Self Decrypting Archives

vedaal@hush.com vedaal@hush.com
Fri Jun 20 00:24:03 2003 


>Message: 11
>Date: Thu, 19 Jun 2003 16:58:07 -0400
>From: David Shaw <dshaw@jabberwocky.com>
>To: "'Gnupg-users@gnupg.org'" <Gnupg-users@gnupg.org>
>Subject: Re: Self Decrypting Archives
[...]
>> If you really wanted to, you could even send your receiver a zip
>file
>> containing the "gpg" binary, plus the encrypted file, and a batch
>file
>> that contained something like "gpg theencryptedfile.gpg".  Poof:
>> instant SDA.  Of course, it's still insecure ;)
>
>It works, and the end result is a SDA.
[...]

just curious,

other than making a .exe file of what would otherwise be batch files,

what does the pgp sda do differently?

it seems as if it would need just a watered-down binary for symmetric
decryption only

in your idea, wouldn't it also be possible to make a much smaller binary
for the same symmetric decryption, and send it as a batch file, with
the same instructions/caveats as for an sda,

i.e. "caution, this runs code on your computer, and is not a secure way
of doing things, but here is the encrypted file you asked for anyway"


a practical way that sda's are done 'sort-of' securely, for multiple
large files,
is that they are all written as sda's onto a cdrw, sent by certified
registered mail, and confirmed by phone by the receiver calling the sender
upon receipt of the packet.

the insecurity of the executable still does not compromise the secrecy
of the files, 

and it is a nice way to be able to send confidential correspondence to
those who are  reluctant to take the initial step into encryption .

eventually, as they appreciate the protected communication, and find
that they can't send confidential replies back,
then they might take the step, and no longer need it.

would it be so terrible to have gnupg make this available?
{it can even include a full rant in blinking yellow text on red background
about the insecure nature of the application ;-)}

with Respect,

vedaal





Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427