Self Decrypting Archives

Gates, Scott
Thu Jun 19 23:32:02 2003

At that point, I really don't care.  My job is to get them data in a timely
fashion. If I don't get them that data, I lose my job. (That's bad.) I must
get them that data without allowing anyone else to read it.  If someone else
reads it*, I lose my job AND go to jail.  (THAT'S MUCH WORSE.) 

I have neither the time, nor the political pull** to FORCE the vendors
receiving the data to use any certain encryption software.  So, if I have to
sneak the necessary software in through an SDA, that's fine with me.  I
neither lose my job, nor go to jail for it.  

 *assuming the Federal auditors find out.
**And YES, I HAVE been FIRED for refusing to break the law on behalf of my
employer.  That's not fun either.  

-----Original Message-----
From: David Shaw [] 
Sent: Thursday, June 19, 2003 4:58 PM
To: ''
Subject: Re: Self Decrypting Archives

Hash: SHA1

On Thu, Jun 19, 2003 at 04:22:56PM -0400, Gates, Scott wrote:

> So, SDA's have saved my bacon on more than one occasion.  I have recently
> started using GPG because it lets me call it remotely from an FTP script
> the local host.  This way I can use JCL (batch to you DOS types) and run
> file transfers from the master scheduler. This is fine when the recipient
> can receive encrypted e-mail attachments, or FTP.  But the few that need
> LOTS of hand holding to open an e-mail attachment are the ones who give me
> the most headaches, and are also the ones who won't install software. 

But a SDA *is* "installing" something.  What do they think happens
when they click on it?

Try this:

> If you really wanted to, you could even send your receiver a zip file
> containing the "gpg" binary, plus the encrypted file, and a batch file
> that contained something like "gpg theencryptedfile.gpg".  Poof:
> instant SDA.  Of course, it's still insecure ;)

It works, and the end result is a SDA.

Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at


Gnupg-users mailing list