Self Decrypting Archives

Jeff Herrin
Thu Jun 19 23:09:02 2003

Nobody is actually clicking on anything. The file creation, the encryption,
the FTP transfers, the decryption is all done automatically by scripts that
are designed to specifically handle SDAs. I know they have the ability with
their commercial version of PGP to handle whatever I send them but their
system is specifically looking to read from an FTP folder and decrypt it as
an SDA.

Jeff Herrin
Alternate Image
----- Original Message ----- 
From: "David Shaw" <>
To: <>
Sent: Thursday, June 19, 2003 4:58 PM
Subject: Re: Self Decrypting Archives

> Hash: SHA1
> On Thu, Jun 19, 2003 at 04:22:56PM -0400, Gates, Scott wrote:
> > So, SDA's have saved my bacon on more than one occasion.  I have
> > started using GPG because it lets me call it remotely from an FTP script
> > the local host.  This way I can use JCL (batch to you DOS types) and run
> > file transfers from the master scheduler. This is fine when the
> > can receive encrypted e-mail attachments, or FTP.  But the few that need
> > LOTS of hand holding to open an e-mail attachment are the ones who give
> > the most headaches, and are also the ones who won't install software.
> But a SDA *is* "installing" something.  What do they think happens
> when they click on it?
> Try this:
> > If you really wanted to, you could even send your receiver a zip file
> > containing the "gpg" binary, plus the encrypted file, and a batch file
> > that contained something like "gpg theencryptedfile.gpg".  Poof:
> > instant SDA.  Of course, it's still insecure ;)
> It works, and the end result is a SDA.
> David
> Version: GnuPG v1.2.3rc1 (GNU/Linux)
> Comment: Key available at
> iD8DBQE+8iPf4mZch0nhy8kRAvTIAJ9QGZG607c5SVRcbGwG+FK98/dNigCgh9Mv
> pgBYhqNgP4KDpWvJaQwO8SY=
> =Xn8x
> _______________________________________________
> Gnupg-users mailing list