Script with sensitive info

Steve Butler sbutler@fchn.com
Wed Jul 23 21:46:03 2003


At some point key information must be left in an automated script such that
a determined hacker could locate and retrieve any hidden information.  Worst
case for the hacker is to pretend they are the CPU and faithfully follow
every instruction in the script.

Having laid that groundwork, there are things you can do to discourage the
casual reader.  How may roadblocks you throw up will determine how many give
up before reaching the goal line.  It will also be an indication of how much
you value the hidden information.

1.  Place the data in an encrypted file and have your script decrypt it (you
must reveal the passphrase or go without a passphrase -- so a hacker could
also decrypt the file).

2.  You might find that just compressing the data and having your script
decompress it will be sufficient (and keep your passphrase secure).

3.  Combine a couple of steps such as gzip and xxd (hex dump) to store the
data in one or more files.  Reverse the process to read the data.

Just make sure that you and root are the only two accounts that can read the
files (and if you can find a way to prevent root -- let me know!).

-----Original Message-----
From: kynn@panix.com [mailto:kynn@panix.com]
Sent: Wednesday, July 23, 2003 11:19 AM
To: gnupg-users@gnupg.org
Subject: Script with sensitive info







I want to write a Perl script whose operation requires it to have some
sensitive information (bank account passwords, etc.).  This script is
meant to run non-interactively, so having it prompt the user for this
information is not an option.  Also, encrypting the file itself would
render the script uninterpretable by /usr/bin/perl.

Is there a way to use Gnupg to solve the problem of protecting this
script?  (I realize that the script is already protected by my Unix
account password, but I would like more protection than that.)

Thanks!

KJ


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.