Self Decrypting Archives

Joseph Bruni jbruni@mac.com
Thu Jun 19 21:17:02 2003


Very insecure. One could very easily strip off the self-decrypting shell and attach a tail-patched version that captures the secret key, or does something else with the contents (or your system).

SDA's are also incredibly platform-dependent.

They also have all the problems associated with shared-key encryption.





On Thursday, June 19, 2003, at 11:05AM, David Shaw <dshaw@jabberwocky.com> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Thu, Jun 19, 2003 at 12:28:09PM -0400, Jeff Herrin wrote:
>
>> I have been looking throught the docs and I can't find anything
>> related to the creation of Self Decrypting Archives. Does gnupg
>> support this? If so where can I find more information about to
>> generate an SDA?
>
>GnuPG does not support this, and likely will never support this.  SDAs
>are wildly, tragically, insecure.  Think about it: someone is sending
>you a *program* and saying "please run this for me!"
>
>David
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.3rc1 (GNU/Linux)
>Comment: Key available at http://www.jabberwocky.com/david/keys.asc
>
>iD8DBQE+8e1r4mZch0nhy8kRAr0dAKCNvR0KFBbkTwcWAZBShqmGcVgcqgCeI9sN
>ulWaCGDOhPwDMOYXE/2j5aE=
>=3iTi
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
 

-- 
PGP Fingerprint:
886F 6A8A 68A1 5E90 EF3F  8EFA E2B8 3F99 7343 C1E3