Self Decrypting Archives
Thu Jun 19 19:38:02 2003
Point on the 'security' taken. However, SDA's have their uses; they are
sometimes simpler than attempting to get the receiver to install GPG or PGP.
I have to send a couple of business related files to vendors. All of this
is coordinated over the phone. If the info is insecurely transmitted it's
my @$$(i.e. BIG JAIL TIME), but if the vendor's machine is trashed, it's the
vendor's problem. See my point?
I can talk someone through opening a SDA and I encourage them to Virus
Check. Since convincing them to install GPG or purchase PGP-Corporate (I
use both) isn't going to happen, SDA's are all I have left.
WINZIP 9.0 is supposedly going to support 256 & 128-bit AES encryption .
I'm not entirely sure how secure these are under a vigorous attack, but,
they're probably strong enough to count as a 'good faith effort' and keep my
@$$ out of jail.
From: David Shaw [mailto:email@example.com]
Sent: Thursday, June 19, 2003 1:06 PM
Subject: Re: Self Decrypting Archives
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, Jun 19, 2003 at 12:28:09PM -0400, Jeff Herrin wrote:
> I have been looking throught the docs and I can't find anything
> related to the creation of Self Decrypting Archives. Does gnupg
> support this? If so where can I find more information about to
> generate an SDA?
GnuPG does not support this, and likely will never support this. SDAs
are wildly, tragically, insecure. Think about it: someone is sending
you a *program* and saying "please run this for me!"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
-----END PGP SIGNATURE-----
Gnupg-users mailing list