Re: PGP scripting...

From: Andrew MacKenzie (amackenzat_private)
Date: Wed Jan 08 2003 - 11:08:10 PST

Next message: Andrew MacKenzie: "Re: PGP scripting..."

Previous message: Chris Matthews: "RE: PGP scripting..."
In reply to: Keith Smith: "RE: PGP scripting..."
Next in thread: Marcin Owsiany: "Re: PGP scripting..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > > I think that client is probably worried about regular users 
> > > that will have access to the file system, rather than a
> > > determined external hacker.
> > 
> > How does the encrypting improve the security of storing the 
> > files in a directory, which is only readable by selected users, then?
> > 
> > They can only manage to read them, if they obtain that 
> > particular user's UID. But if they do it, they can probably 
> > also read /proc/N/mem, effectively bypassing the encryption.
> 
> 
> I was assuming that the files were sitting in a shared file system
> somewhere and were world readable.  Now I realise I was going out on a
> limb trying to guess the clients reasoning, but I couldn't think of any
> another reasons that explained the original request.
In my scenario, the files are not in a shared location, per se.  They are
being sent by an outside source to a sftp server, and then downloaded to an
internal machine where the processing will be done.  The production machine
won't be multi-user per se (we'll be the only ones on it).  We're also more
interested in 'external cracker' than 'internal sabotage'.  This was a
decision made by the client as well.  

I have made it clear to my client time and time again that the security of
that box will make a bigger difference in the long run than PGP encrypting
the files on it ever will (they implemented this PGP everything policy
before any other security policies).  

What I'm trying to do is determine for the future the best way to keep
files encrypted while still being able to access them through batch jobs
(no human interaction), and process their data (un-encrypt them only while
using them, but not storing a temporary un-encrypted form of the file).

It sounds like having a separate 'secure' box to handle the encryption
seems like a good way to go.  This at least centralizes ones private
key(s), and thus administration.  


-- 
// Andrew MacKenzie  |  http://www.edespot.com
// An intellectual snob is someone who can listen to the William Tell
// Overture and not think of The Lone Ranger.

application/pgp-signature attachment: stored

Next message: Andrew MacKenzie: "Re: PGP scripting..."
Previous message: Chris Matthews: "RE: PGP scripting..."
In reply to: Keith Smith: "RE: PGP scripting..."
Next in thread: Marcin Owsiany: "Re: PGP scripting..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 11:20:01 PST