Does GnuGP have a Self Decrypting Archive?

Charles Duffy cduffy at mvista.com
Wed Dec 6 13:55:40 CET 2000


On Wed, Dec 06, 2000 at 12:42:47PM -0800, Rodney Thayer wrote:
> At 06:39 PM 12/5/00 +0100, Florian Weimer wrote:
> >"Pisciotta, Steve (AZ75)" <steve.pisciotta at honeywell.com> writes:
> >
> > > I was wondering if GnuGP have a Self Decrypting Archive? I couldn't find
> > > anything in the literature.
> >
> >No. Distributing self-decrypting executables is nothing but a bad
> >joke: Either the recipient is able to check the integrity (which means
> >he's got access to a real crypto tool and you could use this one from
> >the start), or he isn't, and he has to run a program which maybe has
> >been tampered with during transmission---oops.
>
> If you send people a detached sigature and an executable
> then they can check before executing.  There are lots of reasons
> you want a self-extracting executable (like the 30 million lame
> directories that Linux wants shell scripts dropped in...)
> 
> So... while indiscriminately executing random executables is
> a Very Bad Thing, being able to self-extract an encrypted blob
> can be quite useful.

Only if the decryption and signature verification is done separately
from the extraction. If the decryption or verification logic is
included inside the self-extracting archive, then the validity of the
extracted data or signature "verification" is suddenly in question.
That is to say, it totally voids the tamper-resistance afforded by
encryption, as a 3rd party could make an archive that looks just like
yours to the recipient but contains different data.

If all you want is to take a blob of encrypted data and make a
self-extracting archive with it (which, when run, recreates that blob
of encrypted data), fine, use one of the available 3rd-party tools to
do that -- it's not GnuPG's job, though. If you want that executible
which is distributed with your data to actually contain a copy of the
decryption/verification code, then you need to rethink the idea --
it's dangerous.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : /pipermail/attachments/20001206/b6399f1f/attachment.bin


More information about the Gnupg-devel mailing list