Re: Can anyone help me with unix data encryption ?

From:
Date: 07/27/02


Date: 27 Jul 2002 14:08:47 GMT

Graham <alcina@supanet.com> wrote:
> I'm an application programmer. I've been given project to link my company's
> product to another over a network. I've got to send messages in an XML
> format, which doesn't look to be a problem, but I've got to use 3-DES
> encryption. The host OS is UNIX. The application language is Mumps / M /
> M-technology / CACHE without the new webby bits.
> I don't even know unix !!! All this is new to me and as usual there's no
> learning curve built into the project budget.
> I can create the XML tags with the embedded data without any problem. I can
> find someone who can send these messages down a port / socket. I'm
> struggling to get a handle on the encryption side.
> So far I think I've nailed that
> - DES is a US data encryption standard.
> - 3-DES is the same as triple DES
> - This means the encryption uses 3 x 56 bit keys

> I thought I could use the unix crypt command but the site's unix says it's
> only got crypt(1) and not crypt(3). I can't change this 'coz a number of
> producta, including our own, use crypt for password authentication.

> I need to know
> - where to get some software that will encrypt to this standard
> - how to call it from an application program
> - how to receive & decrypt the replies

I would start at another end. Protecting the data in transit seems to
be the importent thing.

Now using encryption involves crypto-keys. If those keys arn't handled safe
your cryptosystem is unsafe regardless of algorithm used. How is the
kays going to be handled ?

Without answering the above i would recommend you to take another
approach. Set up a VPN using godo cryptos and built-in key management
that is "known-to-be-good".

This can be done with lots of equipment, some free, some with a pricetag.

My favorite is a pair of pentiom boxes running OpenBSD. ( OpenBSD has
the "reference implementation of isakmpd, the key management software
for IPSec)

And of course most good algorithms are available, sa 3DES. You don't
even have to use OpenBSD in both ends, your partner might have a cisco
if they prefer.

You could even purchase a pair of cisco's for this VPN. Bu do not
try to "invent" a key-management on your own.

-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.



Relevant Pages

  • Can anyone help me with unix data encryption ?
    ... I'm an application programmer. ... The host OS is UNIX. ... I can create the XML tags with the embedded data without any problem. ... struggling to get a handle on the encryption side. ...
    (comp.security.unix)
  • File Transfer Translation & Encryption
    ... File Encryption - An IBM Enterprise Server Opportunity ... For many years the transfer of files between platforms (mainframes, UNIX, ... translation of the data occurs on the receiving UNIX system. ...
    (bit.listserv.ibm-main)
  • Re: newbie needing help on enabling secure mail
    ... how do i "install" the client certificates on the UNIX box? ... Can I simply take my certificates that I use for authentication on my Windows desktop and copy them to the UNIX box, and if so, where do I put them? ... Unless you need really strong encryption and given the fact that a lot of MUAs support it, I would recommend that you go with S/MIME. ... I'm sure that you can come up with something that Procmail can pass the encrypted message to as a filter and receive a decrypted copy of the message and handle appropriately. ...
    (comp.mail.sendmail)
  • Re: looking for good javascript unescape encoder
    ... If we talk about encryption, it is also very necessary thing, but it ... newsgroup do not use obfuscators and disapprove of their use, ... protection only against the casual inexperienced programmer. ... Whatever protection you choose, a user visiting a page with obfuscated ...
    (comp.lang.javascript)
  • Re: using gzlib from c#
    ... That in itself doesn't make me a bad programmer. ... recent thread about encryption "how good an encryption algorithm is this" ... developed by other people that are widespread, but I'm discerning in that I ... your very funny kind of person. ...
    (microsoft.public.dotnet.languages.csharp)