and things encrypted with it are private, as long as the private >key is still private. Even if the message and the public key are printed >in every newspaper in the world. I think he meant sending the password to the key over the net (in order to verify ownership). But if you want to have the user send an encrypted passphrase using his secret key, MacPGP.pm can automate the process of decrypting it. The code below would, given text to decrypt and your default secret key password, decrypt the text, match it against a set phrase, and check the result. You could also check the signature and match it against a list of signatures instead. #!perl use Mac::Apps::MacPGP; $pgp = new MacPGP; $et = $encrypted_text_from_form; if ( $pgp->decrypt('dcrd',$et,$mypassword') eq 'mytext' && $pgp->checksignresult ) { $userverified++; } -- Chris Nandor pudge@pobox.com http://pudge.net/ %PGPKey=('B76E72AD',[1024,'0824 090B CE73 CA10 1FF7 7F13 8180 B6B6']) ***** Want to unsubscribe from this list? ***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch