Swift Internet :: Frequently Asked Questions

Internet Access

Domains & E-mail

Support Helpdesk

Frequently Asked Questions

Choose Category

:

How do I use the secure server, or set up PGP e-mail encryption ?

E-Commerce Tools/ Secure Server Area
How do I use the secure server, or set up PGP e-mail encryption ?
If you have for instance set-up a shopping system on your web site, your payment page where the user enters their payment details may be placed in a directory on the Swift secure server area. This provides SSL 3.0 40 bit encryption between the users browser and the server for security. The padlock symbol will appear on the users browser denoting that they are connected to a secure server. The secure server is also protected by an IP filtering firewall. The path to your page will then be https://swift3.swiftinter.net/~your_username/your_filename.htm If the form results are to be sent to the merchant as an e-mail, they may be encrypted by the server using PGP encryption before being transmitted. The merchant then decrypts the e-mail into clear text using his PGP key and password. There is a charge of a £65+vat/ann for server side PGP encryption. Setup of this system is described below. PGP Software is available free at the following link:- Windows Users: PGP 6.53 For Windows Mac Users: PGP 6.52a For Mac Download time for the PGP software itself is approx 35 mins. After Installation, you will need to create your key which must be compatible with version 2.63i which is installed on the secure server. To do this, you should use the versions listed above, and when you generate your key, use the RSA, and 1024bit key options. 1 Start PGPkeys. \|Start\|Programs\|PGP\|PGP Keys\| 2 Choose New Key from the Keys menu. 3 The PGP Key Generation Wizard asks you to enter your name and email address. Enter the same e-mail address used by the payment system. e.g. orders@yourdomain.co.uk 4 Click Next. 5 Select a key type. You must select RSA 6 Select a 1024 bit key size. 7 Choose when the key pair expires. Enter Never. 8 Type a passphrase. This is a password which you will need to enter everytime you need to decrypt an e-mail. An adequate passphrase contains multiple words and may include spaces, numbers, and punctuation characters. Choose something that you can remember easily but that others won�t be able to guess. The passphrase is case sensitive, meaning that it distinguishes between uppercase and lower case letters. 9 Click Finish. 10 A pair of keys representing your newly created keys appears in the PGPkeys window. 11 To send us your public key: highlight the key, select \| keys \| Export \| This will save your key as an .asc file. Send the key to us as an e-mail attachment. Remember your passphrase, but never write it down, or divulge it to anyone including us. 12 It is important to backup your key pair to a floppy disk and keep it somewhere safe. If your key is lost you will not be able to decrypt messages sent from the secure server. PGP prompts you to save a backup copy when you close the PGPkeys application after creating a new pair. Your private keys and your public keys are stored in separate keyring files, which you can copy just like any other files to another location on your hard drive or to a floppy disk. By default, the private keyring (secring.skr) and the public keyring (pubring.pkr) are stored with the other program files in the �PGP Keyrings� folder in the �PGP 6.5� folder, but you can save your backups in any location you like. When you specify that you want to save a backup copy of your keys, the Save As dialog box appears, asking you to specify the location of the backup private and public keyring files that are to be created. We suggest saving to a floppy disk and keeping it somewhere safe. To make a backup copy of your keys, follow these steps: 1 Start PGPkeys. \|Start\|Programs\|PGP\|PGP Keys\| 2 Select your key from the list so that it is highlighted. 3 Select Export from the Keys menu. \| keys \| Export \| The Export Key to File dialog box appears. 4 Select where you want to back up your keys. (Suggest a floppy disk. Usually drive A) 5 Select the Include Private Keys checkbox. (Important) 6 Click Save. Note The backup keys are named pubring.pkr.bak and secring.skr.bak. If you are using GT Shopping Cart Software you've finished ! If you are setting up your own form, see below for form set-up. Form Configuration For an example of a form which uses the FormMailPGP.pl script, see https://swift3.swiftinter.net/Swift_Secure_Pay.htm The URL to your area will be https://swift3.swiftinter.net/~your_username The recipient address must be the e-mail address related to your PGP key. Form Configuration For an example of a form which uses the FormMailPGP.pl script, see https://swift3.swiftinter.net/Swift_Secure_Pay.htm The URL to your area will be https://swift3.swiftinter.net/~your_username The recipient address must be the e-mail address related to your PGP key. ----------------------------------------------------------------------------- Form Action: The URL of the script is: https://swift3.swiftinter.net/cgi-bin/FormMailPGP.pl Therefore the form action needs to be specified as follows: <FORM METHOD="POST" ACTION="https://swift3.swiftinter.net/cgi-bin/FormMailPGP.pl" NAME="secureform"> ----------------------------------------------------------------------------- Necessary Form Fields: There are two hidden form fields that you must have in your form for FormMailPGP to work correctly. pgp_key and recipient ----------------------------------------------------------------------------- Field: pgp_key Description: This tells the script which public PGP key to use when encrypting the data. Because the pgp_key user id is passed to the script via a hidden form field, there is no need to set up a different script for each form - even if you want to encrypt different forms to different people. Configure this option as a hidden form field with a value equal to that of your PGP key user ID. Syntax: <input type="hidden" name="pgp_key" value="Your_Key_User_ID"> ----------------------------------------------------------------------------- Field: recipient Description: This form field allows you to specify to whom you wish for your form results to be mailed. Most likely you will want to configure this option as a hidden form field with a value equal to that of your e-mail address. Syntax: <input type=hidden name="recipient" value="email@domainname.co.uk" > ----------------------------------------------------------------------------- Recommended Form Fields: ----------------------------------------------------------------------------- Field: subject Description: The subject field will allow you to specify the subject that you wish to appear in the e-mail that is sent to you after this form has been filled out. If you do not have this option turned on, then the script will default to a message subject: WWW Form Submission Syntax: If you wish to choose what the subject is: <input type=hidden name="subject" value="Your Subject"> To allow the user to choose a subject: <input type=text name="subject"> ----------------------------------------------------------------------------- Field: email Description: This form field will allow the user to specify their return e-mail address. If you want to be able to return e-mail to your user, I strongly suggest that you include this form field and allow them to fill it in. This will be put into the From: field of the message you receive. If you want to require an email address with valid syntax, add this field name to the 'required' field. Syntax: <input type=text name="email"> ----------------------------------------------------------------------------- Optional Form Fields: ----------------------------------------------------------------------------- Field: realname Description: The realname form field will allow the user to input their real name. This field is useful for identification purposes and will also be put into the From: line of your message header. Syntax: <input type=text name="realname"> ----------------------------------------------------------------------------- Field: redirect Description: If you wish to redirect the user to a different URL, rather than having them see the default response to the fill-out form, you can use this hidden variable to send them to a pre-made HTML page. Syntax: To choose the URL they will end up at: <input type=hidden name="redirect" value="http://your.host.com/to/file.html"> To allow them to specify a URL they wish to travel to once the form is filled out: <input type=text name="redirect"> ----------------------------------------------------------------------------- Field: required Version: 1.3 & Up Description: You can now require for certain fields in your form to be filled in before the user can successfully submit the form. Simply place all field names that you want to be mandatory into this field. If the required fields are not filled in, the user will be notified of what they need to fill in, and a link back to the form they just submitted will be provided. To use a customized error page, see 'missing_fields_redirect' Syntax: If you want to require that they fill in the email and phone fields in your form, so that you can reach them once you have received the mail, use a syntax like: <input type=hidden name="required" value="email,phone"> ----------------------------------------------------------------------------- Field: env_report Version: 1.3 & Up Description: Allows you to have Environment variables included in the e-mail message you receive after a user has filled out your form. Useful if you wish to know what browser they were using, what domain they were coming from or any other attributes associated with environment variables. The following is a short list of valid environment variables that might be useful: REMOTE_HOST - Sends the hostname making a request. REMOTE_ADDR - Sends the IP address of the remote host making the request. REMOTE_USER - If server supports authentication and script is protected, this is the username they have authenticated as. This is not usually set. HTTP_USER_AGENT - The browser the client is using to send the request. There are others, but these are a few of the most useful. For more information on environment variables, see: <http://www.cgi-resources.com/Documentation/Environment_Variables/> Syntax: If you wanted to find the remote host and browser sending the request, you would put the following into your form: <input type=hidden name="env_report" value="REMOTE_HOST, HTTP_USER_AGENT"> ----------------------------------------------------------------------------- Field: sort Version: 1.4 & Up Description: This field allows you to choose the order in which you wish for your variables to appear in the e-mail that FormMailPGP generates. You can choose to have the field sorted alphabetically or specify a set order in which you want the fields to appear in your mail message. By leaving this field out, the order will simply default to the order in which the browsers sends the information to the script (which is usually the exact same order as they appeared in the form.) When sorting by a set order of fields, you should include the phrase "order:" as the first part of your value for the sort field, and then follow that with the field names you want to be listed in the e-mail message, separated by commas. Version 1.6 allows a little more flexibility in the listing of ordered fields, in that you can include spaces and line breaks in the field without it messing up the sort. This is helpful when you have many form fields and need to insert a line wrap. Syntax: To sort alphabetically: <input type=hidden name="sort" value="alphabetic"> To sort by a set field order: <input type=hidden name="sort" value="order:name1,name2, name3,etc..."> ----------------------------------------------------------------------------- Field: print_config Version: 1.5 & Up Description: print_config allows you to specify which of the config variables you would like to have printed in your e-mail message. By default, no config fields are printed to your e-mail. This is because the important form fields, like email, subject, etc. are included in the header of the message. However some users have asked for this option so they can have these fields printed in the body of the message. The config fields that you wish to have printed should be in the value attribute of your input tag separated by commas. Syntax: If you want to print the email and subject fields in the body of your message, you would place the following form tag: <input type=hidden name="print_config" value="email,subject"> ----------------------------------------------------------------------------- Field: print_blank_fields Version: 1.6 Description: print_blank_fields allows you to request that all form fields are printed in the return HTML, regardless of whether or not they were filled in. FormMailPGP defaults to turning this off, so that unused form fields aren't e-mailed. Syntax: If you want to print all blank fields: <input type=hidden name="print_blank_fields" value="1"> ---------------------------------------------------------------------------- Field: title Version: 1.3 & Up Description: This form field allows you to specify the title and header that will appear on the resulting page if you do not specify a redirect URL. Syntax: If you wanted a title of 'Feedback Form Results': <input type=hidden name="title" value="Feedback Form Results"> ----------------------------------------------------------------------------- Field: return_link_url Version: 1.3 & Up Description: This field allows you to specify a URL that will appear, as return_link_title, on the following report page. This field will not be used if you have the redirect field set, but it is useful if you allow the user to receive the report on the following page, but want to offer them a way to get back to your main page. Syntax: <input type=hidden name="return_link_url" value="http://your.host.com/main.html"> ----------------------------------------------------------------------------- Field: return_link_title Version: 1.3 & Up Description: This is the title that will be used to link the user back to the page you specify with return_link_url. The two fields will be shown on the resulting form page as: <ul> <li><a href="return_link_url">return_link_title</a> </ul> Syntax: <input type=hidden name="return_link_title" value="Back to Main Page"> ----------------------------------------------------------------------------- Field: missing_fields_redirect Version: 1.6 Description: This form field allows you to specify a URL that users will be redirected to if there are fields listed in the required form field that are not filled in. This is so you can customize an error page instead of displaying the default. Syntax: <input type=hidden name="missing_fields_redirect" value="http://your.host.com/error.html"> ----------------------------------------------------------------------------- Field: background Version: 1.3 & Up Description: This form field allow you to specify a background image that will appear if you do not have the redirect field set. This image will appear as the background to the form results page. Syntax: <input type=hidden name="background" value="http://your.host.com/image.gif"> ----------------------------------------------------------------------------- Field: bgcolor Version: 1.3 & Up Description: This form field allow you to specify a bgcolor for the form results page in much the way you specify a background image. This field should not be set if the redirect field is. Syntax: For a background color of White: <input type=hidden name="bgcolor" value="#FFFFFF"> ----------------------------------------------------------------------------- Field: text_color Version: 1.3 & Up Description: This field works in the same way as bgcolor, except that it will change the color of your text. Syntax: For a text color of Black: <input type=hidden name="text_color" value="#000000"> ----------------------------------------------------------------------------- Field: link_color Version: 1.3 & Up Description: Changes the color of links on the resulting page. Works in the same way as text_color. Should not be defined if redirect is. Syntax: For a link color of Red: <input type=hidden name="link_color" value="#FF0000"> ----------------------------------------------------------------------------- Field: vlink_color Version: 1.3 & Up Description: Changes the color of visited links on the resulting page. Works exactly the same as link_color. Should not be set if redirect is. Syntax: For a visited link color of Blue: <input type=hidden name="vlink_color" value="#0000FF"> ----------------------------------------------------------------------------- Field: alink_color Version: 1.4 & Up Description: Changes the color of active links on the resulting page. Works exactly the same as link_color. Should not be set if redirect is. Syntax: For a visited link color of Blue: <input type=hidden name="alink_color" value="#0000FF"> ----------------------------------------------------------------------------- Your Bank may need to know what you are doing, and will ask you the encryption type which is SSL3.0 They will also ask about a firewall. There is an IP filtering Firewall protecting the secure server. Any questions, give us a call Your Bank may need to know what you are doing, and will ask you the encryption type which is SSL3.0 They will also ask about a firewall. There is an IP filtering Firewall protecting the secure server. Any questions, give us a call


	Code of Practice	Privacy Statement
	Terms & Conditions	Complaints

© Swift Internet 2008 - All Rights Reserved
Designed & Hosted by Swift Internet