The mgiPGP Tag
The mgiPGP tag encrypts the information in the body of the
tag with a passphrase. The PGP function requires a utility on
the user's local computer to decrypt the text. Free non-commercial
PGP utilities can be found at http://web.mit.edu/network/pgp.html. Commercial
PGP utilities can be found at http://www.pgp.com.
The mgiPGP tag has a beginning tag with two required parameters
and one optional parameters, a body and an ending tag. The tag
<mgiPGP function="Function" passphraseFileLocation="File Path"
...Information to Encrypt...
- function="Function" where "Function"
is the behavior of the mgiPGP tag. Currently, the only function
is "encryptWithPhrase". The encryptWithPhrase
function encrypts information in the body of the mgiPGP tag with
the phrase in the passphrase file.
- passphraseFileLocation="File Path" where
"File Path" is the relative path to the passphrase
file (at the current file level or below) that includes the encryption
phrase. The passphrase is a text only file (although it may include
hidden characters such as returns that would be necessary for
decoding). The passphrase it contains can be any size. Note:
the passphrase file itself or a folder in the path to the passphrase
file should be password protected by a WebSTAR realm. If
you administer the server, you can set the realm. If you are
hosted on a virtual server, a specific folder name or file name
may be required. Contact your system administrator for the required
folder or file name.
- suppressErrorMessages="Yes/No" where "Yes"
does not display an MGI error page and sends an non-encrypted
email when an error occurs and "No" displays an MGI
error page and does not send the email when an error occurs.
Example Usage and Output
<mgiSendMail to="email@example.com" from="firstname.lastname@example.org"
<mgiPGP function="encryptWithPhrase" passphraseFileLocation="phrase.txt">
In this example, the mgiPGP tag is used to encrypt account
payments that include credit card numbers. When an account payment
is made, an encrypted email that contains the account and credit
card information is sent to the accounting department. The accounting
department receives the email and decrypts it using a PGP utility
(see link to free utilities above).