RE: PGP scripting...

From: Chris Matthews (chrisat_private)
Date: Tue Jan 07 2003 - 10:38:16 PST

  • Next message: Valdis.Kletnieksat_private: "Re: PGP scripting..."

    Hi,
    
    Normally I just lurk, however I can find one glaring hole in your setup.
    I would assume that the main reason you're encrypting the data on disk
    is to prevent unauthorized persons from viewing said data.  However, if
    an unauthorized person can access the encrypted datafiles, they most
    likely can access the key files that you said are also locally on disk.
    This basically makes your encryption process useless, and more
    importantly, is giving your client a seriously wrong false sense of
    security.
    
    At a very minimum, I would explain this to your client, and if they
    still insist on this scheme, I would get a little signed note :)
    
    Just my $0.02   Whatever you do, if you learn of a Java-based PGP
    package, I'd like to know about it as well! :)
    
    Cheers,
    Chris
    
    -----Original Message-----
    From: Andrew MacKenzie [mailto:andyat_private] 
    Sent: Tuesday, January 07, 2003 12:02 PM
    To: secprogat_private
    Subject: PGP scripting...
    
    
    I apologize if this is a bit off-topic, but I'd like to ask a question
    about practical use of PGP.  I am a software developer, and have a
    client
    who is making a great attempt at being security conscious (to the extent
    of
    hiring a security consultant).
    
    We (my client) have a system that loads orders into an Oracle DB, and
    processes billing (Java/Solaris based).  One of the 'decrees' from my
    client is that all files that store 'sensitive' data (customer info and
    the
    like) shall be PGP encrypted, and *never* be stored on a HDD in
    un-encrypted form (even while processing said file).
    
    I can understand the desire to archive these files in encrypted forms,
    and
    to encrypt these files while transporting out of the system.  But I
    think
    this idea goes a bit too far as to be more counter-productive than
    useful.
    After many days of fighting with 'pgp -f' and modifying processes to use
    stdin/stdout, I've gotten much of this working.  
    
    I would have prefered to use a PGP library (Java code), but was unable
    to
    find any within the timeframe.
    
    My question therefore is: is all this worth the trouble?  In order to
    use
    PGP with scripts (or even Java code), the scripts need access to both
    the
    private key and pass phrase (which are stored locally in files).  If the
    system were compromised would any of this help?  Is there a better way I
    could do this than what I am already doing?  This is somewhat academic
    for
    me at this point, as my client is inflexible on this point and code has
    been written, but I'd be interested in hearing your opinions on this
    subject.
    
    Thanks.
    
    -- 
    // Andrew MacKenzie  |  http://www.edespot.com
    // "Those are my principles. If you don't like them I have others." 
    //      -- Groucho Marx
    



    This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 14:11:38 PST