GnuPG front-end to safely en/de-crypt files using symmetic cipher

From: Dusan Chromy (dusan.chromy_at_tiscali.cz)
Date: 05/27/03


Date: 27 May 2003 06:27:16 -0700

Hi,

I am using Steganos Security Suite v4 to encrypt some files on my
computer. However, every time I open them using Steganos, they got
saved decrypted on the disk.

I was thinking about writing a Java application to avoid that. The
idea is to
use GnuPG as the encryption engine for symmetrical encryption. The
Java application would invoke gpg (--decrypt) via Runtime.exec,
capture it's output (the decrypted file) and let the user modify it.
When done, it would again invoke gpg (--symmetric) to encrypt the
file.

Now I have several questions about this approach:

1) How secure is it at all? Runtime.exec uses probably the pipe
mechanism of the underlying OS to communicate with the process, so the
encrypted data would definitely get written somewhere in memory. How
vulnerable it is?

2) The passphrase is needed for both encryption and decryption. For
convenience, the Java application should ask the password from user
and send it to gpg (run gpg with --passphrase-fd 0). I guess it's
equally bad as item 1), but then again it's not nice to have user type
the passphrase in console window...

3) Is there a freeware product doing this or alike? I don't care so
much about commercial products because I'd like to make mine freeware.
However I wouldn't mind a little inspiration from the commercial arena
too :-)

4) Given all the drawbacks of items 1)-2) and compared to the
improvement over a scenario with temporary files, does it make sense
to create such application?

Thanks,

Dusan



Relevant Pages

  • Re: Auto-update protocol
    ... to transfer even with a single client and no interference. ... shared secret/public key is the only way to do the encryption. ... successfully decryption is the authentication. ... you can get using a generic farm server, but TFTP does not have any ...
    (comp.arch.embedded)
  • Re: Securing data to a process principal
    ... encryption key first time for the user - and use it later). ... secret. ... I need the decryption to ... You MAY think that instead of a filter driver you can simply ...
    (microsoft.public.platformsdk.security)
  • Re: embedded keys - there has to be a less vulnerable approach
    ... the database would be run on top of an encrypting file system ... > The use of an asymmetrical encryption algorithm does not seem to offer ... because the encryption and decryption ... > a hostile attacker is not a member of that small knowledgeable elite. ...
    (comp.security.misc)
  • embedded keys - there has to be a less vulnerable approach
    ... the database would be run on top of an encrypting file system ... The use of an asymmetrical encryption algorithm does not seem to offer ... because the encryption and decryption ... You have a table with customer names and addresses. ...
    (comp.security.misc)
  • NTE_BAD_DATA
    ... decryption module using the self signed certificate. ... My encryption and decryption module are as follows. ... goto Exit_MyDecryptFile; ... // imported from a BLOB read in from the source file or having ...
    (microsoft.public.platformsdk.security)