I agree with Chris here with two cavets. It's not usually used this way, but one could use PGP's "standard encryption" feature (as opposed to the normal public key method) together with a temporary key stored in a scripts memory space (and not written to the disk) to temporarily write data in a safe way. This might allow you to follow the letter of the law and still write something useful. Of course if you're writing the file to the disk for inter-process communication this doesn't help much: In that case transfering the temporary key process to process in a secure way also becomes problematic. Alternatively you might be able to arrange a system where the script prompts an operator for a passphrase to unlock the private key at boot. But if the passphrase is coded into the script, written to disk, or easy to guess then it is worse than useless. john ----- Original Message ----- From: "Chris Matthews" <chrisat_private> To: "'Andrew MacKenzie'" <andyat_private>; <secprogat_private> Sent: Tuesday, January 07, 2003 11:38 AM Subject: RE: PGP scripting... > Hi, > > Normally I just lurk, however I can find one glaring hole in your setup. > I would assume that the main reason you're encrypting the data on disk > is to prevent unauthorized persons from viewing said data. However, if > an unauthorized person can access the encrypted datafiles, they most > likely can access the key files that you said are also locally on disk. > This basically makes your encryption process useless, and more > importantly, is giving your client a seriously wrong false sense of > security. > > At a very minimum, I would explain this to your client, and if they > still insist on this scheme, I would get a little signed note :) > > Just my $0.02 Whatever you do, if you learn of a Java-based PGP > package, I'd like to know about it as well! :) > > Cheers, > Chris > > -----Original Message----- > From: Andrew MacKenzie [mailto:andyat_private] > Sent: Tuesday, January 07, 2003 12:02 PM > To: secprogat_private > Subject: PGP scripting... > > > I apologize if this is a bit off-topic, but I'd like to ask a question > about practical use of PGP. I am a software developer, and have a > client > who is making a great attempt at being security conscious (to the extent > of > hiring a security consultant). > > We (my client) have a system that loads orders into an Oracle DB, and > processes billing (Java/Solaris based). One of the 'decrees' from my > client is that all files that store 'sensitive' data (customer info and > the > like) shall be PGP encrypted, and *never* be stored on a HDD in > un-encrypted form (even while processing said file). > > I can understand the desire to archive these files in encrypted forms, > and > to encrypt these files while transporting out of the system. But I > think > this idea goes a bit too far as to be more counter-productive than > useful. > After many days of fighting with 'pgp -f' and modifying processes to use > stdin/stdout, I've gotten much of this working. > > I would have prefered to use a PGP library (Java code), but was unable > to > find any within the timeframe. > > My question therefore is: is all this worth the trouble? In order to > use > PGP with scripts (or even Java code), the scripts need access to both > the > private key and pass phrase (which are stored locally in files). If the > system were compromised would any of this help? Is there a better way I > could do this than what I am already doing? This is somewhat academic > for > me at this point, as my client is inflexible on this point and code has > been written, but I'd be interested in hearing your opinions on this > subject. > > Thanks. > > -- > // Andrew MacKenzie | http://www.edespot.com > // "Those are my principles. If you don't like them I have others." > // -- Groucho Marx >
This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 16:42:50 PST