anonymous email
Login    Registration
Your Anonymity Level: please login
Membership Until: please login
SSL Encryption: (ON/OFF)

Anonymous IP
Clean email header
SSL Encryption
Erase account
Offshore server

Receive replies
Time delayed emails
Add attachments
Address Book
  

No correspondence
to investigators
Outside the US and European legal system
read more...
 
No. 1 at Google
Over 40,000 anonymous emails sent daily
Worldwide customers
since 1996
read more...

Secure Email Techniques


Articles about secure email and secure internet techniques.

Secure Form Forwarding

In this article I am going to teach you how to forward a secure web form using pretty good privacy (PGP) encryption without the need of SSL. This technique is as secure as PGP secure email using state-of-the-art encryption technology.

Demo: Watch the secure email form


The Problem
You do not run any SSL secured web pages but want to make sure your customers can contact you via a PGP secured webpage (contact page, order page, etc), without the fear of being spied on. There are also cases where you want to offer PGP instead of a SSL secured connection.

Remember: The average Joe does not know anything about encryption/decryption with public/private keys. Do not bother your customer with technical details, instead offer them a PGP secured solution which works in the background without any knowledge about PGP. 


What you need


Solution
The key to your problem is to encrypt all customer data before it is sent over the Internet to your server. You can accomplish this with Javascript Encryption functions. Once all data is encrypted on the clients browser, your customers send all data via a normal HTTP POST to your server where you decrypt it.


Step 1: Create Public/Private Key
In a first step you have to create a private/public keypair which is used to encrypt the webform data on the client side and decrypt the data back to its original form on the web server. You can create PGP keys with GnuPG.


Step 2: Create Web Form
Now its time to create your web form where you ask your customer to input their data. I created a simple test form which includes all Javascript you need to encrypt data.

Demo: Secure Form Demo


Step 3: Server Side Decryption
Before you can start to decrypt on the server, you must install GnuPG. Make sure you do not install GnuPG directly in your wwwroot. You do not want a hacker to download your private key database!

You are also going to need a wrapper class from GnuPG. In case you run .NET you can use Terry's GnuPG Wrapper

Once installed - GnuPG and the GnuPG Wrapper - you can decrypt any encrypted form data send from your website customers.
 

Security Issues

  • make sure you do not accidentally submit your customer data in plain text. Before you submit make sure that only encrypted is send to the server 
  • Install GnuPG inside a directory which can not be accessed from a web browser. If you run ASP.NET on a shared server, copy GnuPG into your APP_DATA folder