[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-modperl
Subject:    Re: decrypt the posted content
From:       André_Warnier_(tomcat/perl) <aw () ice-sa ! com>
Date:       2019-11-20 10:55:15
Message-ID: 5DD51B93.5040909 () ice-sa ! com
[Download RAW message or body]

On 20.11.2019 10:26, Tillman Peng wrote:
> hello
>
> My client post the data body which is encrypted with public-key.
> the private key is deployed in web server,powered by mp2.
> How can I correctly decrypt the data with private key from within modperl handler?
>

Hi.
Do you have a separate command-line program on the server which can decrypt that content ?
If yes : if you do not find an appropriate perl module to do this decryption, your 
mod_perl handler can always execute that external program using the system() function.
(See : https://perldoc.perl.org/5.30.0/functions/system.html)

General idea :
- get the encrypted content from the request
- write this encrypted content to a file in some appropriate work directory on the server
- compose the external command that reads the encrypted data, and writes the decrypted 
content to a file
- execute that command with system()
- check for errors
- read the decrypted results file
- clean up

If you end up using this method, and you are doing this from within an Apache/mod_perl 
handler, you have to be extra careful about many aspects, such as :
- catching any errors which may happen in the external program, and interpret them 
correctly in the calling module.
- logging the errors properly, so that if "it doesn't work", you can find out why
- taking into account that your webserver may receive several simultaneous requests for 
such content, and thus that there may be several instances of that external command 
running at the same time (think about the temporary files that you may need, and make sure 
that each instance uses its own unique files)
- cleaning up after succesfully running the command
- maybe selectively "not cleaning up" if there were any problems, so that you can inspect 
what happened
- check permissions (the external program will run under the same user-id as the 
webserver, so whatever it writes, must be in a directory writeable by the webserver)
- verify that the external command cannot be running for too long, causing the client to 
time-out waiting for a response, and closing the connection to the webserver
- make extra sure that the client cannot, through some malicious use of the parameters 
that it sends to the server (e.g. filenames), result in damage on your server
(e.g. system("program > /etc/passwd"))
- etc.

If you prefer to use a perl module to do the decryption, you will have to look at what is 
available on CPAN.  Most modules that relate to encryption/decryption are in the "Crypt" 
namespace, such as : https://metacpan.org/search?q=crypt%3A%3A



[prev in list] [next in list] [prev in thread] [next in thread]