> Also, it doesn't do too much to help with the fact > that the private key/passphrase will still be stored locally. I don't remember which OS you were using, but you may have other alternatives. As meantioned, if you have some daemon that performs the encrypt/decrypt, you can have the passphrase stored there only[1]. However you still need some secure method to make sure only 'authorized' processes can communicate with it. However the method needed to authorize itself (some form of password or pub/private key challenge) is the new point of attack, and is no better protected. You've just moved the vulnerability a bit. However you may be able to set up your machine to have the keys and/or pgp keyrings available only to the authorized processes themselves at the kernel level. If this were a Linux machine, I'd suggest something like LIDS[2]. You'd be able to declair the pgp keyring to be invisible to all processes, and grant read access only to the process that needs it. Or if you don't like blank passphrases (and you shouldn't) make a second file that is also invisible that has the passphrase.[3] Thus your encryptor/decryptor can use the pgp keyring and read the passphrase, but any cracker that exploits something else in your system can't get access. You must protect this program from modification, else an attacker can change it to let him use these files, but LIDS forces this on you anyway. Any bug in this program can still be used to circumvent security, but that's not new. [1] With the downside that you need to supply it on bootup [2] Grsecurity should be able to do this as well, but I'm not as up on my grsecurity terminology. [3] By 'invisible' I mean that it has CAP_HIDDEN which means it is unavailable entirely. Unauthorized processes are told it doesn't exist when they try to open it. This isn't just hiding it from 'ls' output, any access to it is blocked, unless you are allowed specifically allowed access to it. not as up on the terminology. RSBAC or SELinux would too, but perhaps are more than you need for this one application. -- Brian Hatch Something about Systems and that idea stirs Security Engineer deep terror within me. www.hackinglinuxexposed.com --Nick Every message PGP signed
This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 19:49:33 PST