Self Decrypting Archives

Gates, Scott SGates@olbh.com
Thu Jun 19 19:38:02 2003


Point on the 'security' taken.  However, SDA's have their uses; they are
sometimes simpler than attempting to get the receiver to install GPG or PGP.


I have to send a couple of business related files to vendors.  All of this
is coordinated over the phone.  If the info is insecurely transmitted it's
my @$$(i.e. BIG JAIL TIME), but if the vendor's machine is trashed, it's the
vendor's problem.  See my point?   

I can talk someone through opening a SDA and I encourage them to Virus
Check.  Since convincing them to install GPG or purchase PGP-Corporate (I
use both) isn't going to happen, SDA's are all I have left.  

WINZIP 9.0 is supposedly going to support 256 & 128-bit AES encryption .
I'm not entirely sure how secure these are under a vigorous attack, but,
they're probably strong enough to count as a 'good faith effort' and keep my
@$$ out of jail.  



-----Original Message-----
From: David Shaw [mailto:dshaw@jabberwocky.com] 
Sent: Thursday, June 19, 2003 1:06 PM
To: gnupg-users@gnupg.org
Subject: Re: Self Decrypting Archives

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Jun 19, 2003 at 12:28:09PM -0400, Jeff Herrin wrote:

> I have been looking throught the docs and I can't find anything
> related to the creation of Self Decrypting Archives. Does gnupg
> support this? If so where can I find more information about to
> generate an SDA?

GnuPG does not support this, and likely will never support this.  SDAs
are wildly, tragically, insecure.  Think about it: someone is sending
you a *program* and saying "please run this for me!"

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE+8e1r4mZch0nhy8kRAr0dAKCNvR0KFBbkTwcWAZBShqmGcVgcqgCeI9sN
ulWaCGDOhPwDMOYXE/2j5aE=
=3iTi
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users