mobile GPG installation
Werner Koch
wk@gnupg.org
Mon May 12 16:05:02 2003
On Mon, 12 May 2003 09:14:40 -0400, Adam Pavelec said:
> Speaking of which, has anyone been working on such a tool that
> uses GnuPG? The ability to create Self-Decrypting Archives
> comes in quite handy when dealing with luddites.
We have talked about this here several times. GnuPG won't provide
such a thing for 4 reasons:
1. It is not secure and can easily be attacked (replacing the
decryption code by custom code which sends the passphrase back to
the attacker).
2. It gives a false sense of security.
3. It is not portable - a sender does not necessary know on what
platform the recipient wants to unpack/decrypt the document.
Well, ia32 is a good guess but tehre are a lot of users with PDA
using a non-ia32 CPU. And of course there is not only Windows.
4. It is easier to install an real crypto application and use this
to decrypt something. Nobody would sends a PDF reader along with
a PDF document.
Shalom-Salam,
Werner
--
Nonviolence is the greatest force at the disposal of
mankind. It is mightier than the mightiest weapon of
destruction devised by the ingenuity of man. -Gandhi