Re: Automate GPG or PGP to make an .exe

"TC" <gg.20.keen4some@xxxxxxxxxxxxxxx> writes:
(4) Creates an EXE file which, when run on a target PC, will:
(a) Fire up the symmetric cipher;
(b) Prompt the user for the secret key, then
(c) Decrypt the file accordingly.

Color me stupid, but, I am struggling to see the problem with this.
Please elucidate the holes in that process.

An attacker can substitute a malicious .exe for the real one, and the
user then enters the secret password into it. Oops.
.

Relevant Pages

  • Re: Decrypt
    ... are you simply looking for a utility to decrypt ... > document (by using secret key). ... > private key avaiable by CSP. ... > code will be review by client), not by Crypto API (source code is not ...
    (microsoft.public.platformsdk.security)
  • Re: Open and Decrypt Private Key
    ... | How do you decode the secret key with your ... I know to Base64Decode the private key, but how do I decrypt it ... | find out the secret key for the message passing? ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: gpg and outlook 2002
    ... so I have figured how I am supposed to decrypt in Outlook ... > to linux and was able to decrypt in Thunderbird with no problem. ... You need to transfer the secret key. ...
    (Debian-User)
  • Re: [opensuse] public and private key locations [another problem]
    ... On Friday 23 March 2007 06:21, Carlos E. R. wrote: ... locate my "secret key". ... Then it seemed as though I was able to decrypt the files. ... To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx ...
    (SuSE)
  • AES decryption
    ... that is encrypted with symetric AES algorythm and I have a 128 bit key to ... How do I decrypt the data, preferebly in CAPICOM, but CAPI will ... // Decrypt message with secret key. ... messageCipher.init(Cipher.DECRYPT_MODE, secretKey); ...
    (microsoft.public.platformsdk.security)