Okay, I think I have exhausted all my sources as of now. I am trying to set up PGP to run on a formmail through a secure server. I have completed the install and have set up the necessary keys. Also have made what I thought were the necessary changes to the script ie calling it through the secure server, and adding a public key. I have tested it and and continue to get the following back in in my emails sent to the recipient.

pgpe [[-r <recip1> -r <recip2>] [-s [-u <myid>]] | [-c]] [-afqtvz]
[nbsp][nbsp][nbsp][nbsp] <file1> [-o outfile1] <file2> [-o <outfile2>]

PGP Encrypt file(s)

-a[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]ASCII armoring
-c[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]Conventional Encryption (IDEA only; is mutually exclusive
[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]with -s, -u and -r)
-f[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]Filter Mode; Read from stdin to stdout
-o <output file>[nbsp][nbsp]Output file for most recent input file
-q[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]Quiet mode
-r <userid>[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp] UserID to encrypt to.[nbsp][nbsp]May be specified multiple times.
-s[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]Sign, as well as encrypt (use pgps to just sign).[nbsp][nbsp]If no
[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]userid is specified with -u, the default userid is used.
-t[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]Text mode
-u <userid>[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp] UserID of the key you wish to sign with.[nbsp][nbsp]May only be
[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]specified once.
-v[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]Verbose
-z[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]Batch mode (assumes no user interaction; not yet
[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]implemented.

--license[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp] Display usage license
Other programs in this suite include pgps to sign, pgpv to decrypt/verify,
and pgpk for key management.

HELP!!!

Anytime one of the PGP utilities encounters an error in the invocation, they will spit out their correct calling sequence and help message, which is what you are seeing here.

Which 'formmail' script are you using?

Have you tried using the PGP Form Mail script? You can find it and installation instructions at:
http://www.rsmarketing.com/pgp
http://www.rsmarketing.com/pgp/fq/fqsetup.html

Rich

[This message has been edited by Rich (edited 10-12-00@7:05 pm)]

Thanks Rich,
[nbsp][nbsp][nbsp][nbsp] I am using the script that you called out. I did figure out what had happened and it was simply that I was not calling from the ROOT to my script. All okay from that end.

[nbsp][nbsp][nbsp][nbsp] Now I am having a problem getting my public key to be seen as TRUSTED. I have changed it via telnet using the pgpk -e command but when I send the mail (to myself) it tells me that the key is not trusted.????????/ In turn no information comes to me encypted or otherwise. When it is checked using the pgpk -c command it sates that it is trusted but the validity is invalid.....

any ideas??????

It sounds like you need to sign the key (using the pgpk -s command). This is one of the more confusing aspects of pgp. If your key was the first one created on the server using telnet, I believe pgp signs it during the creation. If it is not the first key or if you created it on your PC and uploaded it and added it to your keyring it needs to be signed.

I have also observed that pgp will only let you sign another key with the first one that you created on the server. There may be a way around this, but I have yet to figure out a way. :(

So, if you created this key on the server using telnet and it is the ONLY key then just sign it using the same key.

Otherwise, sign it with the first key you created on the server.

If you uploaded it from you PC then create a new key on the server and sign the key with the newly created one.

You may want to review the man page for pgpk before doing this. If you have problems let me know the errors you are getting and how many keys you have and where they were created (server vs PC).

Rich

Thanks again Rich,

[nbsp][nbsp][nbsp][nbsp] The documentation that I have says that I should not leave the secret ring on the server. Apparently when I remove it, after saving it to my local, it makes my signature untrusted. Should I be leaving it on the server?

In addition, I also created a keyring on my local. Then FTP'd it up to my .pgp dirctory. It appears that it will only work correctly if I leave the secring.pkr resident on the server as well. When I do take it off the server the user id's become unvalid again.

Why can't the public keyring continue to see that the user id's are trustworthy and are valid?
[nbsp]
[This message has been edited by SEP (edited 10-13-00@4:11 pm)]

Sorry, I almost missed the last post...

I tested this when I wrote the instructions and the secure key was not needed to encrypt a message if it had been properly signed. (A key can be signed by many people and you most certainly would not have their secret key.)

(1) Did you produce a secure key on the server using telnet?

(2) Did you sign the public key with THIS SAME secure key?

The public key I use for signing does not have its secret key located on the server so I'm sure this works this way.

You might also try just deleting the secret key from the keyring instead of deleting the secring itself.

Also note that you MAY need to leave your original secret key on the server so PGP does not issue an error about finding the secring. However, the secure key that matches the public key you are using for Form Mail needs to be removed.

Rich
--encryption = no funn

Okay Rich,
[nbsp][nbsp][nbsp][nbsp] 1. Yes it was created on the server using telnet.

[nbsp][nbsp][nbsp][nbsp] 2. Once it was created I signed it using the command pgpk -s userid. Should I have signed it pgpk -s userid (pubring.pkr?

[nbsp][nbsp][nbsp][nbsp] Now what I need to know though is if I use the command pgpk -r userid (keyring) and the keyring is secring.pkr or should it be pgpk -r keyid (keyring) where the keyring is secring.skr? In addition, what line from the output of pgpk -c is the keyid (if this be the correct to use) to used to remove from the secring.skr. And how will I know for sure that the information was correctly removed from the secring.skr since I cannot really see what is on the secring.skr?

Thanks and please advise.

Scott

Problem solved! This is now working for Scott's site. For additional information see the follow-up post:

http://www.aota.net/ubb/Forum16/HTML/000104-1.html

Rich