Self Decrypting Archives

Gates, Scott
Thu Jun 19 19:38:02 2003

Point on the 'security' taken.  However, SDA's have their uses; they are
sometimes simpler than attempting to get the receiver to install GPG or PGP.

I have to send a couple of business related files to vendors.  All of this
is coordinated over the phone.  If the info is insecurely transmitted it's
my @$$(i.e. BIG JAIL TIME), but if the vendor's machine is trashed, it's the
vendor's problem.  See my point?   

I can talk someone through opening a SDA and I encourage them to Virus
Check.  Since convincing them to install GPG or purchase PGP-Corporate (I
use both) isn't going to happen, SDA's are all I have left.  

WINZIP 9.0 is supposedly going to support 256 & 128-bit AES encryption .
I'm not entirely sure how secure these are under a vigorous attack, but,
they're probably strong enough to count as a 'good faith effort' and keep my
@$$ out of jail.  

-----Original Message-----
From: David Shaw [] 
Sent: Thursday, June 19, 2003 1:06 PM
Subject: Re: Self Decrypting Archives

Hash: SHA1

On Thu, Jun 19, 2003 at 12:28:09PM -0400, Jeff Herrin wrote:

> I have been looking throught the docs and I can't find anything
> related to the creation of Self Decrypting Archives. Does gnupg
> support this? If so where can I find more information about to
> generate an SDA?

GnuPG does not support this, and likely will never support this.  SDAs
are wildly, tragically, insecure.  Think about it: someone is sending
you a *program* and saying "please run this for me!"

Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at


Gnupg-users mailing list