Self Decrypting Archives
Fri Jun 20 00:47:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, Jun 19, 2003 at 03:23:53PM -0700, firstname.lastname@example.org wrote:
> >Message: 11
> >Date: Thu, 19 Jun 2003 16:58:07 -0400
> >From: David Shaw <email@example.com>
> >To: "'Gnupgfirstname.lastname@example.org'" <Gnupgemail@example.com>
> >Subject: Re: Self Decrypting Archives
> >> If you really wanted to, you could even send your receiver a zip
> >> containing the "gpg" binary, plus the encrypted file, and a batch
> >> that contained something like "gpg theencryptedfile.gpg". Poof:
> >> instant SDA. Of course, it's still insecure ;)
> >It works, and the end result is a SDA.
> just curious,
> other than making a .exe file of what would otherwise be batch files,
> what does the pgp sda do differently?
> it seems as if it would need just a watered-down binary for symmetric
> decryption only
> in your idea, wouldn't it also be possible to make a much smaller binary
> for the same symmetric decryption, and send it as a batch file, with
> the same instructions/caveats as for an sda,
That's why I'm confused that what PGP creates is an "SDA", and a
self-extracting zip file containing gpg, an encrypted file, and an
autorun command to decrypt the file somehow isn't an "SDA". All "SDA"
is is a "(S)elf (D)ecrypting (A)rchive". There is no magic there.
> a practical way that sda's are done 'sort-of' securely, for multiple
> large files, is that they are all written as sda's onto a cdrw, sent
> by certified registered mail, and confirmed by phone by the receiver
> calling the sender upon receipt of the packet.
The problem is that there is no way to do it in a portable manner.
Linux executables won't run on Windows, Windows executables won't run
on FreeBSD, etc, etc. It would be very easy for someone to make their
own SDAs by self-extracting-zipping together the encrypted file, and
the decryption engine, but that's not really the point of GnuPG.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
-----END PGP SIGNATURE-----