Encrypting Emails

Introduction

Encryption protects the contents of an email while the email is in transit from the web server to the email recipient. MGI performs encryption with a "passphase". MGI encrypts the email with the "passphrase" (from the passPhrase parameter or from a passPhrase located in a text file) as a key for the encryption. The recipient decrypts the email with the same "passphrase" using a PGP utility.

Free PGP utilities for personal use can be found at http://web.mit.edu/network/pgp.html. Commercial PGP utilities can be found at http://www.pgp.com.

This example illustrates the encryption of a payment email.

MGI Tags

Steps

  1. Create a payment form and payment processing page.
  2. Open the payment processing page in a text editor.
  3. Insert the mgiPGP tag.
  4. Save the payment processing page.
  5. FTP the payment form and payment processing page to the web server running MGI.
  6. Install a PGP utility on the recipient's computer.
  7. Complete and submit the payment form.


Step 1: Create a payment form and payment processing page.

Create a payment form and payment processing page. On the payment processing page, enter an mgiSendMail tag to format and send the payment email. For instructions regarding the construction of a form and email to process the form, please review the Processing Forms to Email tutorial.

Step 2: Open the payment processing page in a text editor.

Open the payment processing page in a text editing program that allows you to modify the HTML and code of the page.

Step 3: Insert the mgiPGP tag.

The mgiPGP tag encrypts the contents of the email, therefore the beginning and ending mgiPGP tags should enclose the content of the email. Insert a beginning mgiPGP tag and passPhrase parameter after the beginning mgiSendMail tag. In the passPhrase parameter, enter the case-sensitve passphrase to encrypt the email. Insert an ending mgiPGP tag before the ending mgiSendMail tag.
 
Note: if you choose to use a passphrase from a text file (via the fileLocation parameter), protect that text file with a WebSTAR realm. The server administrator can set the realm for a specific file name.
 
The following code is an example email from a payment processing form.
<mgiSendMail to="accounting@domain.com" 
from="webmaster@domain.com" 
subject="Payment" mailserver="mail.domain.com">

<mgiPGP passPhrase="encryptWithPhrase">
     Acct: <mgiPostArgument name="Account">
     Type: <mgiPostArgument name="CreditCardType">
   Number: <mgiPostArgument name="CreditCardNumber">
Exp Month: <mgiPostArgument name="ExpireMonth">
 Exp Year: <mgiPostArgument name="ExpireYear">
</mgiPGP>

</mgiSendMail>

Step 4: Save the payment processing page.

Save the changes you have made to the payment processing page.

Step 5: FTP the payment form and payment processing page to the web server running MGI.

Upload the payment form and payment processing page from your local computer to the web server using an FTP program.

Step 6: Install a PGP utility on the recipient's computer.

In order to read an ecrypted email the email recipient must install a PGP utility on their computer to decrypt the email.

Step 7: Complete and submit the payment form.

Access the payment form in a browser. Complete and submit the form. Upon submission, an encrypted email is sent and the payment processing page is displayed. When the email is received, decrypt it with the passphrase specified in the mgiPGP tag.


[Return to the Forms Submission Menu]


[Understanding MGI Menu] [Using MGI Menu] [Referencing MGI Menu]


[MGI Guides Main Menu] [User Guide Main Menu]