Re: PGP scripting...

From: Valdis.Kletnieksat_private
Date: Tue Jan 07 2003 - 12:19:24 PST

  • Next message: Mindaugas Zaksauskas: "Re: PGP scripting..."

    On Tue, 07 Jan 2003 12:02:13 EST, Andrew MacKenzie <andyat_private>  said:
    
    > My question therefore is: is all this worth the trouble?  In order to use
    > PGP with scripts (or even Java code), the scripts need access to both the
    > private key and pass phrase (which are stored locally in files).  If the
    > system were compromised would any of this help?
    
    Simple answer:  "GAME OVER".
    
    Detailed answer:  If the system is compromised, they have all the data they
    need to get all the data.  The only way to "fix" this is to have a "pgp daemon"
    that needs to be started by hand so you can give it the passphrase.
    
    The disadvantage is that if the system reboots, you can't easily/reliably
    restart it from a /etc/rc.* script....
    
    Also, remember that if the system is compromised, you can probably get a lot
    of cool info via a 'strings /dev/kmem' or similar....
    -- 
    				Valdis Kletnieks
    				Computer Systems Senior Engineer
    				Virginia Tech
    
    
    
    



    This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 14:28:42 PST