Self Decrypting Archives
Thu Jun 19 21:17:02 2003
Very insecure. One could very easily strip off the self-decrypting shell and attach a tail-patched version that captures the secret key, or does something else with the contents (or your system).
SDA's are also incredibly platform-dependent.
They also have all the problems associated with shared-key encryption.
On Thursday, June 19, 2003, at 11:05AM, David Shaw <email@example.com> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>On Thu, Jun 19, 2003 at 12:28:09PM -0400, Jeff Herrin wrote:
>> I have been looking throught the docs and I can't find anything
>> related to the creation of Self Decrypting Archives. Does gnupg
>> support this? If so where can I find more information about to
>> generate an SDA?
>GnuPG does not support this, and likely will never support this. SDAs
>are wildly, tragically, insecure. Think about it: someone is sending
>you a *program* and saying "please run this for me!"
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.3rc1 (GNU/Linux)
>Comment: Key available at http://www.jabberwocky.com/david/keys.asc
>-----END PGP SIGNATURE-----
>Gnupg-users mailing list
886F 6A8A 68A1 5E90 EF3F 8EFA E2B8 3F99 7343 C1E3