Self Decrypting Archives

Gates, Scott SGates@olbh.com
Thu Jun 19 22:25:03 2003 

Because you can't make a vendor install a piece of software, free, licensed,
unlicensed, etc .  They just won't do it. Also, most of the people I'm
dealing with are not in the least technically inclined.   

Spreadsheets is programmin' to them.  (I cringe when I think about someone
asking me to "program an excel file" for them. --- I'm gonna need lots of
therapy---just look at my eye twitch.)  You know the ones who take classes
to be 'certified' to send and receive e-mail, then proudly hang the
certificates of completion next to their college diploma.   (TWITCH
TWITCH--- It's getting worse).  

So, SDA's have saved my bacon on more than one occasion.  I have recently
started using GPG because it lets me call it remotely from an FTP script on
the local host.  This way I can use JCL (batch to you DOS types) and run my
file transfers from the master scheduler. This is fine when the recipient
can receive encrypted e-mail attachments, or FTP.  But the few that need
LOTS of hand holding to open an e-mail attachment are the ones who give me
the most headaches, and are also the ones who won't install software. 


-----Original Message-----
From: David Shaw [mailto:dshaw@jabberwocky.com] 
Sent: Thursday, June 19, 2003 2:56 PM
To: 'Gnupg-users@gnupg.org'
Subject: Re: Self Decrypting Archives

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Jun 19, 2003 at 01:36:23PM -0400, Gates, Scott wrote:
> Point on the 'security' taken.  However, SDA's have their uses; they are
> sometimes simpler than attempting to get the receiver to install GPG or
PGP.
> 
> 
> I have to send a couple of business related files to vendors.  All of this
> is coordinated over the phone.  If the info is insecurely transmitted it's
> my @$$(i.e. BIG JAIL TIME), but if the vendor's machine is trashed, it's
the
> vendor's problem.  See my point?   
> 
> I can talk someone through opening a SDA and I encourage them to Virus
> Check.  Since convincing them to install GPG or purchase PGP-Corporate (I
> use both) isn't going to happen, SDA's are all I have left.  

I'm curious why installing GnuPG isn't a viable option.  (I assume
this is a Windows platform).  I certainly understand the resistance to
install a new program under Windows, but given the use you are talking
about (regular symmetric encryption of a file) GnuPG doesn't need to
be "installed" to be used.  Just unzip the archive and you can run the
'gpg' program.  No installation necessary, and to "uninstall" just
throw the program in the trash.

If you really wanted to, you could even send your receiver a zip file
containing the "gpg" binary, plus the encrypted file, and a batch file
that contained something like "gpg theencryptedfile.gpg".  Poof:
instant SDA.  Of course, it's still insecure ;)

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE+8gdb4mZch0nhy8kRAkjYAKCuFCEONMOXi3PRx6n2yYQcacDOuQCfQVVy
dqH74ahBKHtXYQMS0q44fiA=
=sMGc
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users