RE: PGP scripting...

From: Jason Coombs (jasoncat_private)
Date: Wed Jan 08 2003 - 11:26:04 PST

  • Next message: Glenn_Everhartat_private: "RE: PGP scripting..."

    Aloha,
    
    The public key is derived from the private key. Anyone in possession of the
    private key is by definition also in possession of the public key. The same
    is not true in reverse, a party can possess the public key without the
    ability to (reasonably) discover the matching private key.
    
    The public key is normally used for encryption and the private key for
    decryption.
    
    The private key is used only for producing digital signatures, and I'm not
    certain that the private key can even be used for bulk encryption, I'm still
    a little unclear on this point with respect to the RSA algorithm.
    
    Sincerely,
    
    Jason Coombs
    jasoncat_private
    
    -----Original Message-----
    From: Chris Matthews [mailto:chrisat_private]
    Sent: Wednesday, January 08, 2003 4:14 AM
    To: 'Frank Knobbe'
    Cc: secprogat_private
    Subject: RE: PGP scripting...
    
    
    -----Original Message-----
    From: Frank Knobbe [mailto:fknobbeat_private]
    ....
    >So once the data has been encrypted on that box, the statement "If the
    >system is compromised, they have all the data they
    > need to get all the data." is not true since all they can get is the
    encrypted data.
    ....
    >Regards,
    >Frank
    
    
    <snip>
    
    I believe the original question involved more of a dynamic modification
    of data on the machine's harddrive.  If this is the case, and automatic
    encryption/decryption would require the public/private keys.
    
    Another thought just occurred to me for Andrew:
    
    Which key is being used to encrypt the data? If the public key is being
    used (and bear with me; my pgp theory is foggy this morning :), then
    technically anyone that has that public key can corrupt your encrypted
    data.  If the private key was used, then anyone with the public key can
    easily decrypt it.  This means that both keys need to be kept "secret",
    or am I mistaken on this?
    
    Perhaps you should propose to your client a reevaluation of what exactly
    you're trying to protect and then try to find an encryption solution
    that more closely matches your requirements.
    
    Cheers,
    Chris
    



    This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 14:35:18 PST