On Saturday 25 May 2002 10:34, Steffen Dettmer wrote: > * Kurt Seifried wrote on Thu, May 23, 2002 at 14:05 -0600: > > One possible solution, assuming you need to write the data but not read > > it until later is to encrypt it, generate a public/private keypair using > > pgp/gnupg, load the public key onto the server with your app, have it > > write the files after encrypting the data. Thus you can retrieve the data > > (ftp, www, whatever) and then decrypt it at your leisure and use it. > > I don't think that this makes things secure. If the web server > runs as nobody, the CGI script must be executable for nobody. The > secret key must be reable for nobody. I think you missed the point here, what Kurt suggested was that you only place the PUBLIC key on the web server and encrypt (not sign) the data you want to store. When you want access to the data, you download the files and decrypt them on your local server/workstation/etc. This doesn't prevent someone from writing bogus data into your file, but it does keep them from reading it. -HD
This archive was generated by hypermail 2b30 : Tue May 28 2002 - 13:25:49 PDT