Getting encryption working with Interchange 5.2.0

After spending far too much time on this project, I finally discovered what is necessary to make Interchange work with the GnuPG program that comes with Linux-Mandrake 9, and works with Windows PGP freeware.

First, some setup in Interchange:

1. Logon with the username you want to use for your interchange catalog.  Type:

gpg --gen-key

...and follow the prompts.  Use the default values suggested for the first few.  After you have completed this, you will see in your home directory a .gnupg directory.  Inside are the private and public key files that you will need.  

We are now going to make Interchange see these files.  In this example, the user is called jdoe, and their home directory is: /home/jdoe.

2. Log on to Interchange Admin, click on TABLES.  Scroll down to the bottom to find the VARIABLE table.  Click on the NEW ENTRY tab.

Variable name: PGP

Preference value:

/usr/bin/gpg --no-default-keyring --always-trust --keyring /home/jdoe/.gnupg/pubring.gpg -e -a --batch -t -r

Preferences area: Encryption

Now click OK (make sure the EXPORT box is checked).  Click on the EDIT tab, and find the PGP_KEY variable (it may be on the second or third page).  Set it  to the email address you used when you generated the key in step 1.

3. Edit your catalog.cfg file, and find the line that says EncryptKey __PGP_KEY__.  Right after that, add: EncryptProgram __PGP__

Down in your route main, find the line: pgp_key   "__PGP_KEY__".  Add this line right before it:

encrypt_program    "__PGP__"

4. Restart your interchange server, and try ordering something.  You should get a nice encrypted message.

5. Now we need to get the proper key file over to Windows, so you can properly decrypt this message.  Log back in as the user in step 1, and enter:

gpg -a --export-secret-keys --secret-keyring /home/jdoe/.gnupg/secring.gpg

If you can't capture the screen, you can email this to yourself:

gpg -a --export-secret-keys --secret-keyring /home/jdoe/.gnupg/secring.gpg | mail

6. Now snag this on the windows side, copy it into Notepad, and save it as key.asc.

7. Install your PGP program.  For now, answer NO to "Do you have any existing keys?"  We'll add them later.  It will want you to reboot.  Do it.

When you're back up, right-click on the padlock tray icon, and select PGPKeys.  It will prompt you to enter the name and email address to generate your own messages.  If you are only going to be decoding Interchange's messages with this, there's no need to be specific here.  Just use TEST and TEST, and follow through the prompts so that it is satisfied that you've created a keyring.  (You'll be prompted for a passphrase - just enter "test" and "test" again.)

8. Now we're going to import the real key.  Click on KEYS, then IMPORT.  Browse to find the key.asc file you created in step 6.

You should now see three lines for the key you just imported.  If not, click the + sign(s) so that you see all three.  Now right-click on the second line (with the envelope), and click on KEY PROPERTIES.    Check the bottom box, "Implicit Trust".  Click OK.

9. You're done!  Close out of this program.

Now to give it a shot, display an email from interchange with the PGP encoding all shown on the screen.  Richt-click on the padlock tray icon, and select CURRENT WINDOW -> DECRYPT AND VERIFY.  You will need to enter the passphrase you created in step 1.  You should now see the decrypted message!

You can edit the preferences to retain that passphrase for more than the default of a few minutes.


Last updated 05/29/04