On Tue, 2003-01-07 at 14:19, Valdis.Kletnieksat_private wrote: > Simple answer: "GAME OVER". > > Detailed answer: If the system is compromised, they have all the data they > need to get all the data. The only way to "fix" this is to have a "pgp daemon" > that needs to be started by hand so you can give it the passphrase. Is that really so? (I'm using your reply for the nice summary, but it applies to other's as well). Assuming a PGP encryption to itself is performed, then I agree. But shouldn't it be possible to encrypt to a key which does not reside on the encrypting computer? Once could leave only the recipients public key and the batch process' private on this system and encrypt to the recipient, then move the data out. At this point the data can not be decrypted since we don't have the recipients secret key. Not having the process' public key will prevent the encryption-to-self issue. The data at its other location can then be decrypted with the recipients secret keys and the encrypting process' public key. So once the data has been encrypted on that box, the statement "If the system is compromised, they have all the data they > need to get all the data." is not true since all they can get is the encrypted data. Or did I miss the benefits of public key crypto-systems here and I'm way off? Regards, Frank
This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 18:31:41 PST