Do any of you have experience with this?
I am trying to figure out how to create payment processing with e-Bullion as a backend, and am finding very little to help me in the encryption / decryption area. The transaction is 'verifiable' by a GnuPG key that they send back with the results of the transaction. Without verifying the transaction there might be people who would try to 'spoof' transactions. I have found no plugins or gem that appear to enable me to decrypt this GPG or PGP key. I looks roughly like this (important bits removed):
The relevant section of the POST string begins with (ATIP_VERIFICATION is the field name / parameter name): ATIP_VERIFICATION=-----BEGIN+PGP+MESSAGE-----%0D%0AVersion%3A+GnuPG+v1.2.6+%28GNU%2FLinux Middle: <imagine a really long string of almost random characters> Ends with: %0D%0A-----END+PGP+MESSAGE-----%0D%0A
The sample code that e-Bullion supplies comes with a script that can do the decryption for me, but it is written in Perl. Even though I don't know Perl well, I can tell it is saving the key string to a keyfile on disk, and then verifying it against my own key using a call to the gpg binary from the command line.
So I have a few thoughts / questions.
1) Can I call the command line directly from rails to call the actual GPG binary itself? I know the command line can call rails in the form of runners, but I need the reverse. Even with this I am not sure if it would help as the PGP/GPG versions are different on my host than in the key e-Bullion sent me.
1a) Can I call Perl from Rails with parameters to execute the script that way?
2) Can I use any of the many crypto plugins or gems available to Ruby? ruby-gpgme looked promising, but a serious lack of documentation and a pre-req of gpgme-config which I cannot seem to get installed on my machine are halting progress here. Sentry also looked ineresting, as did several others, but most of the crypto plugins / gems never directly mention PGP or GPG leaving me to wonder if they can handle it or not.
3) Does anyone have some example code on how to do this? I find it hard to imagine that there is not a greater need for GPG key decryption among all the 'business' apps being written in Rails, yet when I search Google I feel as if I am alone in this.
4) If I can figure this out I'd like to extract it and make an e-Bullion module for ActiveMerchant. Better yet is one already underway that I could assist with?
Thanks, Peter Boling