Self Decrypting Archives

[David Shaw]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Jun 19, 2003 at 04:14:47PM -0400, Jeff Herrin wrote:

> As far as the reason for the SDA's, it's not really my idea. We do
> booking engines and 3rd Party portal connectivity for hotels (3rd
> party portals are like Expedia, Travelocity, etc). One of our
> partner companies is responsible for broadcasting each hotel's rates
> and availability to these portals. I communicate the date to them
> through files that our systems FTP back and forth. Their system
> makes the files intp an SDA. I can decrypt it successfully using the
> pgpreader they provided, but I need to be able to create a similar
> SDA when I create my file that I upload to them. I an not likely
> going to be able to change their system. I was hoping to find a
> linux based open source pgp implimentation that will do SDA's for
> me. I understand the security risks, but I'm not really approaching
> this much from a security standpoint, but from a need to match the
> broadcast specification. There's really no sensitive data in these
> packets so I'm not sure why they even bother encrypting them. If
> gnupg doesn't support SDA's does anyone know of another method of
> producing them short of buying the commercial PGP version?

This doesn't make complete sense.  If the person you are communicating
with has PGP and uses it to send you a SDA, why would you want to send
a SDA back?  Your partner has PGP.. just send them a regular old
OpenPGP message.

In any event, GnuPG can be used to make SDAs.  Just make a zip file
that contains the encrypted file and the gpg binary itself.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE+8iNA4mZch0nhy8kRAmdoAKCTiQV+NR1WdGH1ihO60Hdzha9LwQCg3GLv
1CKZHKfllXqS7ZgEsaZr1ug=
=Y2vY
-----END PGP SIGNATURE-----