Forum: Ruby on Rails GPG key decryption and transaction verification

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
B7ecb37878cb8bc1d330473023f1eeca?d=identicon&s=25 Peter Boling (Guest)
on 2006-12-31 00:34
(Received via mailing list)
Do any of you have experience with this?

I am trying to figure out how to create payment processing with
e-Bullion as a backend, and am finding very little to help me in the
encryption / decryption area.  The transaction is 'verifiable' by a
GnuPG key that they send back with the results of the transaction.
Without verifying the transaction there might be people who would try
to 'spoof' transactions.  I have found no plugins or gem that appear to
enable me to decrypt this GPG or PGP key.  I looks roughly like this
(important bits removed):

The relevant section of the POST string begins with (ATIP_VERIFICATION
is the field name / parameter name):
<imagine a really long string of almost random characters>
Ends with:

The sample code that e-Bullion supplies comes with a script that can do
the decryption for me, but it is written in Perl.  Even though I don't
know Perl well, I can tell it is saving the key string to a keyfile on
disk, and then verifying it against my own key using a call to the gpg
binary from the command line.

So I have a few thoughts / questions.

1) Can I call the command line directly from rails to call the actual
GPG binary itself?  I know the command line can call rails in the form
of runners, but I need the reverse.  Even with this I am not sure if it
would help as the PGP/GPG versions are different on my host than in the
key e-Bullion sent me.

1a) Can I call Perl from Rails with parameters to execute the script
that way?

2) Can I use any of the many crypto plugins or gems available to Ruby?
ruby-gpgme looked promising, but a serious lack of documentation and a
pre-req of gpgme-config which I cannot seem to get installed on my
machine are halting progress here.  Sentry also looked ineresting, as
did several others, but most of the crypto plugins / gems never
directly mention PGP or GPG leaving me to wonder if they can handle it
or not.

3) Does anyone have some example code on how to do this?  I find it
hard to imagine that there is not a greater need for GPG key decryption
among all the 'business' apps being written in Rails, yet when I search
Google I feel as if I am alone in this.

4) If I can figure this out I'd like to extract it and make an
e-Bullion module for ActiveMerchant.  Better yet is one already
underway that I could assist with?

Peter Boling
This topic is locked and can not be replied to.