Re: 2 security issues

From: mike ledoux (mwl+securityfocus@alumni.unh.edu)
Date: 12/12/01 

Date: Wed, 12 Dec 2001 15:12:50 -0500
From: mike ledoux <mwl+securityfocus@alumni.unh.edu>
To: Focus on Linux Mailing List <focus-linux@securityfocus.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Dec 11, 2001 at 12:43:46PM -0800, bugtraq@t-swat.com wrote:
> At 11:33 AM 10/12/2001, hvdkooij@vanderkooij.org wrote:
> >On Sun, 9 Dec 2001, Robin Lynn Frank wrote:
> >
> > > 1. Is there any way to encrypt all "system" mail to a specific key by
> > > default?
> >
> >If you use scripts it should be feasible to use GPG for this in an
> >automated manner.
>
> Just remember that anything that can be automatically done, can be
> automatically "un-done". That's like locking the door but leaving the key
> under the mat.

I don't believe that is true in this case. For GPG to encrypt to a key,
it only needs the public key; to decrypt it needs both the private key
and the passphrase. As long as the machine doing the encrypting doesn't
have a copy of the private key, it should be quite difficult for someone
to automatically undo the encryption.

If he were using symmetric encryption, then I'd agree with you.

- --
mwl+securityfocus@alumni.unh.edu OpenPGP KeyID 0x57C3430B
Holder of Past Knowledge CS, O-
Put your wasted CPU cycles to use: http://www.distributed.net/
"Life is pleasant. Death is peaceful. It's the transition
 that's troublesome." Isaac Asimov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8F7pC5rgdHFfDQwsRAjXmAJ9GaLdgLYbqGPhohYOowt2aMm4nOACgzT4o
J1rmV1GzwWWvJoFJBnMya1U=
=hYk/
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: question about gpg
    ... for the private key? ... better to use the public method even for personal encryption,despite i ... gpg and browsing the web i found out that using a password for about ... 2**128 bits it would be as strong as an encryption on 2048 length ...
    (comp.os.linux.security)
  • Re: 2 security issues
    ... >>If you use scripts it should be feasible to use GPG for this in an ... >>automated manner. ... private key *and* the passphrase. ...
    (Focus-Linux)
  • Re: RSA breaking vs. factoring
    ... affects the two possible usages of RSA both for encryption (first public, ... then private key) and for signing ... are identical to encryption, in reverse order. ... Digital signature generation takes an input message (which may be quite ...
    (sci.crypt)
  • Re: CryptAPI(encryption/decryption)
    ... It seems like you're missing the Base64 decode step when trying to decrypt ... I misspelled the Private Key as Primary Key. ... Is there any variation in the encryption format in openssl compared to ... "Dylan DSilva " wrote: ...
    (microsoft.public.pocketpc.developer)
  • Re: RSACryptoServiceProvider decrypt with public key
    ... private key which my programs could decipher using a public key I've ... But since private key encryption and public key decryption isn't ... > If Alice gives Bob her public key, ...
    (microsoft.public.dotnet.security)