Re: 2 security issues

From: Robin Lynn Frank (rlfrank@paradigm-omega.com)
Date: 12/14/01 

From: Robin Lynn Frank <rlfrank@paradigm-omega.com>
To: mike ledoux <mwl+securityfocus@alumni.unh.edu>, Focus on Linux Mailing List <focus-linux@securityfocus.com>
Date: Thu, 13 Dec 2001 17:14:18 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 12 December 2001 13:12, mike ledoux wrote:

> I don't believe that is true in this case. For GPG to encrypt to a key,
> it only needs the public key; to decrypt it needs both the private key
> and the passphrase. As long as the machine doing the encrypting doesn't
> have a copy of the private key, it should be quite difficult for someone
> to automatically undo the encryption.
>
> If he were using symmetric encryption, then I'd agree with you.

You are correct about the assymetric process. In fact we havecome up with a
scheme which actually works. All of our machines are set up to use kmail as
their primary email clients. All system mail is sent to a folder called
"admin". A script in each machine's crontab runs the contents through gpg
encrypting to my public key. when it is sent, the "folder" is replaced with
an index and file containing no messages, just so kmail doesn't "freak out".
There are still a few rough edges such as what happens if we are encrypting
the contents or or replacing the index when an new system message is
retrieved by kmail from the queue. But I like to tinker with such problems.
- --
Robin Lynn Frank

Director of Operations
Paradigm-Omega, LLC
============================================================
For security reasons, no attachments or HTML content will be accepted.
============================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8GURhRl1xq0FBQGgRAgqyAKCJqQlyXuHsXYdmNQsY9kmEcrqWwACgiFwZ
WjEWBMbWhceT7+VrvCmzY4E=
=kwny
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: Gnugpg
    ... encrypting with x.509 digital certificates. ... Gpg seems kludgey to me. ... The algorithms used in later versions of PGP and now GPG are much more secure, and I'd rather use just one system for my encryption and signing that works. ... The needed packages are mozilla-thunderbird-enigmail, gnupg. ...
    (Ubuntu)
  • Java interacting with gpg
    ... I'm starting a bit for our project where a client will be encrypting a small ... bit of text with a public key using GPG, and we need to decrypt it. ... I can simply fork off a gpg program everytime, ...
    (comp.lang.java.programmer)
  • Re: Nice GUI/CLI Password Manager for Linux
    ... vim can be configured to automatically use gpg to decrypt *.gpg files ... never touches the disk (though encrypting your swap partition too wouldn't ... autocmd BufReadPre,FileReadPre *.gpg set noswapfile ... " Switch to binary mode to read the encrypted file ...
    (Debian-User)
  • Re: Any backup solutions that offer password protected tapes?
    ... >> backing up to disk then encrypting the data using something like GPG ... > - This is a custom backup system outside the normal and usual tools any ... etc.) to encrypt the output to tape and decrypt the input from ...
    (comp.unix.solaris)
  • Re: Any backup solutions that offer password protected tapes?
    ... > backing up to disk then encrypting the data using something like GPG on ... I have the key backed-up on a pen drive and a remote system both gpg ... look at aespipe which comes with loop-aes specifically the script: ...
    (comp.unix.solaris)