> I believe the original question involved more of a dynamic modification > of data on the machine's harddrive. If this is the case, and automatic > encryption/decryption would require the public/private keys. Actually, modification of the data isn't necessarily a large concern, so much as an intruder viewing the data. I actually hadn't quite thought of an intruder modifying the data though. But, since we are not only encrypting the data, but signing it as well (I hadn't mentioned that) then perhaps we are covered for that? > Which key is being used to encrypt the data? If the public key is being > used (and bear with me; my pgp theory is foggy this morning :), then > technically anyone that has that public key can corrupt your encrypted > data. If the private key was used, then anyone with the public key can > easily decrypt it. This means that both keys need to be kept "secret", > or am I mistaken on this? Encrypting with public key, signing with private. > Perhaps you should propose to your client a reevaluation of what exactly > you're trying to protect and then try to find an encryption solution > that more closely matches your requirements. This is the difficult part (imho). The client (like many) doesn't always know just what they want, just that they want things secure. From who? Why? How? They're not sure. They have another security consultant who is supposedly determining these (and I don't get insight into this). -- // Andrew MacKenzie | http://www.edespot.com // perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 11:25:38 PST