Re: PGP scripting...

From: Frank Knobbe (fknobbeat_private)
Date: Tue Jan 07 2003 - 22:47:37 PST

  • Next message: lsi: "Re: PGP scripting..."

    On Tue, 2003-01-07 at 22:17, Valdis.Kletnieksat_private wrote:
    
    > Unfortunately, you've just pushed the problem around - you now have your
    > data in a file that you need to copy to another system and decrypt in order
    > to actually DO anything with it.  So you still have the private-key problem,
    > just on a different server.
    
    Yeah, but isn't that the whole point? Move the 'problem' (of accessing
    the raw/unencrypted data) to a more trusted zone. If you can encrypt the
    data in a non-reversible fashion (at least as far as this machine is
    concerned), you don't even need to worry about the passphrase (as can be
    found in the script anyway). You only have to worry about securely
    destroying the plain text after encryption. I believe the 'problem' of
    safeguarding the data from unauthorized access (presuming plain text is
    wiped) is solved.
    
    What hasn't been solved are all those other little issues that tend to
    bite folks in the butt, such as loss of decryption key, cipher data
    corruption (without the possibility of partial or context providing
    reconstruction as would be possible with plain text), creating a data
    pool of data with a single trust (decryption keys), and of course (as
    Michael McKay mentioned, silent replacement of encryption key with a
    rogue key, which is probably the biggest threat. Your scripts 'shreds'
    the data in front of your keys and you might not notice if you don't
    check the integrity of the encryption key.
    
    Cheers,
    Frank
    
    
    
    



    This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 09:58:43 PST