Do any of you have experience with this?
I am trying to figure out how to create payment processing with
e-Bullion as a backend, and am finding very little to help me in the
encryption / decryption area. The transaction is ‘verifiable’ by a
GnuPG key that they send back with the results of the transaction.
Without verifying the transaction there might be people who would try
to ‘spoof’ transactions. I have found no plugins or gem that appear to
enable me to decrypt this GPG or PGP key. I looks roughly like this
(important bits removed):
The relevant section of the POST string begins with (ATIP_VERIFICATION
is the field name / parameter name):
ATIP_VERIFICATION=-----BEGIN+PGP+MESSAGE-----%0D%0AVersion%3A+GnuPG+v1.2.6+%28GNU%2FLinux
Middle:
Ends with:
%0D%0A-----END+PGP+MESSAGE-----%0D%0A
The sample code that e-Bullion supplies comes with a script that can do
the decryption for me, but it is written in Perl. Even though I don’t
know Perl well, I can tell it is saving the key string to a keyfile on
disk, and then verifying it against my own key using a call to the gpg
binary from the command line.
So I have a few thoughts / questions.
- Can I call the command line directly from rails to call the actual
GPG binary itself? I know the command line can call rails in the form
of runners, but I need the reverse. Even with this I am not sure if it
would help as the PGP/GPG versions are different on my host than in the
key e-Bullion sent me.
1a) Can I call Perl from Rails with parameters to execute the script
that way?
-
Can I use any of the many crypto plugins or gems available to Ruby?
ruby-gpgme looked promising, but a serious lack of documentation and a
pre-req of gpgme-config which I cannot seem to get installed on my
machine are halting progress here. Sentry also looked ineresting, as
did several others, but most of the crypto plugins / gems never
directly mention PGP or GPG leaving me to wonder if they can handle it
or not. -
Does anyone have some example code on how to do this? I find it
hard to imagine that there is not a greater need for GPG key decryption
among all the ‘business’ apps being written in Rails, yet when I search
Google I feel as if I am alone in this. -
If I can figure this out I’d like to extract it and make an
e-Bullion module for ActiveMerchant. Better yet is one already
underway that I could assist with?
Thanks,
Peter B.