Using GnuPG on shared virtual hosts -

Simpson, Sam
Tue, 18 Jan 2000 10:58:26 +0000

Hash: SHA1

> -----Original Message-----
> From: John Woodman []
> Sent: 17 January 2000 22:44
> To:
> Subject: Using GnuPG on shared virtual hosts -
> Hi, I've just recently joined the GnuPG list and was going to
> around just a bit before posting, but the last post was so
> close to some
> of my own questions I just have to jump in here! :-)
> First, thanks for what looks to be a terrific product.
Doesn't it just?
> Like "G Nielson" who just posted, I'm wanting to use GnuPG in a
> virtual hosting situation(s). In my case, it's to encrypt
> info for a small store - both for logging to a file and for
> sending via
> encrypted e-mail to my budding e-commerce merchant.
ok. Can you clarify: will you be signing the messages or not???? I'd expect so (to prevent spoofing of transactions!) and if you are then this (very...) slightly evens things up - ElGamal signatures are quicker to produce than RSA signatures.
> 1) One of my big concerns has to do with the processor time
> I'm worried that my hosting company may find processing time
> and either shut the account down or ask for more money. Has
> anyone been
> using GnuPG in such a shared virtual web hosting situation? Any
> suggestions?
Use a small key that still offers sufficient security for this kind of work - 1,024-bits will do nicely I'd suggest. Actually try this out (with the co-operation of the ISP/hosting service) and see if the performance is poor / unacceptable to the hosting service. On a P166, GPG takes 10 seconds to encrypt to a (excessively large...) 3,072-bit key but only .58 seconds to encrypt to a more reasonable 1,024-bit key. On the same machine, encrypting to a 2048-bit RSA key takes just .08 seconds. Hhhmmmm.
> 2) One thing I noted too, reading the literature, was that
> ElGamal takes
> about 10 times the processing time of the RSA algorithm. I'm
> that this in particular could make things difficult for a
> busy online store.
It's true - ElGamal is intrinsically far slower than RSA for encryption. Decryption is slower under RSA than with ElGamal, but this will not be done in such a constrained environment and will thus not matter as much.
> I suppose one could work around this by configuring things to
stack up
> transactions and only send one e-mail per day to the
> merchant, but then
> you would have to first store the transactions in an
> unencrypted format
> on the server, which sort of defeats the purpose of using
> encryption --
> especially given how easy it seems for hackers to get into
> systems... :-(
> In that light, given the much higher security-per-clock-cycle,
I was
> wondering whether there are plans to incorporate the RSA
algorithm as
> second option starting in September?
I can see no reason that RSA won't be supported in Sept, but I don't know of Werners thoughts on this? If you live outside of the US then you can legally use RSA now as RSA is only patented in the US....
> Looking forward to being a part of this list,
> John Woodman
Welcome to the list! Regards, Sam Simpson Communications Analyst - -- for ScramDisk hard-drive encryption & Delphi Crypto Components. PGP Keys available at the same site. -----BEGIN PGP SIGNATURE----- Version: 6.0.2ckt iQA/AwUBOIRHzO0ty8FDP9tPEQKJGQCeN0wZNzr1TnHdp8vX8YqcYYJM2n4AnjKJ rFgkAflJcn9KskjQsXo62Dbp =+/c3 -----END PGP SIGNATURE-----